Gathering detailed insights and metrics for blockly
Gathering detailed insights and metrics for blockly
Installations
npm install blocklyDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=18
Node Version
20.10.0
NPM Version
10.2.3
Releases
93
blockly-v12.2.0
blockly-v12.2.0
Updated on Jul 09, 2025
blockly-v12.1.0
blockly-v12.1.0
Updated on May 30, 2025
blockly-v12.0.1-beta.1
blockly-v12.0.1-beta.1
Updated on May 22, 2025
blockly-v12.0.0
blockly-v12.0.0
Updated on May 15, 2025
blockly-v12.0.0-beta.7
blockly-v12.0.0-beta.7
Updated on May 15, 2025
blockly-v12.0.0-beta.6
blockly-v12.0.0-beta.6
Updated on May 14, 2025
Languages
8
TypeScript
JavaScript
Python
HTML
PHP
Dart
Lua
Shell
TypeScript (51.6%)
JavaScript (40.23%)
Python (2.07%)
HTML (1.77%)
PHP (1.54%)
Dart (1.21%)
Lua (1.15%)
Shell (0.43%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
12,989 Stars
9,150 Commits
3,780 Forks
442 Watchers
108 Branches
265 Contributors
Updated on Jul 15, 2025
Maintainers
2
Package Meta Information
Latest Version
12.2.0
Package Id
blockly@12.2.0
Unpacked Size
13.82 MB
Size
2.68 MB
File Count
810
NPM Version
10.2.3
Node Version
20.10.0
Published on
Jul 09, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
42
@blockly/block-test@blockly/dev-tools@blockly/theme-modern@hyperjump/browser@hyperjump/json-schema@microsoft/api-documenter@microsoft/api-extractorasync-donechaiconcurrentlyeslinteslint-config-googleeslint-config-prettiereslint-plugin-jsdoceslint-plugin-prettierglobglobalsgoogle-closure-compilergulpgulp-concatgulp-gzipgulp-headergulp-insertgulp-renamegulp-replacegulp-seriesgulp-shellgulp-sourcemapsgulp-umdhttp-serverjson5markdown-tables-to-jsonmochapatch-packageprettierprettier-plugin-organize-importsreadline-syncrimraftypescripttypescript-eslintwebdriverioyargs
Blockly
Google's Blockly is a web-based, visual programming editor. Users can drag blocks together to build programs. All code is free and open source.
The source for this module is in the Blockly repo.
Example Usage
1import * as Blockly from 'blockly/core'; 2Blockly.inject('blocklyDiv', { 3 ... 4})
Samples
For samples on how to integrate Blockly into your project, view the list of samples at blockly-samples.
Installation
You can install this package either via npm or unpkg.
unpkg
1<script src="https://unpkg.com/blockly/blockly.min.js"></script>
When importing from unpkg, you can access imports from the global namespace.
1// Access Blockly. 2Blockly.thing; 3// Access the default blocks. 4Blockly.Blocks['block_type']; 5// Access the javascript generator. 6javascript.javascriptGenerator;
npm
1npm install blockly
Imports
Note: Using import of our package targets requires you to use a bundler (like webpack), since Blockly is packaged as a UMD, rather than an ESM.
1// Import Blockly core. 2import * as Blockly from 'blockly/core'; 3// Import the default blocks. 4import * as libraryBlocks from 'blockly/blocks'; 5// Import a generator. 6import {javascriptGenerator} from 'blockly/javascript'; 7// Import a message file. 8import * as En from 'blockly/msg/en';
Requires
1// Require Blockly core. 2const Blockly = require('blockly/core'); 3// Require the default blocks. 4const libraryBlocks = require('blockly/blocks'); 5// Require a generator. 6const {javascriptGenerator} = require('blockly/javascript'); 7// Require a message file. 8const En = require('blockly/msg/en');
Applying messages
Once you have the message files, you also need to apply them.
1Blockly.setLocal(En);For a full list of supported Blockly locales, see: https://github.com/google/blockly/tree/master/msg/js
Docs
For more information about how to use Blockly, check out our devsite.
License
Apache 2.0
No vulnerabilities found.
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/google/.github/SECURITY.md:1
- Info: Found linked content: github.com/google/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/google/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/google/.github/SECURITY.md:1
Reason
binaries present in source code
Details
- Warn: binary detected: demos/mobile/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
SAST tool is not run on all commits -- score normalized to 4
Details
- Warn: 14 commits out of 30 are checked with a SAST tool
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-chwr-hf3w-c984
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/appengine_deploy.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/appengine_deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/appengine_deploy.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/appengine_deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/appengine_deploy.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/appengine_deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/appengine_deploy.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/appengine_deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/assign_reviewers.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/assign_reviewers.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser_test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/browser_test.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browser_test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/browser_test.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/build.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/build.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/conventional-label.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/conventional-label.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/keyboard_plugin_test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/keyboard_plugin_test.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/keyboard_plugin_test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/keyboard_plugin_test.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/keyboard_plugin_test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/keyboard_plugin_test.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag_module_cleanup.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/tag_module_cleanup.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/welcome_new_contributors.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/google/blockly/welcome_new_contributors.yml/develop?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/appengine_deploy.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/browser_test.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:66
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:83
- Warn: npmCommand not pinned by hash: .github/workflows/keyboard_plugin_test.yml:47
- Warn: npmCommand not pinned by hash: .github/workflows/keyboard_plugin_test.yml:50
- Info: 0 out of 17 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 3 third-party GitHubAction dependencies pinned
- Info: 1 out of 7 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/appengine_deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/assign_reviewers.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/browser_test.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/build.yml:9
- Warn: no topLevel permission defined: .github/workflows/conventional-label.yml:1
- Warn: no topLevel permission defined: .github/workflows/develop_freeze.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/keyboard_plugin_test.yml:13
- Warn: no topLevel permission defined: .github/workflows/tag_module_cleanup.yml:1
- Warn: no topLevel permission defined: .github/workflows/welcome_new_contributors.yml:1
- Info: no jobLevel write permissions found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact blockly-v12.1.0 not signed: https://api.github.com/repos/google/blockly/releases/222161929
- Warn: release artifact blockly-v12.0.0 not signed: https://api.github.com/repos/google/blockly/releases/218922813
- Warn: release artifact blockly-v12.1.0 does not have provenance: https://api.github.com/repos/google/blockly/releases/222161929
- Warn: release artifact blockly-v12.0.0 does not have provenance: https://api.github.com/repos/google/blockly/releases/218922813
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.6
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More