Gathering detailed insights and metrics for @spectrum-web-components/color-handle
Gathering detailed insights and metrics for @spectrum-web-components/color-handle
Spectrum Web Components
Installations
npm install @spectrum-web-components/color-handleDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
20.16.0
NPM Version
10.8.1
Releases
Unable to fetch releases
Languages
6
TypeScript
CSS
JavaScript
HTML
Handlebars
MDX
TypeScript (66.41%)
CSS (31.37%)
JavaScript (2.07%)
HTML (0.08%)
Handlebars (0.06%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
1,405 Stars
4,923 Commits
229 Forks
46 Watchers
249 Branches
342 Contributors
Updated on Jul 17, 2025
Maintainers
7
Package Meta Information
Latest Version
1.7.0
Package Id
@spectrum-web-components/color-handle@1.7.0
Unpacked Size
59.46 kB
Size
7.11 kB
File Count
33
NPM Version
10.8.1
Node Version
20.16.0
Published on
Jun 11, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Description
The <sp-color-handle> is used to select a colour on an <sp-color-area>, <sp-color-slider>, or <sp-color-wheel>. It functions similarly to the handle on an <sp-slider>.
Usage
yarn add @spectrum-web-components/color-handle
Import the side effectful registration of <sp-color-handle> via:
import '@spectrum-web-components/color-handle/sp-color-handle.js';
When looking to leverage the ColorHandle base class as a type and/or for extension purposes, do so via:
import { ColorHandle } from '@spectrum-web-components/color-handle';
Standard
1<sp-color-handle></sp-color-handle>
Disabled
1<sp-color-handle disabled></sp-color-handle>
Open
When the <sp-color-handle> uses the open property, the <sp-color-loupe> component can be used above the handle to show the selected color that would otherwise be covered by a mouse, stylus, or finger on the down/touch state. This can be customized to appear only on finger-input, or always appear regardless of input type.
1<div style="height: 72px"></div> 2<sp-color-handle open></sp-color-handle>
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found linked content: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/adobe/.github/.github/SECURITY.md:1
Reason
Found 24/28 approved changesets -- score normalized to 8
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/lint.yml:46
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-update.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/browser-tests.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/chromatic-vrt.yml:18
- Warn: no topLevel permission defined: .github/workflows/coveralls.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:22
- Warn: no topLevel permission defined: .github/workflows/pr-update.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/preview-docs.yml:10
- Warn: no topLevel permission defined: .github/workflows/preview-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-docs-site.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/urls-smoke-test.yml:10
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/browser-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser-tests.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/browser-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser-tests.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/browser-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser-tests.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/browser-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser-tests.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/browser-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser-tests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/browser-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser-tests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/browser-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chromatic-vrt.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/chromatic-vrt.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/chromatic-vrt.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/chromatic-vrt.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coveralls.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/coveralls.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coveralls.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/coveralls.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-update.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/pr-update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-update.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/pr-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview-docs.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/preview-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview-docs.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/preview-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview-docs.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/preview-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/preview-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs-site.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/publish-docs-site.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/urls-smoke-test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/urls-smoke-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/urls-smoke-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/urls-smoke-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/urls-smoke-test.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/urls-smoke-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/urls-smoke-test.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/spectrum-web-components/urls-smoke-test.yml/main?enable=pin
- Info: 0 out of 23 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 26 are checked with a SAST tool
Reason
36 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-28mc-g557-92m7
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
- Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m
- Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-3h52-269p-cp9r
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548
- Warn: Project is vulnerable to: GHSA-cvv5-9h9w-qp2m
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.3
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More