npmpackage.info

@snowplow/tracker-core

Snowplow event tracker for client-side and server-side JavaScript. Add analytics to your websites, web apps and servers.

4.1.0

555

BSD-3-Clause

TypeScript

22,448,019 3.9

Installations

npm install @snowplow/tracker-core

Pull Requests

Open

5

Total

425

Closed

104

Merged

316

Issues

Open

88

Total

965

Closed

877

Releases

142

Version 4.1.0

4.1.0

Published on 28 Nov 2024

Version 4.0.4

4.0.4

Published on 21 Nov 2024

Version 4.0.3

4.0.3

Published on 20 Nov 2024

Version 4.0.2

4.0.2

Published on 11 Nov 2024

Version 4.0.1

4.0.1

Published on 01 Nov 2024

Version 4.0.0

4.0.0

Published on 28 Oct 2024

View all 142 releases

Developer

snowplow

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

Yes

Node Version

18.20.5

NPM Version

10.8.2 Statistics

555 Stars

1,544 Commits

222 Forks

49 Watching

29 Branches

79 Contributors

Updated on 28 Nov 2024

Languages

TypeScript (87.48%)

JavaScript (7.66%)

HTML (4.68%)

CSS (0.11%)

Shell (0.07%)

Total Downloads

Cumulative downloads

Total Downloads

22,448,019

Last day

-7.9%

66,438

Compared to previous day

Last week

3.5%

343,486

Compared to previous week

Last month

29.9%

1,481,648

Compared to previous month

Last year

104.2%

13,201,100

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Browser and Node.js analytics for Snowplow

snowplow-logo

Snowplow is a scalable open-source platform for rich, high quality, low-latency data collection. It is designed to collect high quality, complete behavioral data for enterprise business.

To find out more, please check out the Snowplow website and our documentation.

Snowplow JavaScript Trackers Overview

The Snowplow JavaScript Trackers allow you to add analytics to your websites, web apps and Node.js applications when using a Snowplow pipeline.

With these trackers you can collect user event data (page views, e-commerce transactions etc) from the client-side and server-side tiers of your websites and web apps.

Technical documentation can be found for each tracker in our Documentation.

@snowplow/browser-tracker (npm)

Technical Docs	Setup Guide

Technical Docs	Setup Guide

@snowplow/javascript-tracker (tag based)

Technical Docs	Setup Guide

Technical Docs	Setup Guide

@snowplow/node-tracker (npm)

Technical Docs	Setup Guide

Technical Docs	Setup Guide

Maintainers

Contributing

Contributing

Maintainer quick start

Assuming git, Node.js 18 - 20 are installed.

Clone repository

1git clone https://github.com/snowplow/snowplow-javascript-tracker.git

Install gitleaks

To commit with safety in the repository, preventing sensitive key leakage, we use gitleaks. Gitleaks runs as a pre-commit hook making sure it can prevent accidental committing of sensitive data.

To install gitleaks, you can follow the getting started section on the repository.

For open source users before the update, you might need to re-run rush install to update your git hooks from source.

:warning: To disable gitleaks check, you can run your commit command with the SKIP=gitleaks variable. e.g. SKIP=gitleaks git commit -m "Unsafe commit".

Building

1npm install -g @microsoft/rush
2rush update
3rush build

Testing

To run unit tests:

1rush test

To run e2e browser tests (locally):

Add 127.0.0.1 snowplow-js-tracker.local to your hosts file:

1cd trackers/javascript-tracker/
2rushx test:e2e:local

Copyright and license

Licensed and distributed under the BSD 3-Clause License (An OSI Approved License).

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

SAST

Determines if the project uses static code analysis.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/change_check.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/change_check.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/change_check.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/change_check.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/change_check.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/change_check.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/docs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/docs.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/docs.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_branch.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_branch.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_branch.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_branch.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_branch.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_branch.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_branch.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_branch.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_prerelease.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_prerelease.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_prerelease.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_prerelease.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_prerelease.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_prerelease.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_prerelease.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_prerelease.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_prerelease.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_prerelease.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_prerelease.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/publish_prerelease.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/snyk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/snyk.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/snyk.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/snyk.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/snowplow/snowplow-javascript-tracker/snyk.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/change_check.yml:44
Warn: npmCommand not pinned by hash: .github/workflows/docs.yml:24
Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:65
Warn: npmCommand not pinned by hash: .github/workflows/publish_prerelease.yml:65
Info: 0 out of 24 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 10 third-party GitHubAction dependencies pinned
Info: 0 out of 4 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Security-Policy

Determines if the project has published a security policy.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

3.9

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@snowplow/tracker-core

Installations

Pull Requests

5

425

104

316

Issues

88

965

877

Releases

Developer

Developer Guide

CommonJS

Yes

18.20.5

10.8.2

Statistics

Languages

Total Downloads

22,448,019

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

Browser and Node.js analytics for Snowplow

Snowplow JavaScript Trackers Overview

@snowplow/browser-tracker (npm)

@snowplow/javascript-tracker (tag based)

@snowplow/node-tracker (npm)

Maintainers

Maintainer quick start

Clone repository

Install gitleaks

Building

Testing

Copyright and license

10

10

10

10

10

2

0

0

0

0

0

0

0

0

3.9

/10