npmpackage.info

Gathering detailed insights and metrics for @shepherdorg/docker-image-metadata-loader

@shepherdorg/docker-image-metadata-loader

Monorepo for custom npm packages for Shepherd

5.2.0

TypeScript

243.57 kB

12,360 2

Installations

npm install @shepherdorg/docker-image-metadata-loader

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Node Version

12.22.7

NPM Version

lerna/3.22.1/node@v12.22.7+x64 (linux)

Score

55.8

Supply Chain

58.2

Quality

74.2

Maintenance

Vulnerability

78.7

License

Pull Requests

Open

11

Total

55

Closed

19

Merged

25

Issues

Open

4

Total

12

Closed

8

Releases

Unable to fetch releases

Contributors

View all 4 contributors

Languages

TypeScript

Shell

JavaScript

Dockerfile

TypeScript (87%)

Shell (7.15%)

JavaScript (5.19%)

Dockerfile (0.66%)

Developer

ShepherdOrg

Download Statistics

Total Downloads

12,360

Last Day

Last Week

Last Month

Last Year

1,367

GitHub Statistics

2 Stars

468 Commits

3 Forks

2 Watching

22 Branches

4 Contributors

Bundle Size

890.67 kB

Minified

243.57 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

5.2.0

Package Id

@shepherdorg/docker-image-metadata-loader@5.2.0

Unpacked Size

69.97 kB

Size

15.72 kB

File Count

NPM Version

lerna/3.22.1/node@v12.22.7+x64 (linux)

Node Version

12.22.7

Total Downloads

Cumulative downloads

Total Downloads

12,360

Last day

100%

Compared to previous day

Last week

-33.3%

Compared to previous week

Last month

-35.9%

Compared to previous month

Last year

-58.6%

1,367

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@shepherdorg/ts-exec lodash request request-promise

Dev Dependencies

@types/chai @types/lodash @types/mocha @types/node chai mocha prettier ts-node typescript

Versions

ERROR: No README data found!

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

5

Maintained

Determines if the project is "actively maintained".

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

License

Determines if the project has defined a license.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: containerImage not pinned by hash: examples/images/insufficient-deployment-data/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: examples/images/plain-deployer-repo/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: examples/images/public-repo-with-deployment-dir/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: examples/images/public-repo-with-kube-yaml/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: examples/images/sample-myip-api/Dockerfile:2: pin your Docker image by updating gulli/cloudformation-deployer:0.1-13 to gulli/cloudformation-deployer:0.1-13@sha256:a1cecfaaf39950698c98c27f2a7552cbfcdde6e5ecb96cabeeb8d58ec4ec69af
Warn: containerImage not pinned by hash: examples/images/sample-myip-infrastructure/Dockerfile:2: pin your Docker image by updating gulli/cloudformation-deployer:0.1-13 to gulli/cloudformation-deployer:0.1-13@sha256:a1cecfaaf39950698c98c27f2a7552cbfcdde6e5ecb96cabeeb8d58ec4ec69af
Warn: containerImage not pinned by hash: packages/cli/e2etest/cli-tester/Dockerfile:1: pin your Docker image by updating node to node@sha256:1745a99b66da41b5ccd6f7be3810f74ddab16eb4579de10de378adb50d2e6e6f
Warn: containerImage not pinned by hash: packages/cli/e2etest/docker-build/insufficient-deployment-data/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/cli/e2etest/docker-build/plain-deployer-repo/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/cli/e2etest/docker-build/public-repo-with-deployment-dir/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/cli/e2etest/docker-build/public-repo-with-kube-yaml/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-deployer-image-with-deployment-tests/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-image-json-metadata/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-image-with-yaml-wrecking-hbs/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-image/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-image2/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-image3/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-infrastructure/Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-k8s-image-with-deployment-tests/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-migration-image-newformat/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: containerImage not pinned by hash: packages/deployer/src/integratedtest/testimages/test-migration-image/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
Warn: npmCommand not pinned by hash: packages/cli/e2etest/cli-tester/Dockerfile:5
Info: 0 out of 21 containerImage dependencies pinned
Info: 1 out of 2 npmCommand dependencies pinned

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

54 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm
Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-3f95-r44v-8mrg
Warn: Project is vulnerable to: GHSA-28xr-mwxg-3qc8
Warn: Project is vulnerable to: GHSA-9p95-fxvg-qgq2
Warn: Project is vulnerable to: GHSA-9w5j-4mwv-2wj8
Warn: Project is vulnerable to: GHSA-652h-xwhf-q4h6
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

2

/10

Last Scanned on 2024-12-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More