Gathering detailed insights and metrics for @walkthunder/electron-builder-squirrel-windows
Gathering detailed insights and metrics for @walkthunder/electron-builder-squirrel-windows
A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
Installations
npm install @walkthunder/electron-builder-squirrel-windowsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.9.0
NPM Version
8.19.1
Releases
904
Languages
7
TypeScript
NSIS
JavaScript
Shell
Dockerfile
Smarty
CSS
TypeScript (91.25%)
NSIS (6.27%)
JavaScript (1.59%)
Shell (0.51%)
Dockerfile (0.34%)
Smarty (0.02%)
CSS (0.02%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
14,181 Stars
3,408 Commits
1,795 Forks
148 Watchers
80 Branches
570 Contributors
Updated on Jul 12, 2025
Maintainers
1
Package Meta Information
Latest Version
25.1.0
Package Id
@walkthunder/electron-builder-squirrel-windows@25.1.0
Unpacked Size
56.24 kB
Size
13.98 kB
File Count
9
NPM Version
8.19.1
Node Version
18.9.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Dev Dependencies
2
Optional Dependencies
1
electron-builder-squirrel-windows
Plugin for electron-builder to build Squirrel.Windows installer.
No vulnerabilities found.
Reason
30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/deploy-docker.yml:23
Reason
binaries present in source code
Details
- Warn: binary detected: test/fixtures/test-app-symlink-framework/hello-world/lib/Release/Hello.framework/Versions/A/Hello:1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:11
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/pr-release.yml:15
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr-semantic.yml:16
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/pr-semantic.yml:17
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-docker.yml:12
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/deploy-netlify.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-netlify.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-build.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-netlify.yml:10
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/pr-netlify.yml:11
- Info: found token with 'none' permissions: .github/workflows/pr-release.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-semantic.yml:11
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yaml:21
Reason
SAST tool is not run on all commits -- score normalized to 6
Details
- Warn: 20 commits out of 30 are checked with a SAST tool
Reason
Found 10/27 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: containerImage not pinned by hash: docker/base/Dockerfile:3: pin your Docker image by updating buildpack-deps:22.04-curl to buildpack-deps:22.04-curl@sha256:00d9d5d1f0f0e615ec87d1d09625f7ca94960a94f472005b5ca0550b741276e9
- Warn: containerImage not pinned by hash: docker/node/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine-chrome/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine-mono/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine/Dockerfile:2
- Warn: containerImage not pinned by hash: mkdocs-dockerfile:1: pin your Docker image by updating squidfunk/mkdocs-material:9.5 to squidfunk/mkdocs-material:9.5@sha256:41942f7a2f5163aacd0e866e076d95db4f26550b97d76c1594c04250cbb580e9
- Warn: containerImage not pinned by hash: test/src/updater/Dockerfile-appimage:1: pin your Docker image by updating buildpack-deps:noble-curl to buildpack-deps:noble-curl@sha256:8e7e0c787a677d90917f6cacd7d108f3a3022e51d6bff9b46dc8bf5802b368b2
- Warn: containerImage not pinned by hash: test/src/updater/Dockerfile-archlinux:1: pin your Docker image by updating archlinux:latest to archlinux:latest@sha256:7ca06cad29fe509ea1b4a0fb40485ca410fe5fdbea39888c5f3169b4961b2b14
- Warn: containerImage not pinned by hash: test/src/updater/Dockerfile-debian:1: pin your Docker image by updating debian:bookworm-slim to debian:bookworm-slim@sha256:6ac2c08566499cc2415926653cf2ed7c3aedac445675a013cc09469c9e118fdd
- Warn: containerImage not pinned by hash: test/src/updater/Dockerfile-rpm:1: pin your Docker image by updating fedora:latest to fedora:latest@sha256:6beec36f3b1c7fd128bb69a59e20d4a897e65a43145ebb252fb39923c98c1c8b
- Warn: downloadThenRun not pinned by hash: docker/base/Dockerfile:8-22
- Warn: npmCommand not pinned by hash: docker/node/Dockerfile:11
- Warn: pipCommand not pinned by hash: mkdocs-dockerfile:2
- Warn: downloadThenRun not pinned by hash: test/src/updater/Dockerfile-appimage:46
- Warn: npmCommand not pinned by hash: test/src/updater/Dockerfile-appimage:48
- Warn: npmCommand not pinned by hash: test/src/updater/Dockerfile-archlinux:13
- Warn: downloadThenRun not pinned by hash: test/src/updater/Dockerfile-debian:5
- Warn: npmCommand not pinned by hash: test/src/updater/Dockerfile-debian:8
- Warn: npmCommand not pinned by hash: test/src/updater/Dockerfile-rpm:23
- Info: 15 out of 15 GitHub-owned GitHubAction dependencies pinned
- Info: 9 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 pipCommand dependencies pinned
- Info: 0 out of 10 containerImage dependencies pinned
- Info: 0 out of 3 downloadThenRun dependencies pinned
- Info: 0 out of 5 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-p7v2-p9m8-qqg7
- Warn: Project is vulnerable to: GHSA-7x97-j373-85x5
- Warn: Project is vulnerable to: GHSA-7m48-wc93-9g85
- Warn: Project is vulnerable to: GHSA-6r2x-8pq8-9489
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Score
5.7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More