npmpackage.info

Gathering detailed insights and metrics for acorn-globals

Gathering detailed insights and metrics for acorn-globals

acorn-globals

Use acorn to detect global variables in JavaScript

7.0.1

45

MIT

JavaScript

35.04 kB

4,653,040,058 4.1

Installations

npm install acorn-globals

Developer Guide

BETA

Typescript

No

Module System

N/A

Node Version

12.22.12

NPM Version

6.14.16

Score

99.7

Supply Chain

92.9

Quality

79.8

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

47

Closed

20

Merged

26

Issues

Open

1

Total

20

Closed

19

Releases

7

7.0.1

Published on 02 Sept 2022

7.0.0

Published on 31 Aug 2022

6.0.0

Published on 15 Mar 2020

4.3.4

Published on 04 Nov 2019

4.3.3

Published on 04 Nov 2019

4.3.2

Published on 10 May 2019

View all 7 releases

Contributors

9

Unable to fetch Contributors

View all 9 contributors

Languages

1

JavaScript

JavaScript (100%)

Developer

ForbesLindesay

Download Statistics

Total Downloads

4,653,040,058

Last Day

3,290,722

Last Week

14,626,049

Last Month

67,829,956

Last Year

924,198,957

GitHub Statistics

45 Stars

84 Commits

23 Forks

5 Watching

1 Branches

9 Contributors

Bundle Size

120.16 kB

Minified

35.04 kB

Minified + Gzipped

Bundlephobia

Maintainers

3

Package Meta Information

Latest Version

7.0.1

Package Id

acorn-globals@7.0.1

Unpacked Size

9.22 kB

Size

3.22 kB

File Count

4

NPM Version

6.14.16

Node Version

12.22.12

Total Downloads

Cumulative downloads

Total Downloads

4,653,040,058

Last day

-4.2%

3,290,722

Compared to previous day

Last week

-16.9%

14,626,049

Compared to previous week

Last month

4.2%

67,829,956

Compared to previous month

Last year

-3.6%

924,198,957

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

2

acorn acorn-walk

Dev Dependencies

1

Versions

acorn-globals

Detect global variables in JavaScript using acorn

Get supported acorn-globals with the Tidelift Subscription

Installation

npm install acorn-globals

Usage

detect.js

1var fs = require('fs');
2var detect = require('acorn-globals');
3
4var src = fs.readFileSync(__dirname + '/input.js', 'utf8');
5
6var scope = detect(src);
7console.dir(scope);

input.js

1var x = 5;
2var y = 3, z = 2;
3
4w.foo();
5w = 2;
6
7RAWR=444;
8RAWR.foo();
9
10BLARG=3;
11
12foo(function () {
13    var BAR = 3;
14    process.nextTick(function (ZZZZZZZZZZZZ) {
15        console.log('beep boop');
16        var xyz = 4;
17        x += 10;
18        x.zzzzzz;
19        ZZZ=6;
20    });
21    function doom () {
22    }
23    ZZZ.foo();
24
25});
26
27console.log(xyz);

output:

$ node example/detect.js
[ { name: 'BLARG', nodes: [ [Object] ] },
  { name: 'RAWR', nodes: [ [Object], [Object] ] },
  { name: 'ZZZ', nodes: [ [Object], [Object] ] },
  { name: 'console', nodes: [ [Object], [Object] ] },
  { name: 'foo', nodes: [ [Object] ] },
  { name: 'process', nodes: [ [Object] ] },
  { name: 'w', nodes: [ [Object], [Object] ] },
  { name: 'xyz', nodes: [ [Object] ] } ]

Security contact information

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

License

MIT

Empty State

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

3

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions-canary.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions-canary.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions-canary.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions-canary.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions-canary.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollingversions.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/rollingversions.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/ForbesLindesay/acorn-globals/test.yml/master?enable=pin
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

SAST

Determines if the project uses static code analysis.

Score

4.1

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.