Gathering detailed insights and metrics for bob-tsm
Gathering detailed insights and metrics for bob-tsm
Building and Running TypeScript projects efficiently with rollup + esbuild
Installations
npm install bob-tsmDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=14.13.1
Node Version
14.20.0
NPM Version
6.14.17
Score
60.1
Supply Chain
71.1
Quality
76.1
Maintenance
100
Vulnerability
98.6
License
Releases
151
Languages
4
TypeScript
JavaScript
Shell
Batchfile
TypeScript (96.5%)
JavaScript (3.42%)
Shell (0.05%)
Batchfile (0.03%)
Developer
PabloSzx
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
21 Stars
496 Commits
1 Forks
1 Watchers
19 Branches
2 Contributors
Updated on Jun 04, 2025
Maintainers
1
Package Meta Information
Latest Version
1.1.2
Package Id
bob-tsm@1.1.2
Unpacked Size
138.03 kB
Size
45.45 kB
File Count
24
NPM Version
6.14.17
Node Version
14.20.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
bob-tsm
Package inspired on https://github.com/lukeed/tsm with extra features and support for watch mode and with extra fixes to follow the new TypeScript 4.5 extensions .mts=>ESM and .cts=>CommonJS.
Install
1pnpm add -D bob-tsm esbuild
1yarn add -D bob-tsm esbuild
1npm install -D bob-tsm esbuild
Usage
All the arguments that are not part of bob-tsm are passed directly to the node executable.
Usage: bob-tsm [options] [node arguments...]
Options:
-V, --version output the version number
--tsmconfig <config> Configuration file path (default: "tsm.js")
--watch <patterns...> Enable & specify watch mode
--ignore <patterns...> Ignore watch patterns
--node-env,--node_env <NODE_ENV> Automatically add the specified option as NODE_ENV environment variable, "prod" is an alias
for "production" and "dev" is an alias for "development" (choices: "production", "prod",
"development", "dev", "test")
-q, --quiet
--cjs Use CommonJS instead of ESM for ".ts" files. You still can use ".mts" to force ESM in
specific typescript files.
--paths Use tsconfig paths resolver. It only works as a fallback of the default path resolving and
you can use the environment variable TS_NODE_PROJECT to customize the tsconfig.json to use.
-h, --help display help for command
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/17 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/canary.yaml:1
- Warn: no topLevel permission defined: .github/workflows/release.yaml:1
- Warn: no topLevel permission defined: .github/workflows/test.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/canary.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/canary.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/canary.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/canary.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/canary.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/test.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/test.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/test.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/PabloSzx/bob-esbuild/test.yaml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/canary.yaml:43
- Warn: npmCommand not pinned by hash: .github/workflows/release.yaml:40
- Warn: npmCommand not pinned by hash: .github/workflows/test.yaml:37
- Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Score
2.3
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More