Gathering detailed insights and metrics for @tauri-apps/cli
Gathering detailed insights and metrics for @tauri-apps/cli
Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
Installations
npm install @tauri-apps/cliDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 10
Node Version
20.19.0
NPM Version
10.8.2
Score
97.3
Supply Chain
86.6
Quality
97.9
Maintenance
100
Vulnerability
99.6
License
Releases
1,413
tauri-cli v2.4.1
tauri-cli-v2.4.1
Updated on Apr 01, 2025
@tauri-apps/cli v2.4.1
@tauri-apps/cli-v2.4.1
Updated on Apr 01, 2025
tauri v2.4.1
tauri-v2.4.1
Updated on Apr 01, 2025
tauri-build v2.1.1
tauri-build-v2.1.1
Updated on Apr 01, 2025
tauri-plugin v2.1.1
tauri-plugin-v2.1.1
Updated on Apr 01, 2025
tauri-macros v2.1.1
tauri-macros-v2.1.1
Updated on Apr 01, 2025
Languages
18
Rust
TypeScript
NSIS
Kotlin
JavaScript
Shell
Swift
HTML
Dockerfile
PowerShell
AppleScript
Svelte
CSS
Standard ML
Ruby
Objective-C
C++
Objective-C++
Rust (82.78%)
TypeScript (7.11%)
NSIS (3.63%)
Kotlin (2.2%)
JavaScript (1.65%)
Shell (1.43%)
Swift (0.73%)
HTML (0.07%)
Dockerfile (0.07%)
PowerShell (0.06%)
AppleScript (0.06%)
Svelte (0.06%)
CSS (0.05%)
Standard ML (0.04%)
Ruby (0.03%)
Objective-C (0.01%)
Developer
Download Statistics
Total Downloads
9,869,910
Last Day
17,191
Last Week
105,379
Last Month
438,607
Last Year
4,434,621
GitHub Statistics
Apache-2.0 License
91,107 Stars
5,417 Commits
2,790 Forks
520 Watchers
42 Branches
461 Contributors
Updated on Apr 03, 2025
Bundle Size
6.96 kB
Minified
1.10 kB
Minified + Gzipped
Sponsor this package
Maintainers
5
Package Meta Information
Latest Version
2.4.1
Package Id
@tauri-apps/cli@2.4.1
Unpacked Size
306.54 kB
Size
71.23 kB
File Count
18
NPM Version
10.8.2
Node Version
20.19.0
Published on
Apr 01, 2025
Total Downloads
Cumulative downloads
Total Downloads
9,869,910
Last Day
2.1%
17,191
Compared to previous day
Last Week
3.8%
105,379
Compared to previous week
Last Month
13.3%
438,607
Compared to previous month
Last Year
-2.8%
4,434,621
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
4
Optional Dependencies
11
@tauri-apps/cli-win32-x64-msvc@tauri-apps/cli-darwin-x64@tauri-apps/cli-linux-x64-gnu@tauri-apps/cli-darwin-arm64@tauri-apps/cli-linux-arm64-gnu@tauri-apps/cli-linux-arm64-musl@tauri-apps/cli-linux-arm-gnueabihf@tauri-apps/cli-linux-x64-musl@tauri-apps/cli-linux-riscv64-gnu@tauri-apps/cli-win32-ia32-msvc@tauri-apps/cli-win32-arm64-msvc
@tauri-apps/cli
| Component | Version |
|---|---|
| @tauri-apps/cli |  |
About Tauri
Tauri is a polyglot and generic system that is very composable and allows engineers to make a wide variety of applications. It is used for building applications for Desktop Computers using a combination of Rust tools and HTML rendered in a Webview. Apps built with Tauri can ship with any number of pieces of an optional JS API / Rust API so that webviews can control the system via message passing. In fact, developers can extend the default API with their own functionality and bridge the Webview and Rust-based backend easily.
Tauri apps can have custom menus and have tray-type interfaces. They can be updated, and are managed by the user's operating system as expected. They are very small, because they use the system's webview. They do not ship a runtime, since the final binary is compiled from rust. This makes the reversing of Tauri apps not a trivial task.
This module
Written in Typescript and packaged such that it can be used with npm, pnpm, yarn, and bun, this library provides a node.js runner for common tasks when using Tauri, like pnpm tauri dev. For the most part it is a wrapper around tauri-cli.
To learn more about the details of how all of these pieces fit together, please consult this ARCHITECTURE.md document.
