Official Sentry SDKs for JavaScript
Installations
npm install @sentry-internal/feedback
Score
97.9
Supply Chain
78.8
Quality
99.6
Maintenance
100
Vulnerability
100
License
Developer
Developer Guide
Module System
CommonJS, ESM
Min. Node Version
>=14.18
Typescript Support
Yes
Node Version
20.18.1
NPM Version
10.8.2
Statistics
8,017 Stars
10,598 Commits
1,586 Forks
125 Watching
343 Branches
722 Contributors
Updated on 28 Nov 2024
Bundle Size
58.35 kB
Minified
19.77 kB
Minified + Gzipped
Languages
TypeScript (91.64%)
JavaScript (6.39%)
HTML (0.65%)
C++ (0.5%)
CSS (0.19%)
Svelte (0.18%)
Vue (0.15%)
Astro (0.12%)
Shell (0.09%)
Handlebars (0.09%)
Python (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
148,437,477
Last day
-3.4%
913,216
Compared to previous day
Last week
3.9%
4,932,255
Compared to previous week
Last month
11.4%
20,329,484
Compared to previous month
Last year
570,143%
148,411,451
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
1
Bad software is everywhere, and we're tired of it. Sentry is on a mission to help developers write better software faster, so we can get back to enjoying technology. If you want to join us Check out our open positions
Official Sentry SDKs for JavaScript
This is the next line of Sentry JavaScript SDKs, comprised in the @sentry/
namespace. It will provide a more
convenient interface and improved consistency between various JavaScript environments.
Links
Contents
Supported Platforms
For each major JavaScript platform, there is a specific high-level SDK that provides all the tools you need in a single package. Please refer to the README and instructions of those SDKs for more detailed information:
@sentry/browser
: SDK for Browsers@sentry/node
: SDK for Node including integrations for Express@sentry/angular
: Browser SDK for Angular@sentry/astro
: SDK for Astro@sentry/ember
: Browser SDK for Ember@sentry/react
: Browser SDK for React@sentry/svelte
: Browser SDK for Svelte@sentry/sveltekit
: SDK for SvelteKit@sentry/vue
: Browser SDK for Vue@sentry/solid
: Browser SDK for Solid@sentry/gatsby
: SDK for Gatsby@sentry/nestjs
: SDK for NestJS@sentry/nextjs
: SDK for Next.js@sentry/remix
: SDK for Remix@sentry/aws-serverless
: SDK for AWS Lambda Functions@sentry/google-cloud-serverless
: SDK for Google Cloud Functions@sentry/electron
: SDK for Electron with support for native crashes@sentry/react-native
: SDK for React Native with support for native crashes@sentry/capacitor
: SDK for Capacitor Apps and Ionic with support for native crashes@sentry/bun
: SDK for Bun@sentry/deno
: SDK for Deno@sentry/cloudflare
: SDK for Cloudflare
Version Support Policy
The current version of the SDK is 8.x. Version 7.x of the SDK will continue to receive critical bugfixes until end of 2024.
Installation and Usage
To install a SDK, simply add the high-level package, for example:
1npm install --save @sentry/browser 2yarn add @sentry/browser
Setup and usage of these SDKs always follows the same principle.
1import * as Sentry from '@sentry/browser'; 2 3Sentry.init({ 4 dsn: '__DSN__', 5 // ... 6}); 7 8Sentry.captureMessage('Hello, world!');
Other Packages
Besides the high-level SDKs, this repository contains shared packages, helpers and configuration used for SDK development. If you're thinking about contributing to or creating a JavaScript-based SDK, have a look at the resources below:
@sentry-internal/replay
: Provides the integration for Session Replay.@sentry/core
: The base for all JavaScript SDKs with interfaces, type definitions and base classes.
Bug Bounty Program
Our bug bounty program aims to improve the security of our open source projects by encouraging the community to identify and report potential security vulnerabilities. Your reward will depend on the severity of the identified vulnerability.
Our program is currently running on an invitation basis. If you're interested in participating, please send us an email to security@sentry.io and tell us, that you are interested in auditing this repository.
For more details, please have a look at https://sentry.io/security/#vulnerability-disclosure.
Contributors
Thanks to everyone who contributed to the Sentry JavaScript SDK!
No vulnerabilities found.
