Gathering detailed insights and metrics for @spectrum-web-components/base
Gathering detailed insights and metrics for @spectrum-web-components/base
Installations
npm install @spectrum-web-components/baseDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
20.16.0
NPM Version
10.8.1
Score
92
Supply Chain
82.2
Quality
98.6
Maintenance
100
Vulnerability
72.1
License
Releases
Unable to fetch releases
Contributors
342
Languages
5
TypeScript
CSS
JavaScript
HTML
Handlebars
TypeScript (56.93%)
CSS (37.63%)
JavaScript (5.22%)
HTML (0.17%)
Handlebars (0.05%)
Developer
Download Statistics
Total Downloads
1,063,153
Last Day
552
Last Week
7,931
Last Month
67,252
Last Year
587,511
GitHub Statistics
1,309 Stars
4,576 Commits
206 Forks
49 Watching
149 Branches
342 Contributors
Bundle Size
18.72 kB
Minified
6.87 kB
Minified + Gzipped
Maintainers
13
Package Meta Information
Latest Version
1.0.3
Package Id
@spectrum-web-components/base@1.0.3
Unpacked Size
101.69 kB
Size
20.48 kB
File Count
59
NPM Version
10.8.1
Node Version
20.16.0
Publised On
12 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
1,063,153
Last day
-78.1%
552
Compared to previous day
Last week
-42.9%
7,931
Compared to previous week
Last month
-27.9%
67,252
Compared to previous month
Last year
115.9%
587,511
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
Description
The SpectrumElement base class as created by mixing SpectrumMixin onto LitElement adopts dir values from the document at connection time with a fallback to lrt. In a TypeScript context, it also enforces the presence of this.shadowRoot on extending components.
Usage
yarn add @spectrum-web-components/base
When looking to leverage the SpectrumElement base class as a type and/or for extension purposes, do so via:
import { SpectrumElement } from '@spectrum-web-components/base';
export MyElement extends SpectrumElement {}
Similarly the SpectrumMixin class factory mixin is available via:
import { SpectrumMixin } from '@spectrum-web-components/base';
export MyElement extends SpectrumMixin(HTMLElement) {}
Features
dir management
With powerful CSS selectors like :host(:dir(rtl)) and :host-content([dir=rtl]) not yet enjoying cross-browser support, reliably delivering content in both "left to right" and "right to left" while relying on Shadow DOM means certain trade offs need to be made. While every custom element build from SpectrumMixin could have its dir attribute applied to manage this, doing so is not only a pain for apply, it's a pain to maintain over time. To support the flexibility to deliver content in both of these directions, elements built from SpectrumMixin will observe the dir attribute of either the document or a containing sp-theme. This will allow your sites and applications to manage content direction in a single place while also opening the possibility of having multiple content directions on the same page by scoping those content sections with sp-theme elements.
Placing a dir attribute on an element built from SpectrumMixin before attaching it to the DOM will prevent it from resolving the text direction value to a parent sp-theme or document element. Elements applied to the page in this way will also NOT participate in observing any such elements, so their dir values will remain as initialized regardless of changes in other parts of your documents. If you choose to leverage this, be aware that any child (in both light DOM and shadow DOM) of this element will need to have a dir attribute applied as well if you do not want it resolving to a parent sp-theme or document element itself. In this way, it is likely that you would benefit from leveraging an sp-theme element to create scope in your document for managing this custom content direction section of your page.
isLTR
While CSS offers many powerful solutions for styling content in various directions, sometimes JS functionality depends on the specific of that direction. Elements built from SpectrumMixin have the this.isLTR getter that will resolve to true when dir === 'ltr'.
public shadowRoot!: ShadowRoot;
Elements built from SpectrumMixin assume that you will be using shadow DOM in the resulting custom element. To simplify TypeScript usage the presence of this.shadowRoot is asserted as non-null so that you have direct access to it without extended type checking.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found linked content: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/adobe/.github/.github/SECURITY.md:1
Reason
Found 23/25 approved changesets -- score normalized to 9
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-update.yml:10
- Warn: no topLevel permission defined: .github/workflows/beta-release.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/chromatic-vrt.yml:18
- Warn: no topLevel permission defined: .github/workflows/coveralls.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-update.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/smoke.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/beta-release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/beta-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chromatic-vrt.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/chromatic-vrt.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chromatic-vrt.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/chromatic-vrt.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/chromatic-vrt.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/chromatic-vrt.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coveralls.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/coveralls.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coveralls.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/coveralls.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-update.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/pr-update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-update.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/pr-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/smoke.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/smoke.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/test.yml/main?enable=pin
- Info: 0 out of 25 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
29 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-28mc-g557-92m7
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-gp8f-8m3g-qvj9
- Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-cvv5-9h9w-qp2m
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.4
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More