Gathering detailed insights and metrics for d3
Gathering detailed insights and metrics for d3
Installations
npm install d3Developer Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=12
Node Version
20.11.0
NPM Version
10.2.4
Score
95.9
Supply Chain
76.5
Quality
78
Maintenance
100
Vulnerability
99.3
License
Releases
194
Languages
2
Shell
JavaScript
Shell (92.12%)
JavaScript (7.88%)
Developer
Download Statistics
Total Downloads
634,346,492
Last Day
739,819
Last Week
3,899,850
Last Month
16,834,599
Last Year
168,114,021
GitHub Statistics
ISC License
110,571 Stars
4,508 Commits
22,867 Forks
3,595 Watchers
33 Branches
139 Contributors
Updated on May 09, 2025
Bundle Size
290.35 kB
Minified
90.66 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
7.9.0
Package Id
d3@7.9.0
Unpacked Size
850.86 kB
Size
228.19 kB
File Count
6
NPM Version
10.2.4
Node Version
20.11.0
Published on
Mar 12, 2024
Total Downloads
Cumulative downloads
Total Downloads
634,346,492
Dependencies
30
D3: Data-Driven Documents
D3 (or D3.js) is a free, open-source JavaScript library for visualizing data. Its low-level approach built on web standards offers unparalleled flexibility in authoring dynamic, data-driven graphics. For more than a decade D3 has powered groundbreaking and award-winning visualizations, become a foundational building block of higher-level chart libraries, and fostered a vibrant community of data practitioners around the world.
Resources
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: ISC License: LICENSE:0
Reason
Found 19/30 approved changesets -- score normalized to 6
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/d3/d3/test.yml/main?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Score
4.1
/10
Last Scanned on 2025-05-05
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More