Gathering detailed insights and metrics for @tauri-apps/cli
Gathering detailed insights and metrics for @tauri-apps/cli
Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
Installations
npm install @tauri-apps/cliDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 10
Node Version
20.19.0
NPM Version
10.8.2
Score
97.3
Supply Chain
86.6
Quality
97.9
Maintenance
100
Vulnerability
99.6
License
Releases
1,413
tauri-cli v2.4.1
tauri-cli-v2.4.1
Updated on Apr 01, 2025
@tauri-apps/cli v2.4.1
@tauri-apps/cli-v2.4.1
Updated on Apr 01, 2025
tauri v2.4.1
tauri-v2.4.1
Updated on Apr 01, 2025
tauri-build v2.1.1
tauri-build-v2.1.1
Updated on Apr 01, 2025
tauri-plugin v2.1.1
tauri-plugin-v2.1.1
Updated on Apr 01, 2025
tauri-macros v2.1.1
tauri-macros-v2.1.1
Updated on Apr 01, 2025
Languages
18
Rust
TypeScript
NSIS
Kotlin
JavaScript
Shell
Swift
HTML
Dockerfile
PowerShell
AppleScript
Svelte
CSS
Standard ML
Ruby
Objective-C
C++
Objective-C++
Rust (82.78%)
TypeScript (7.11%)
NSIS (3.63%)
Kotlin (2.2%)
JavaScript (1.65%)
Shell (1.43%)
Swift (0.73%)
HTML (0.07%)
Dockerfile (0.07%)
PowerShell (0.06%)
AppleScript (0.06%)
Svelte (0.06%)
CSS (0.05%)
Standard ML (0.04%)
Ruby (0.03%)
Objective-C (0.01%)
Developer
Download Statistics
Total Downloads
9,852,719
Last Day
26,606
Last Week
105,021
Last Month
428,863
Last Year
4,462,406
GitHub Statistics
Apache-2.0 License
91,084 Stars
5,414 Commits
2,789 Forks
521 Watchers
42 Branches
461 Contributors
Updated on Apr 02, 2025
Bundle Size
6.96 kB
Minified
1.10 kB
Minified + Gzipped
Sponsor this package
Maintainers
5
Package Meta Information
Latest Version
2.4.1
Package Id
@tauri-apps/cli@2.4.1
Unpacked Size
306.54 kB
Size
71.23 kB
File Count
18
NPM Version
10.8.2
Node Version
20.19.0
Published on
Apr 01, 2025
Total Downloads
Cumulative downloads
Total Downloads
9,852,719
Last Day
-1.6%
26,606
Compared to previous day
Last Week
5.2%
105,021
Compared to previous week
Last Month
10%
428,863
Compared to previous month
Last Year
-1.3%
4,462,406
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
4
Optional Dependencies
11
@tauri-apps/cli-win32-x64-msvc@tauri-apps/cli-darwin-x64@tauri-apps/cli-linux-x64-gnu@tauri-apps/cli-darwin-arm64@tauri-apps/cli-linux-arm64-gnu@tauri-apps/cli-linux-arm64-musl@tauri-apps/cli-linux-arm-gnueabihf@tauri-apps/cli-linux-x64-musl@tauri-apps/cli-linux-riscv64-gnu@tauri-apps/cli-win32-ia32-msvc@tauri-apps/cli-win32-arm64-msvc
@tauri-apps/cli
| Component | Version |
|---|---|
| @tauri-apps/cli |  |
About Tauri
Tauri is a polyglot and generic system that is very composable and allows engineers to make a wide variety of applications. It is used for building applications for Desktop Computers using a combination of Rust tools and HTML rendered in a Webview. Apps built with Tauri can ship with any number of pieces of an optional JS API / Rust API so that webviews can control the system via message passing. In fact, developers can extend the default API with their own functionality and bridge the Webview and Rust-based backend easily.
Tauri apps can have custom menus and have tray-type interfaces. They can be updated, and are managed by the user's operating system as expected. They are very small, because they use the system's webview. They do not ship a runtime, since the final binary is compiled from rust. This makes the reversing of Tauri apps not a trivial task.
This module
Written in Typescript and packaged such that it can be used with npm, pnpm, yarn, and bun, this library provides a node.js runner for common tasks when using Tauri, like pnpm tauri dev. For the most part it is a wrapper around tauri-cli.
To learn more about the details of how all of these pieces fit together, please consult this ARCHITECTURE.md document.