Reason
30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/getsentry/.github/SECURITY.md:1
- Info: Found linked content: github.com/getsentry/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/getsentry/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/getsentry/.github/SECURITY.md:1
Reason
binaries present in source code
Details
- Warn: binary detected: dev-packages/browser-integration-tests/suites/wasm/simple.wasm:1
- Warn: binary detected: packages/profiling-node/bin/darwin-arm64-130/profiling-node.node:1
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 2 commits out of 30 are checked with a SAST tool
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:65
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/cleanup-pr-caches.yml:13
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/cleanup-pr-caches.yml:14
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/external-contributors.yml:14
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/gitflow-sync-develop.yml:23
- Warn: no topLevel permission defined: .github/workflows/auto-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/canary.yml:24
- Warn: no topLevel permission defined: .github/workflows/cleanup-pr-caches.yml:1
- Warn: no topLevel permission defined: .github/workflows/clear-cache.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/enforce-license-compliance.yml:1
- Warn: no topLevel permission defined: .github/workflows/external-contributors.yml:1
- Warn: no topLevel permission defined: .github/workflows/flaky-test-detector.yml:1
- Warn: no topLevel permission defined: .github/workflows/gitflow-sync-develop.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-package-label.yml:1
- Warn: no topLevel permission defined: .github/workflows/project-automation.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-comment-issues.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-size-info.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 8.41.0 not signed: https://api.github.com/repos/getsentry/sentry-javascript/releases/187815119
- Warn: release artifact 8.41.0-beta.1 not signed: https://api.github.com/repos/getsentry/sentry-javascript/releases/187420059
- Warn: release artifact 8.40.0 not signed: https://api.github.com/repos/getsentry/sentry-javascript/releases/186830144
- Warn: release artifact 8.41.0-beta.0 not signed: https://api.github.com/repos/getsentry/sentry-javascript/releases/186736634
- Warn: release artifact 8.39.0 not signed: https://api.github.com/repos/getsentry/sentry-javascript/releases/186226712
- Warn: release artifact 8.41.0 does not have provenance: https://api.github.com/repos/getsentry/sentry-javascript/releases/187815119
- Warn: release artifact 8.41.0-beta.1 does not have provenance: https://api.github.com/repos/getsentry/sentry-javascript/releases/187420059
- Warn: release artifact 8.40.0 does not have provenance: https://api.github.com/repos/getsentry/sentry-javascript/releases/186830144
- Warn: release artifact 8.41.0-beta.0 does not have provenance: https://api.github.com/repos/getsentry/sentry-javascript/releases/186736634
- Warn: release artifact 8.39.0 does not have provenance: https://api.github.com/repos/getsentry/sentry-javascript/releases/186226712
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/build.yml:600
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/auto-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/auto-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/auto-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:369: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:373: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:390: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:435: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:439: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:725: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:729: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1129: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:1133: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1138: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1151: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1158: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1016: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:1019: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1023: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1032: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1078: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:1088: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:463: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:472: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:494: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:639: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:643: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:664: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:675: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:687: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:691: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:809: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:814: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:818: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:826: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:846: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:857: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:894: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:897: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:901: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:906: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:913: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:954: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:968: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:980: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:321: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:334: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:344: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:579: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:583: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:603: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:614: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1394: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1399: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1404: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1426: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:1507: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:253: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:404: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:408: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:412: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:509: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:512: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:515: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:767: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:771: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/canary.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/canary.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/canary.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/canary.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/canary.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/canary.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/canary.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanup-pr-caches.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/cleanup-pr-caches.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clear-cache.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/clear-cache.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clear-cache.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/clear-cache.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/codeql-analysis.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/enforce-license-compliance.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/enforce-license-compliance.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/external-contributors.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/external-contributors.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/external-contributors.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/external-contributors.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-detector.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/flaky-test-detector.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-detector.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/flaky-test-detector.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-detector.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/flaky-test-detector.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/flaky-test-detector.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/flaky-test-detector.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-detector.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/flaky-test-detector.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gitflow-sync-develop.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/gitflow-sync-develop.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gitflow-sync-develop.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/gitflow-sync-develop.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gitflow-sync-develop.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/gitflow-sync-develop.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-package-label.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/issue-package-label.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-package-label.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/issue-package-label.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-package-label.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/issue-package-label.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-comment-issues.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/release-comment-issues.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-size-info.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/release-size-info.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/getsentry/sentry-javascript/release.yml/develop?enable=pin
- Warn: containerImage not pinned by hash: dev-packages/e2e-tests/Dockerfile.publish-packages:3
- Info: 4 out of 93 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 31 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
40 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-593m-55hh-j8gv
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-g5m6-hxpp-fc49
- Warn: Project is vulnerable to: GHSA-mh2x-fcqh-fmqv
- Warn: Project is vulnerable to: GHSA-rjjv-87mx-6x3h
- Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
- Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-m85w-3h95-hcf9
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-wxhq-pm8v-cw75
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-8266-84wp-wv5c
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-92r3-m2mg-pj97
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Score
5.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More