Gathering detailed insights and metrics for @serenity-js/core
Gathering detailed insights and metrics for @serenity-js/core
Installations
npm install @serenity-js/coreDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
^18.12 || ^20 || ^22
Typescript Support
Yes
Node Version
22.11.0
NPM Version
lerna/6.6.2/node@v22.11.0+x64 (linux)
Statistics
564 Stars
7,287 Commits
161 Forks
36 Watching
47 Branches
45 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (97.71%)
JavaScript (1.06%)
HTML (0.91%)
Gherkin (0.29%)
Makefile (0.03%)
Total Downloads
Cumulative downloads
Total Downloads
3,545,499
Last day
76.3%
5,017
Compared to previous day
Last week
-2%
20,606
Compared to previous week
Last month
60.2%
107,999
Compared to previous month
Last year
11.2%
1,006,734
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
11
Versions
Serenity/JS
Serenity/JS is an innovative framework designed to make acceptance and regression testing of complex software systems faster, more collaborative and easier to scale.
To get started, check out the comprehensive Serenity/JS Handbook, API documentation, and Serenity/JS project templates on GitHub.
If you have any questions or just want to say hello, join the Serenity/JS Community Chat.
Stay up to date
New tutorials and videos are coming soon, follow Serenity/JS on LinkedIn and subscribe to Serenity/JS YouTube channel to get notified when they're available!
Your feedback matters!
Do you find Serenity/JS useful? Give it a ⭐ star on GitHub!
Found a bug? Need a feature? Raise an issue or submit a pull request.
Have feedback? Let me know on LinkedIn or leave a comment in Serenity/JS discussions on GitHub
If you'd like to chat with fellow users of Serenity/JS, join us on Serenity/JS Community Chat.
Support Serenity/JS
Serenity/JS is a free open-source framework, so we rely on our wonderful GitHub sponsors to keep the lights on.
If you appreciate all the effort that goes into making sophisticated tools easy to work with, please support our work and become a Serenity/JS GitHub Sponsor today!
For corporate sponsorship or commercial support, please contact Jan Molak.
License
The Serenity/JS code base is licensed under the Apache-2.0 license, while its documentation and the Serenity/JS Handbook are licensed under the Creative Commons BY-NC-SA 4.0 International. Learn more.
- Copyright © 2016- Jan Molak and the Serenity Team
Serenity/JS is available as part of your Tidelift subscription
Tidelift helps make open source sustainable for maintainers while giving companies
assurances about security, maintenance, and licensing for their dependencies.
Tidelift helps make open source sustainable for maintainers while giving companies
assurances about security, maintenance, and licensing for their dependencies.
No vulnerabilities found.
Reason
30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
no binaries found in the repo
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 23 are checked with a SAST tool
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main-integration-test-step.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/serenity-js/serenity-js/main-integration-test-step.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main-node-step.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/serenity-js/serenity-js/main-node-step.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/serenity-js/serenity-js/main.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/serenity-js/serenity-js/main.yaml/main?enable=pin
- Warn: containerImage not pinned by hash: .gitpod/.gitpod.Dockerfile:1: pin your Docker image by updating gitpod/workspace-full-vnc to gitpod/workspace-full-vnc@sha256:f48a53a3ce0f1cf26830fab629572fcb4f749855a8507f51970d7984e2a83f46
- Warn: npmCommand not pinned by hash: .gitpod/.gitpod.Dockerfile:76
- Info: 18 out of 18 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 7 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
Found 1/9 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yaml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yaml:22
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/main.yaml:237
- Warn: no topLevel permission defined: .github/workflows/chore-delete-old-workflows.yaml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yaml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/main-integration-test-step.yaml:56
- Info: topLevel 'contents' permission set to 'read': .github/workflows/main-node-step.yaml:52
- Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yaml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-commitlint.yaml:9
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More