Gathering detailed insights and metrics for @vaadin/vaadin-usage-statistics
Gathering detailed insights and metrics for @vaadin/vaadin-usage-statistics
Development-time usage statistics collector.
Installations
npm install @vaadin/vaadin-usage-statisticsDeveloper
vaadin
Developer Guide
BETA
Module System
ESM
Min. Node Version
^12.20.0 || ^14.13.1 || >=16.0.0
Typescript Support
No
Node Version
18.20.1
NPM Version
10.5.0
Statistics
8 Stars
203 Commits
6 Forks
10 Watching
5 Branches
103 Contributors
Updated on 27 Sept 2024
Languages
HTML (64.79%)
JavaScript (35.21%)
Total Downloads
Cumulative downloads
Total Downloads
10,000,362
Last day
-5%
18,103
Compared to previous day
Last week
1.5%
97,010
Compared to previous week
Last month
7.3%
413,107
Compared to previous month
Last year
62.9%
3,418,502
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Gathers usage statistics for components used during application development
To be able to understand and focus development more efficiently, Vaadin gathers product usage statistics during development time and ties this to users who are logged in to their Vaadin account. No statistics or other data is collected from the users of the applications based on any Vaadin technologies.
Statistics are only gathered when the application is in development mode. Statistics are automatically disabled and the statistics gathering code is automatically excluded from production builds.
Collected data
- Vaadin products used in the application, including version numbers
- Frameworks used in the application, including version numbers
- Flow features used in the application, including version numers
- The first and last time a product was used
- The first time statistics were gathered
- Your Vaadin user account
- Whether you are a Vaadin Pro user or not (true/false)
- Browser user-agent string
- The IP address the statistics is sent from
Opting out
npm and Vaadin 14+ (using npm)
Using npm, you can disable it for the machine by running
npm explore @vaadin/vaadin-usage-statistics -- npm run disable
or you can disable it for the project by adding
"vaadin": { "disableUsageStatistics": true }
to your project package.json and running npm install again (remove node_modules if needed).
You can verify this by checking that vaadin-usage-statistics.js contains an empty function.
Vaadin 10 - 14 (using Bower)
Add to your pom.xml:
<dependency>
<groupId>org.webjars.bowergithub.vaadin</groupId>
<artifactId>vaadin-usage-statistics</artifactId>
<version>1.0.0-optout</version>
</dependency>
Bower
To opt-out from statistics, install the no-op version of the vaadin-usage-statistics package using
bower install --save vaadin/vaadin-usage-statistics#optout
You can verify this by checking that vaadin-usage-statistics.html is empty.
If you have any questions on the use of the statistics, please contact statistics@vaadin.com.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/vaadin/.github/SECURITY.md:1
- Info: Found linked content: github.com/vaadin/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/vaadin/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/vaadin/.github/SECURITY.md:1
Reason
5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Reason
Found 1/2 approved changesets -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vaadin/vaadin-usage-statistics/unit-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vaadin/vaadin-usage-statistics/unit-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/vaadin/vaadin-usage-statistics/unit-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/vaadin/vaadin-usage-statistics/unit-tests.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:53
- Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:57
- Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/unit-tests.yml:27
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 5 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/unit-tests.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-7h8x-wmq2-7mff
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-4cpg-3vgw-4877
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
- Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
- Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
- Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
Score
4.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More