Installation
The preferred method is to install this module locally as a development dependency:
$ pnpm add -D @tauri-apps/cli
$ yarn add -D @tauri-apps/cli
$ npm add -D @tauri-apps/cli
Semver
tauri is following Semantic Versioning 2.0.
Licenses
Code: (c) 2019 - 2021 - The Tauri Programme within The Commons Conservancy.
MIT or MIT/Apache 2.0 where applicable.
Logo: CC-BY-NC-ND
- Original Tauri Logo Designs by Daniel Thompson-Yvetot and Guillaume Chau
High
8.4/10
Summary
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Affected Versions
>= 1.0.0, < 1.5.6
Patched Versions
1.5.6
High
8.4/10
Summary
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Affected Versions
>= 2.0.0-alpha.0, < 2.0.0-alpha.16
Patched Versions
2.0.0-alpha.16
Reason
30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE_APACHE-2.0:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE_APACHE-2.0:0
Reason
Found 22/24 approved changesets -- score normalized to 9
Reason
binaries present in source code
Details
- Warn: binary detected: crates/tauri-cli/scripts/vswhere.exe:1
- Warn: binary detected: crates/tauri-cli/templates/mobile/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: crates/tests/app-updater/frameworks/test.framework/Versions/A/test:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/covector-version-or-publish.yml:64
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/covector-version-or-publish.yml:63
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-cli-js.yml:381
- Warn: no topLevel permission defined: .github/workflows/audit.yml:1
- Warn: no topLevel permission defined: .github/workflows/bench.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-change-tags.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-generated-files.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-license-header.yml:1
- Info: topLevel 'actions' permission set to 'read': .github/workflows/covector-comment-on-fork.yml:16
- Warn: no topLevel permission defined: .github/workflows/covector-status.yml:1
- Warn: no topLevel permission defined: .github/workflows/covector-version-or-publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-schema-worker.yml:1
- Warn: no topLevel permission defined: .github/workflows/docker.yml:1
- Warn: no topLevel permission defined: .github/workflows/fmt.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint-js.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint-rust.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-cli-js.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-cli-rs.yml:1
- Warn: no topLevel permission defined: .github/workflows/supply-chain.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-android.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-cli-js.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-cli-rs.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-core.yml:1
- Warn: no topLevel permission defined: .github/workflows/udeps.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/audit.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-comment-on-fork.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-comment-on-fork.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-status.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-status.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:296: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:337: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:342: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:347: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:352: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:389: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:396: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-core.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:4
- Warn: containerImage not pinned by hash: .docker/cross/aarch64.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2
- Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38
- Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:55
- Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:63
- Warn: npmCommand not pinned by hash: .github/workflows/check-generated-files.yml:48
- Warn: npmCommand not pinned by hash: .github/workflows/covector-version-or-publish.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/covector-version-or-publish.yml:79
- Warn: npmCommand not pinned by hash: .github/workflows/docker.yml:70
- Warn: npmCommand not pinned by hash: .github/workflows/fmt.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/lint-js.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/lint-js.yml:37
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:109
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:221
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:254
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:293
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:386
- Warn: npmCommand not pinned by hash: .github/workflows/test-android.yml:46
- Warn: npmCommand not pinned by hash: .github/workflows/test-cli-js.yml:42
- Info: 0 out of 70 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 48 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 15 npmCommand dependencies pinned
- Info: 0 out of 2 pipCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
18 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: RUSTSEC-2024-0413
- Warn: Project is vulnerable to: RUSTSEC-2024-0416
- Warn: Project is vulnerable to: RUSTSEC-2020-0095
- Warn: Project is vulnerable to: RUSTSEC-2024-0412
- Warn: Project is vulnerable to: RUSTSEC-2024-0418
- Warn: Project is vulnerable to: RUSTSEC-2024-0411
- Warn: Project is vulnerable to: RUSTSEC-2024-0417
- Warn: Project is vulnerable to: RUSTSEC-2024-0414
- Warn: Project is vulnerable to: GHSA-wrw7-89jp-8q8g
- Warn: Project is vulnerable to: RUSTSEC-2024-0429
- Warn: Project is vulnerable to: RUSTSEC-2024-0415
- Warn: Project is vulnerable to: RUSTSEC-2024-0420
- Warn: Project is vulnerable to: RUSTSEC-2024-0419
- Warn: Project is vulnerable to: RUSTSEC-2024-0436
- Warn: Project is vulnerable to: RUSTSEC-2024-0370
- Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6
- Warn: Project is vulnerable to: RUSTSEC-2025-0009
- Warn: Project is vulnerable to: RUSTSEC-2023-0071
Score
5.1
/10
Last Scanned on 2025-03-24
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More