Gathering detailed insights and metrics for chart.js
Gathering detailed insights and metrics for chart.js
Installations
npm install chart.jsDeveloper
Developer Guide
BETA
Module System
ESM
Min. Node Version
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
64,858 Stars
4,538 Commits
11,927 Forks
1,358 Watching
7 Branches
485 Contributors
Updated on 28 Nov 2024
Bundle Size
200.03 kB
Minified
66.92 kB
Minified + Gzipped
Languages
JavaScript (89.2%)
TypeScript (10.45%)
Shell (0.18%)
HTML (0.17%)
Total Downloads
Cumulative downloads
Total Downloads
595,593,527
Last day
-4.6%
705,580
Compared to previous day
Last week
2.5%
3,899,521
Compared to previous week
Last month
5.5%
16,627,510
Compared to previous month
Last year
25.7%
174,227,908
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
45
@rollup/plugin-commonjs@rollup/plugin-inject@rollup/plugin-json@rollup/plugin-node-resolve@swc/core@types/estree@types/offscreencanvas@typescript-eslint/eslint-plugin@typescript-eslint/parserchartjs-adapter-luxonchartjs-adapter-momentchartjs-test-utilsconcurrentlycoverallscross-enveslinteslint-config-chartjseslint-plugin-eseslint-plugin-htmleslint-plugin-markdownesmglobjasminejasmine-corekarmakarma-chrome-launcherkarma-coveragekarma-edge-launcherkarma-firefox-launcherkarma-jasminekarma-jasmine-html-reporterkarma-rollup-preprocessorkarma-safari-private-launcherkarma-spec-reporterluxonmomentmoment-timezonepixelmatchrolluprollup-plugin-cleanuprollup-plugin-istanbulrollup-plugin-swc3rollup-plugin-tersertypescriptyargs
Versions
Simple yet flexible JavaScript charting for designers & developers
Documentation
All the links point to the new version 4 of the lib.
- Introduction
- Getting Started
- General
- Configuration
- Charts
- Axes
- Developers
- Popular Extensions
- Samples
In case you are looking for an older version of the docs, you will have to specify the specific version in the url like this: https://www.chartjs.org/docs/2.9.4/
Contributing
Instructions on building and testing Chart.js can be found in the documentation. Before submitting an issue or a pull request, please take a moment to look over the contributing guidelines first. For support, please post questions on Stack Overflow with the chart.js tag.
License
Chart.js is available under the MIT license.
Stable Version
The latest stable version of the package.
Stable Version
4.4.6
HIGH
1
HIGH
7.5/10
Summary
Prototype pollution in chart.js
Affected Versions
< 2.9.4
Patched Versions
2.9.4
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
13 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:19
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:20
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/ci.yml:21
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:105
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/compressed-size.yml:12
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/compressed-size.yml:13
- Info: found token with 'none' permissions: .github/workflows/deploy-docs.yml:15
- Info: found token with 'none' permissions: .github/workflows/release-drafter.yml:15
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-drafter.yml:24
- Info: found token with 'none' permissions: .github/workflows/release.yml:13
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:25
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/compressed-size.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-docs.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-drafter.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:8
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
no binaries found in the repo
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v4.4.6 not signed: https://api.github.com/repos/chartjs/Chart.js/releases/180087204
- Warn: release artifact v4.4.5 not signed: https://api.github.com/repos/chartjs/Chart.js/releases/171969594
- Warn: release artifact v4.4.4 not signed: https://api.github.com/repos/chartjs/Chart.js/releases/156660932
- Warn: release artifact v4.4.3 not signed: https://api.github.com/repos/chartjs/Chart.js/releases/145781903
- Warn: release artifact v4.4.2 not signed: https://api.github.com/repos/chartjs/Chart.js/releases/134011198
- Warn: release artifact v4.4.6 does not have provenance: https://api.github.com/repos/chartjs/Chart.js/releases/180087204
- Warn: release artifact v4.4.5 does not have provenance: https://api.github.com/repos/chartjs/Chart.js/releases/171969594
- Warn: release artifact v4.4.4 does not have provenance: https://api.github.com/repos/chartjs/Chart.js/releases/156660932
- Warn: release artifact v4.4.3 does not have provenance: https://api.github.com/repos/chartjs/Chart.js/releases/145781903
- Warn: release artifact v4.4.2 does not have provenance: https://api.github.com/repos/chartjs/Chart.js/releases/134011198
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compressed-size.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/compressed-size.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/compressed-size.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/compressed-size.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/compressed-size.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/compressed-size.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/deploy-docs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/deploy-docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/deploy-docs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release-drafter.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/chartjs/Chart.js/release.yml/master?enable=pin
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 11 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
40 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More