Installation
The preferred method is to install this module locally as a development dependency:
$ pnpm add -D @tauri-apps/cli
$ yarn add -D @tauri-apps/cli
$ npm add -D @tauri-apps/cli
Semver
tauri is following Semantic Versioning 2.0.
Licenses
Code: (c) 2019 - 2021 - The Tauri Programme within The Commons Conservancy.
MIT or MIT/Apache 2.0 where applicable.
Logo: CC-BY-NC-ND
- Original Tauri Logo Designs by Daniel Thompson-Yvetot and Guillaume Chau
High
8.4/10
Summary
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Affected Versions
>= 1.0.0, < 1.5.6
Patched Versions
1.5.6
High
8.4/10
Summary
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Affected Versions
>= 2.0.0-alpha.0, < 2.0.0-alpha.16
Patched Versions
2.0.0-alpha.16
Reason
30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE_APACHE-2.0:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE_APACHE-2.0:0
Reason
Found 22/24 approved changesets -- score normalized to 9
Reason
binaries present in source code
Details
- Warn: binary detected: crates/tauri-cli/scripts/vswhere.exe:1
- Warn: binary detected: crates/tauri-cli/templates/mobile/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: crates/tests/app-updater/frameworks/test.framework/Versions/A/test:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/covector-version-or-publish.yml:64
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/covector-version-or-publish.yml:63
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-cli-js.yml:381
- Warn: no topLevel permission defined: .github/workflows/audit.yml:1
- Warn: no topLevel permission defined: .github/workflows/bench.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-change-tags.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-generated-files.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-license-header.yml:1
- Info: topLevel 'actions' permission set to 'read': .github/workflows/covector-comment-on-fork.yml:16
- Warn: no topLevel permission defined: .github/workflows/covector-status.yml:1
- Warn: no topLevel permission defined: .github/workflows/covector-version-or-publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-schema-worker.yml:1
- Warn: no topLevel permission defined: .github/workflows/docker.yml:1
- Warn: no topLevel permission defined: .github/workflows/fmt.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint-js.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint-rust.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-cli-js.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-cli-rs.yml:1
- Warn: no topLevel permission defined: .github/workflows/supply-chain.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-android.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-cli-js.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-cli-rs.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-core.yml:1
- Warn: no topLevel permission defined: .github/workflows/udeps.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/audit.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-comment-on-fork.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-comment-on-fork.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-status.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-status.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:296: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:337: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:342: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:347: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:352: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:389: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:396: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-core.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:4
- Warn: containerImage not pinned by hash: .docker/cross/aarch64.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2
- Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38
- Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:55
- Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:63
- Warn: npmCommand not pinned by hash: .github/workflows/check-generated-files.yml:48
- Warn: npmCommand not pinned by hash: .github/workflows/covector-version-or-publish.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/covector-version-or-publish.yml:79
- Warn: npmCommand not pinned by hash: .github/workflows/docker.yml:70
- Warn: npmCommand not pinned by hash: .github/workflows/fmt.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/lint-js.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/lint-js.yml:37
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:109
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:221
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:254
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:293
- Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:386
- Warn: npmCommand not pinned by hash: .github/workflows/test-android.yml:46
- Warn: npmCommand not pinned by hash: .github/workflows/test-cli-js.yml:42
- Info: 0 out of 70 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 48 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 15 npmCommand dependencies pinned
- Info: 0 out of 2 pipCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
18 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: RUSTSEC-2024-0413
- Warn: Project is vulnerable to: RUSTSEC-2024-0416
- Warn: Project is vulnerable to: RUSTSEC-2020-0095
- Warn: Project is vulnerable to: RUSTSEC-2024-0412
- Warn: Project is vulnerable to: RUSTSEC-2024-0418
- Warn: Project is vulnerable to: RUSTSEC-2024-0411
- Warn: Project is vulnerable to: RUSTSEC-2024-0417
- Warn: Project is vulnerable to: RUSTSEC-2024-0414
- Warn: Project is vulnerable to: GHSA-wrw7-89jp-8q8g
- Warn: Project is vulnerable to: RUSTSEC-2024-0429
- Warn: Project is vulnerable to: RUSTSEC-2024-0415
- Warn: Project is vulnerable to: RUSTSEC-2024-0420
- Warn: Project is vulnerable to: RUSTSEC-2024-0419
- Warn: Project is vulnerable to: RUSTSEC-2024-0436
- Warn: Project is vulnerable to: RUSTSEC-2024-0370
- Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6
- Warn: Project is vulnerable to: RUSTSEC-2025-0009
- Warn: Project is vulnerable to: RUSTSEC-2023-0071
Score
5.1
/10
Last Scanned on 2025-03-24
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More