Gathering detailed insights and metrics for askpassword
Gathering detailed insights and metrics for askpassword
Installations
npm install askpasswordScore
98.8
Supply Chain
71.1
Quality
85.2
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Developer
mongodb-js
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
1 Stars
32 Commits
1 Forks
14 Watching
2 Branches
10 Contributors
Updated on 24 Jun 2024
Languages
TypeScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
2,324,703
Last day
36.9%
8,923
Compared to previous day
Last week
103.2%
77,001
Compared to previous week
Last month
22%
176,456
Compared to previous month
Last year
74.9%
1,253,343
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Versions
askpassword
A password prompt that does not print data to the TTY.
1import askpassword from 'askpassword'; 2 3console.log('Please enter a password:'); 4const password = await askpassword(process.stdin); 5console.log('You entered the following password:', password.toString());
The stream passed to askpassword can be any kind of Readable stream.
If it is a TTY, askpassword will temporarily remove all other 'data' and
'readable' listeners from it, and set the TTY into raw mode if it has not
been in raw mode to begin with.
Why not use read instead?
Because read does not work inside a Node.js REPL.
LICENSE
Apache-2.0
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 9 commits out of 13 are checked with a SAST tool
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/22 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:29
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:30
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/askpassword/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/askpassword/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/askpassword/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/askpassword/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/askpassword/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/askpassword/nodejs.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:22
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Score
3.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More