Gathering detailed insights and metrics for dropbox
Gathering detailed insights and metrics for dropbox
Installations
npm install dropboxDeveloper
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
>=0.10.3
Typescript Support
Yes
Node Version
14.20.1
NPM Version
6.14.17
Statistics
942 Stars
589 Commits
354 Forks
49 Watching
60 Branches
65 Contributors
Updated on 19 Nov 2024
Bundle Size
46.47 kB
Minified
7.83 kB
Minified + Gzipped
Languages
JavaScript (98.93%)
Python (0.41%)
TypeScript (0.3%)
HTML (0.29%)
Shell (0.07%)
Total Downloads
Cumulative downloads
Total Downloads
10,724,293
Last day
-10.2%
9,740
Compared to previous day
Last week
0.4%
54,375
Compared to previous week
Last month
14.9%
235,037
Compared to previous month
Last year
10.9%
2,677,447
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Dev Dependencies
32
@babel/cli@babel/core@babel/preset-env@babel/register@testing-library/dom@types/node@types/node-fetch@typescript-eslint/eslint-plugin@typescript-eslint/parserbabel-plugin-istanbulbabel-plugin-transform-es2015-modules-commonjschaichai-as-promisedcross-enveslinteslint-config-airbnb-baseeslint-plugin-importexpressexpress-urlrewritegh-pagesink-docstrapjsdocjsdommochanycpromptrolluprollup-endpointrollup-plugin-babelrollup-plugin-tersersinontypescript
Versions
The offical Dropbox SDK for Javascript.
Documentation can be found on GitHub Pages
Installation
Create an app via the Developer Console
Install via npm
$ npm install --save dropbox
Install from source:
$ git clone https://github.com/dropbox/dropbox-sdk-js.git
$ cd dropbox-sdk-js
$ npm install
If you are using the repository from the browser, you can use any CDNs that hosts the Dropbox package by including a script tag with the link to the package. However, we highly recommend you do not directly import the latest version and instead choose a specific version. When we update and release a breaking change, this could break production code which we hope to avoid. Note, we follow semver naming conventions which means that any major version update could contain a breaking change.
After installation, follow one of our Examples or read the Documentation.
You can also view our OAuth guide.
Examples
We provide Examples to help get you started with a lot of the basic functionality in the SDK. We provide most examples in both Javascript and Typescript with some having a Node equivalent.
-
OAuth
- Auth - [ JS ] - A simple auth example to get an access token and list the files in the root of your Dropbox account.
- Simple Backend [ JS ] - A simple example of a node backend doing a multi-step auth flow for Short Lived Tokens.
- PKCE Backend [ JS ] - A simple example of a node backend doing a multi-step auth flow using PKCE and Short Lived Tokens.
- PKCE Browser [ JS ] - A simple example of a frontend doing a multi-step auth flow using PKCE and Short Lived Tokens.
-
Other Examples
- Basic - [ TS, JS ] - A simple example that takes in a token and fetches files from your Dropbox account.
- Download - [ TS, JS ] - An example showing how to download a shared file.
- Team As User - [ TS, JS ] - An example showing how to act as a user.
- Team - [ TS, JS ] - An example showing how to use the team functionality and list team devices.
- Upload [ TS, JS ] - An example showing how to upload a file to Dropbox.
Getting Help
If you find a bug, please see CONTRIBUTING.md for information on how to report it.
If you need help that is not specific to this SDK, please reach out to Dropbox Support.
License
This SDK is distributed under the MIT license, please see LICENSE for more information.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
all changesets reviewed
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/coverage.yml:1
- Warn: no topLevel permission defined: .github/workflows/documentation.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm_upload.yml:1
- Warn: no topLevel permission defined: .github/workflows/spec_update.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/coverage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/coverage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/coverage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/coverage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/documentation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/documentation.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/documentation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_upload.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/npm_upload.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm_upload.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/npm_upload.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm_upload.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/npm_upload.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec_update.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/spec_update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec_update.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/spec_update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec_update.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/spec_update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/spec_update.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/spec_update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/spec_update.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/dropbox/dropbox-sdk-js/spec_update.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:29
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:61
- Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/coverage.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/documentation.yml:19
- Warn: npmCommand not pinned by hash: .github/workflows/npm_upload.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/spec_update.yml:30
- Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
- Info: 0 out of 8 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
81 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-wrw9-m778-g6mc
- Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
- Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-8mmm-9v2q-x3f9
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-x55w-vjjp-222r
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
- Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-34gh-3cwv-wvp2
- Warn: Project is vulnerable to: GHSA-vr98-27qj-3c8q
- Warn: Project is vulnerable to: GHSA-rjqq-98f6-6j3r
- Warn: Project is vulnerable to: GHSA-mjxr-4v3x-q3m4
- Warn: Project is vulnerable to: GHSA-cgfm-xwp7-2cvr
- Warn: Project is vulnerable to: GHSA-rm97-x556-q36h
- Warn: Project is vulnerable to: GHSA-x6fg-f45m-jf5q
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-29xr-v42j-r956
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More