npmpackage.info

Gathering detailed insights and metrics for constructs

constructs

Define composable configuration models through code

10.4.2

409

Apache-2.0

TypeScript

465,863,362 7

Installations

npm install constructs

Score

99.5

Supply Chain

78.8

Quality

89.9

Maintenance

100

Vulnerability

87.6

License

Pull Requests

Open

1

Total

2,554

Closed

219

Merged

2,334

Issues

Open

1

Total

38

Closed

37

Releases

1,075

v10.4.2

Published on 14 Oct 2024

v10.4.1

Published on 11 Oct 2024

v10.4.0

Published on 11 Oct 2024

v10.3.2

Published on 11 Oct 2024

v10.3.1

Published on 10 Oct 2024

v10.3.0

Published on 07 Oct 2023

View all 1,075 releases

Developer

aws

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

Yes

Node Version

20.17.0

NPM Version

10.8.2 Statistics

409 Stars

1,902 Commits

42 Forks

25 Watching

2 Branches

100 Contributors

Updated on 28 Nov 2024

Languages

TypeScript (97.47%)

Shell (2.28%)

Dockerfile (0.25%)

Total Downloads

Cumulative downloads

Total Downloads

465,863,362

Last day

-3.6%

477,431

Compared to previous day

Last week

5.7%

2,785,660

Compared to previous week

Last month

7.7%

11,494,553

Compared to previous month

Last year

-30.2%

120,353,427

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Constructs

Software-defined persistent state

What are constructs?

Constructs are classes which define a "piece of system state". Constructs can be composed together to form higher-level building blocks which represent more complex state.

Constructs are often used to represent the desired state of cloud applications. For example, in the AWS CDK, which is used to define the desired state for AWS infrastructure using CloudFormation, the lowest-level construct represents a resource definition in a CloudFormation template. These resources are composed to represent higher-level logical units of a cloud application, etc.

Support policy

All maintained Node.js versions are supported by this package.

Contributing

This project has adopted the Amazon Open Source Code of Conduct.

We welcome community contributions and pull requests. See our contribution guide for more information on how to report issues, set up a development environment and submit code.

License

This project is distributed under the Apache License, Version 2.0.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

4

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/auto-queue.yml:16
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:240
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:277
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:12
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:63
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:94
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:128
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:166
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:203
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-3.x.yml:225
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-3.x.yml:265
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-3.x.yml:16
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-3.x.yml:72
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-3.x.yml:98
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-3.x.yml:138
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-3.x.yml:184
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:16
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:72
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:98
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:138
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:184
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:225
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:265
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-10.x.yml:13
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-10.x.yml:47
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-3.x.yml:13
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-3.x.yml:47
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:11
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:43
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:11
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:43
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-dev-deps-10.x.yml:47
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-dev-deps-10.x.yml:13
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-dev-deps-3.x.yml:13
Info: jobLevel 'contents' permission set to 'read': .github/workflows/upgrade-dev-deps-3.x.yml:47
Warn: no topLevel permission defined: .github/workflows/auto-approve.yml:1
Warn: no topLevel permission defined: .github/workflows/auto-queue.yml:1
Warn: no topLevel permission defined: .github/workflows/build.yml:1
Warn: no topLevel permission defined: .github/workflows/pull-request-lint.yml:1
Warn: no topLevel permission defined: .github/workflows/release-3.x.yml:1
Warn: no topLevel permission defined: .github/workflows/release.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-10.x.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-3.x.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-dev-deps-10.x.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-dev-deps-3.x.yml:1

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-approve.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/auto-approve.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-queue.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/auto-queue.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/build.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/pull-request-lint.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-3.x.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/release.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-10.x.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-10.x.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-10.x.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-10.x.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-10.x.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-10.x.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-10.x.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-3.x.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-3.x.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-3.x.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-3.x.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-3.x.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-3.x.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-3.x.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-10.x.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-10.x.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-3.x.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-cdklabs-projen-project-types-3.x.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-cdklabs-projen-project-types-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-10.x.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-10.x.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-10.x.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-10.x.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-10.x.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-10.x.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-10.x.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-10.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-3.x.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-3.x.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-3.x.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-3.x.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-3.x.yml/10.x?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-3.x.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-3.x.yml/10.x?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-dev-deps-3.x.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/constructs/upgrade-dev-deps-3.x.yml/10.x?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating jsii/superchain:1-bookworm-slim to jsii/superchain:1-bookworm-slim@sha256:2dd9966735768d92e0aa988fdd0ded117b00f64942be242f378ea79025add5b2
Warn: npmCommand not pinned by hash: .github/workflows/build.yml:294
Info: 0 out of 105 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 9 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned

0

SAST

Determines if the project uses static code analysis.

Score

7

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

constructs

Installations

Score

Pull Requests

1

2,554

219

2,334

Issues

1

38

37

Releases

Developer

aws

Developer Guide

CommonJS

Yes

20.17.0

10.8.2

Statistics

Languages

Total Downloads

465,863,362

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

Constructs

What are constructs?

Support policy

Contributing

License

10

10

10

10

10

10

10

4

0

0

0

0

7

/10