Gathering detailed insights and metrics for apache-dubbo-serialization
Installations
npm install apache-dubbo-serializationDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=10.0.0
Node Version
12.19.0
NPM Version
7.20.0
Score
75.1
Supply Chain
65.6
Quality
75
Maintenance
50
Vulnerability
99
License
Releases
18
3.3.0-alpha
dubbo3-3.0.0-alpha
Published on 08 Sept 2023
Apache Dubbo-js 4.0.0 released
4.0.0
Published on 22 Jul 2021
Apache dubbo-js v3.0.0-rc6 released
v3.0.0-rc6
Published on 16 Jan 2020
dubbo2.js@2.3.9
dubbo2.js@2.3.9
Published on 29 Apr 2019
fixed: 在获取dubbo的version顺序
dubbo2.js@2.3.8
Published on 20 Dec 2018
dubbo2.js@2.3.7
dubbo2.js@2.3.7
Published on 19 Dec 2018
Contributors
124
Unable to fetch Contributors
Languages
8
TypeScript
JavaScript
Go
Makefile
CSS
Shell
Java
HTML
TypeScript (92.44%)
JavaScript (4.69%)
Go (1.57%)
Makefile (0.98%)
CSS (0.14%)
Shell (0.08%)
Java (0.06%)
HTML (0.03%)
Developer
Download Statistics
Total Downloads
1,051
Last Day
4
Last Week
4
Last Month
16
Last Year
123
GitHub Statistics
767 Stars
903 Commits
161 Forks
117 Watching
8 Branches
124 Contributors
Bundle Size
17.08 kB
Minified
4.94 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.0.2
Package Id
apache-dubbo-serialization@0.0.2
Unpacked Size
76.38 kB
Size
14.84 kB
File Count
30
NPM Version
7.20.0
Node Version
12.19.0
Total Downloads
Cumulative downloads
Total Downloads
1,051
Last day
0%
4
Compared to previous day
Last week
33.3%
4
Compared to previous week
Last month
60%
16
Compared to previous month
Last year
-52.5%
123
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
ERROR: No README data found!
No vulnerabilities found.
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/apache/.github/.github/SECURITY.md:1
- Info: Found linked content: github.com/apache/.github/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/apache/.github/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/apache/.github/.github/SECURITY.md:1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/go.yml:1
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dubbo-js/go.yml/dubbo3?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dubbo-js/go.yml/dubbo3?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dubbo-js/node.js.yml/dubbo3?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dubbo-js/node.js.yml/dubbo3?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/dubbo-js/node.js.yml/dubbo3?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:50
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
27 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-92r3-m2mg-pj97
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
4.5
/10
Last Scanned on 2025-02-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More