npmpackage.info

Gathering detailed insights and metrics for @tauri-apps/cli

@tauri-apps/cli

Build smaller, faster, and more secure desktop and mobile applications with a web frontend.

2.1.0

85,686

Apache-2.0

Rust

1.10 kB

8,313,319 5.7

Installations

npm install @tauri-apps/cli

Score

68.1

Supply Chain

86.6

Quality

96.5

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

48

Total

5,119

Closed

464

Merged

4,607

Issues

Open

993

Total

4,827

Closed

3,834

Releases

1,325

tauri v2.1.1

tauri-v2.1.1

Published on 11 Nov 2024

@tauri-apps/api v2.1.1

@tauri-apps/api-v2.1.1

Published on 11 Nov 2024

tauri-cli v2.1.0

tauri-cli-v2.1.0

Published on 09 Nov 2024

@tauri-apps/cli v2.1.0

@tauri-apps/cli-v2.1.0

Published on 09 Nov 2024

tauri v2.1.0

tauri-v2.1.0

Published on 09 Nov 2024

tauri-build v2.0.3

tauri-build-v2.0.3

Published on 09 Nov 2024

View all 1,325 releases

Developer

tauri-apps

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>= 10

Typescript Support

Yes

Node Version

20.18.0

NPM Version

10.8.2 Statistics

85,686 Stars

5,174 Commits

2,593 Forks

509 Watching

44 Branches

415 Contributors

Updated on 28 Nov 2024

Bundle Size

6.96 kB

Minified

1.10 kB

Minified + Gzipped

Bundlephobia

Languages

Rust (82.75%)

TypeScript (7.14%)

NSIS (3.56%)

Kotlin (2.15%)

JavaScript (1.69%)

Shell (1.48%)

Swift (0.75%)

PowerShell (0.07%)

HTML (0.07%)

Dockerfile (0.07%)

AppleScript (0.06%)

CSS (0.06%)

Svelte (0.06%)

Standard ML (0.05%)

Ruby (0.03%)

Objective-C (0.01%)

Total Downloads

Cumulative downloads

Total Downloads

8,313,319

Last day

-2.9%

11,452

Compared to previous day

Last week

-9.5%

76,540

Compared to previous week

Last month

-2.3%

352,901

Compared to previous month

Last year

75.6%

4,962,462

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@napi-rs/cli @types/node cross-env vitest

Optional Dependencies

@tauri-apps/cli-win32-x64-msvc @tauri-apps/cli-darwin-x64 @tauri-apps/cli-linux-x64-gnu @tauri-apps/cli-darwin-arm64 @tauri-apps/cli-linux-arm64-gnu @tauri-apps/cli-linux-arm64-musl @tauri-apps/cli-linux-arm-gnueabihf @tauri-apps/cli-linux-x64-musl @tauri-apps/cli-win32-ia32-msvc @tauri-apps/cli-win32-arm64-msvc

Versions

Introduction

Tauri is a framework for building tiny, blazingly fast binaries for all major desktop platforms. Developers can integrate any front-end framework that compiles to HTML, JS and CSS for building their user interface. The backend of the application is a rust-sourced binary with an API that the front-end can interact with.

The user interface in Tauri apps currently leverages tao as a window handling library on macOS, Windows, Linux, Android and iOS. To render your application, Tauri uses WRY, a library which provides a unified interface to the system webview, leveraging WKWebView on macOS & iOS, WebView2 on Windows, WebKitGTK on Linux and Android System WebView on Android.

To learn more about the details of how all of these pieces fit together, please consult this ARCHITECTURE.md document.

Getting Started

If you are interested in making a tauri app, please visit the documentation website.

The quickest way to get started is to install the prerequisites for your system and create a new project with create-tauri-app. For example with npm:

1npm create tauri-app@latest

Features

The list of Tauri's features includes, but is not limited to:

Built-in app bundler to create app bundles in formats like .app, .dmg, .deb, .rpm, .AppImage and Windows installers like .exe (via NSIS) and .msi (via WiX).
Built-in self updater (desktop only)
System tray icons
Native notifications
Localhost free (🔥)
GitHub action for streamlined CI
VS Code extension

Platforms

Tauri currently supports development and distribution on the following platforms:

Platform	Versions
Windows	7 and above
macOS	10.15 and above
Linux	webkit2gtk 4.0 for Tauri v1 (for example Ubuntu 18.04). webkit2gtk 4.1 for Tauri v2 (for example Ubuntu 22.04).
iOS/iPadOS (beta)	9 and above
Android (beta)	7 and above

Contributing

Before you start working on something, it's best to check if there is an existing issue first. It's also a good idea to stop by the Discord server and confirm with the team if it makes sense or if someone else is already working on it.

Please make sure to read the Contributing Guide before making a pull request.

Thank you to everyone contributing to Tauri!

Documentation

Documentation in a polyglot system is a tricky proposition. To this end, we prefer to use inline documentation in the Rust & JS source code as much as possible. Check out the hosting repository for the documentation site for further information: https://github.com/tauri-apps/tauri-docs

Partners

For the complete list of sponsors please visit our website and Open Collective.

Organization

Tauri aims to be a sustainable collective based on principles that guide sustainable free and open software communities. To this end it has become a Programme within the Commons Conservancy, and you can contribute financially via Open Collective.

Licenses

MIT or MIT/Apache 2.0 where applicable.

Logo: CC-BY-NC-ND

Original Tauri Logo Designs by Alve Larsson, Daniel Thompson-Yvetot and Guillaume Chau

Stable Version

The latest stable version of the package.

Stable Version

2.1.0

HIGH

8.4/10

Summary

Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables

Affected Versions

>= 1.0.0, < 1.5.6

Patched Versions

1.5.6

HIGH

8.4/10

Summary

Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables

Affected Versions

>= 2.0.0-alpha.0, < 2.0.0-alpha.16

Patched Versions

2.0.0-alpha.16

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

9

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

7

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

6

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/audit.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-comment-on-fork.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-comment-on-fork.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-status.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-status.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:316: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:321: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:366: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:373: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-core.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:4
Warn: containerImage not pinned by hash: .docker/cross/aarch64.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:55
Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:63
Info: 0 out of 70 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 48 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned

0

SAST

Determines if the project uses static code analysis.

Score

5.7

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More