Gathering detailed insights and metrics for bpmn-js
Gathering detailed insights and metrics for bpmn-js
Installations
npm install bpmn-jsDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
*
Typescript Support
Yes
Node Version
20.11.1
NPM Version
10.9.0
Statistics
8,670 Stars
3,161 Commits
1,334 Forks
224 Watching
42 Branches
47 Contributors
Updated on 27 Nov 2024
Languages
JavaScript (98.89%)
TypeScript (0.72%)
Shell (0.22%)
CSS (0.16%)
Total Downloads
Cumulative downloads
Total Downloads
10,833,426
Last day
19.3%
14,846
Compared to previous day
Last week
8.1%
73,550
Compared to previous week
Last month
4.2%
294,428
Compared to previous month
Last year
21.2%
3,283,212
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
8
Dev Dependencies
45
@babel/core@bpmn-io/a11y@rollup/plugin-commonjs@rollup/plugin-json@rollup/plugin-node-resolve@rollup/plugin-replace@rollup/plugin-terserbabel-loaderbabel-plugin-istanbulbio-dtsbpmn-fontcamunda-bpmn-moddlechaichai-matchcpycross-envdeldel-clieslinteslint-plugin-bpmn-ioexecafile-dropskarmakarma-chrome-launcherkarma-coveragekarma-debug-launcherkarma-env-preprocessorkarma-firefox-launcherkarma-mochakarma-safari-launcherkarma-sinon-chaikarma-webpackmochamocha-test-container-supportnpm-run-all2puppeteerremark-cliremark-preset-bpmn-iorolluprollup-plugin-licensesinonsinon-chaits-expecttypescriptwebpack
Versions
bpmn-js - BPMN 2.0 for the web
View and edit BPMN 2.0 diagrams in the browser.
Installation
Use the library pre-packaged or include it via npm into your node-style web-application.
Usage
To get started, create a bpmn-js instance and render BPMN 2.0 diagrams in the browser:
1const xml = '...'; // my BPMN 2.0 xml 2const viewer = new BpmnJS({ 3 container: 'body' 4}); 5 6try { 7 const { warnings } = await viewer.importXML(xml); 8 9 console.log('rendered'); 10} catch (err) { 11 console.log('error rendering', err); 12}
Checkout our examples for many more supported usage scenarios.
Dynamic Attach/Detach
You may attach or detach the viewer dynamically to any element on the page, too:
1const viewer = new BpmnJS(); 2 3// attach it to some element 4viewer.attachTo('#container'); 5 6// detach the panel 7viewer.detach();
Resources
Build and Run
Prepare the project by installing all dependencies:
1npm install
Then, depending on your use-case you may run any of the following commands:
1# build the library and run all tests 2npm run all 3 4# spin up a single local modeler instance 5npm start 6 7# run the full development setup 8npm run dev
You may need to perform additional project setup when building the latest development snapshot.
Related
bpmn-js builds on top of a few powerful tools:
- bpmn-moddle: Read / write support for BPMN 2.0 XML in the browsers
- diagram-js: Diagram rendering and editing toolkit
It is an extensible toolkit, complemented by many additional utilities.
License
Use under the terms of the bpmn.io license.
No vulnerabilities found.
Reason
30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found linked content: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/bpmn-io/.github/SECURITY.md:1
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/RELEASE.yml:25
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 16 commits out of 17 are checked with a SAST tool
Reason
Found 9/22 approved changesets -- score normalized to 4
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/CI.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/CI.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/CI.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CODE_SCANNING.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/CODE_SCANNING.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CODE_SCANNING.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/CODE_SCANNING.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CODE_SCANNING.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/CODE_SCANNING.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/MERGE_MAIN_TO_DEVELOP.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/MERGE_MAIN_TO_DEVELOP.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/MERGE_MAIN_TO_DEVELOP.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/MERGE_MAIN_TO_DEVELOP.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/POST_RELEASE.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/POST_RELEASE.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/POST_RELEASE.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/POST_RELEASE.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/RELEASE.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/RELEASE.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/RELEASE.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/RELEASE.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/RELEASE.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/bpmn-js/RELEASE.yml/develop?enable=pin
- Warn: npmCommand not pinned by hash: docs/project/setup-alternative.sh:21
- Warn: npmCommand not pinned by hash: docs/project/setup-alternative.sh:27
- Warn: npmCommand not pinned by hash: docs/project/setup-alternative.sh:36
- Warn: npmCommand not pinned by hash: docs/project/setup.sh:21
- Warn: npmCommand not pinned by hash: docs/project/setup.sh:27
- Warn: npmCommand not pinned by hash: docs/project/setup.sh:33
- Warn: npmCommand not pinned by hash: tasks/stages/update-demo:19
- Warn: npmCommand not pinned by hash: tasks/stages/update-examples:26
- Warn: npmCommand not pinned by hash: tasks/stages/update-integration-test:19
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 3 out of 12 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/MERGE_MAIN_TO_DEVELOP.yml:11
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/RELEASE.yml:13
- Warn: no topLevel permission defined: .github/workflows/CI.yml:1
- Warn: no topLevel permission defined: .github/workflows/CODE_SCANNING.yml:1
- Warn: no topLevel permission defined: .github/workflows/MERGE_MAIN_TO_DEVELOP.yml:1
- Warn: no topLevel permission defined: .github/workflows/POST_RELEASE.yml:1
- Warn: no topLevel permission defined: .github/workflows/RELEASE.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'develop'
Score
5.6
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More