Gathering detailed insights and metrics for @sigstore/core
Gathering detailed insights and metrics for @sigstore/core
Gathering detailed insights and metrics for @sigstore/core
Gathering detailed insights and metrics for @sigstore/core
npm install @sigstore/core
@sigstore/mock@0.9.0
Published on 26 Nov 2024
@sigstore/verify@2.0.0
Published on 14 Oct 2024
@sigstore/tuf@3.0.0
Published on 14 Oct 2024
@sigstore/sign@3.0.0
Published on 14 Oct 2024
@sigstore/rekor-types@3.0.0
Published on 14 Oct 2024
@sigstore/oci@0.4.0
Published on 14 Oct 2024
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
156 Stars
1,084 Commits
23 Forks
7 Watching
23 Branches
43 Contributors
Updated on 26 Nov 2024
TypeScript (97.99%)
JavaScript (1.26%)
Makefile (0.67%)
Shell (0.08%)
Batchfile (0.01%)
Cumulative downloads
Total Downloads
Last day
2.3%
688,560
Compared to previous day
Last week
10.3%
3,718,831
Compared to previous week
Last month
13.7%
14,776,954
Compared to previous month
Last year
0%
108,299,144
Compared to previous year
No dependencies detected.
JavaScript libraries for interacting with Sigstore services.
sigstore
- Client library implementing Sigstore signing/verification workflows.@sigstore/bundle
- TypeScript types and utility functions for working with Sigstore bundles.@sigstore/cli
- Command line interface for signing/verifying artifacts with Sigstore.@sigstore/sign
- Library for generating Sigstore signatures.@sigstore/tuf
- Library for interacting with the Sigstore TUF repository.@sigstore/rekor-types
- TypeScript types for the Sigstore Rekor REST API.@sigstore/mock
- Mocking library for Sigstore services.If you are contributing a user-facing or noteworthy change that should be added to the changelog, you should include a changeset with your PR by running the following command:
1npx changeset add
Follow the prompts to specify whether the change is a major, minor or patch change. This will create a file in the .changesets
directory of the repo. This change should be committed and included with your PR.
Whenever a new changeset is merged to the "main" branch, the release
workflow will open a PR (or append to the existing PR if one is already open) with the all of the pending changesets.
Publishing a release simply requires that you approve/merge this PR. This will trigger the publishing of the package to the npm registry and the creation of the GitHub release.
sigstore-js
is licensed under the Apache 2.0 License.
See the contributing docs for details.
Everyone interacting with this project is expected to follow the sigstore Code of Conduct.
Should you discover any security issues, please refer to sigstore's security process.
sigstore-js
is developed as part of the sigstore
project.
We also use a slack channel! Click here for the invite link.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
Reason
license file detected
Details
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
Reason
GitHub workflow tokens follow principle of least privilege
Details
Reason
0 existing vulnerabilities detected
Reason
branch protection is not maximal on development and all release branches
Details
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
Reason
project has 2 contributing companies or organizations -- score normalized to 6
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Score
Last Scanned on 2024-11-26T20:54:57Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More