Installations
npm install ebit-binDeveloper Guide
Typescript
No
Module System
CommonJS
Min. Node Version
>=10.0.0
Node Version
10.15.3
NPM Version
6.4.1
Score
27.2
Supply Chain
65.9
Quality
61.3
Maintenance
25
Vulnerability
87.6
License
Releases
Contributors
Languages
TypeScript (91.83%)
MDX (5.4%)
JavaScript (1.54%)
SCSS (1.01%)
Shell (0.12%)
PowerShell (0.05%)
CSS (0.02%)
Dockerfile (0.01%)
Ruby (0.01%)
Developer
Download Statistics
Total Downloads
17,736
Last Day
9
Last Week
56
Last Month
210
Last Year
3,329
GitHub Statistics
17,983 Stars
14,777 Commits
937 Forks
180 Watching
48 Branches
74 Contributors
Maintainers
Package Meta Information
Latest Version
14.8.86
Package Id
ebit-bin@14.8.86
Unpacked Size
4.01 MB
Size
822.27 kB
File Count
1,969
NPM Version
6.4.1
Node Version
10.15.3
Total Downloads
Cumulative downloads
Total Downloads
17,736
Last day
-10%
9
Compared to previous day
Last week
80.6%
56
Compared to previous week
Last month
4%
210
Compared to previous month
Last year
-47.1%
3,329
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
160
Dev Dependencies
60
Bit is the platform for collaborating on components
Documentation • Tutorials • Quick start guide • Workflows • bit.dev components cloud • Video demo
What is Bit? 🤔
Bit is an open-source cli tool for collaborating on isolated components across projects and repositories.
Use Bit to distribute discrete components from a design library or a project into a standalone reusable package and utilize it across applications.
You can set up your own server for components collaboration, or use the bit.dev cloud hosting for private and public components sharing.
Why Bit? 🎖️
Bit facilitates the process of collaborating on UI components. Team members can share, maintain, and synchronize isolated components from different projects.
Bit allows teams to:
- Increase code reusability
- Increase design and development efficiency
- Retain UI and UX consistency
- Increase project's stability
Key Features 🔑
- Extract a component for sharing directly from an existing library or project.
- Validate the component's independence by building and testing each component separately from the rest of the project.
- Change the source code of shared components from any application that utilizes it.
- Get published changes in components on top of local modifications.
- Contribute back changes made to components directly from the consuming applications.
- Automatically wrap each component as an npm package.
- Distribute discrete components instead of a single massive package.
- Automate component versioning according to changes in its dependencies.
- Use with leading frameworks and tools: React, Vue, Angular, Mocha, Jest.
- Works alongside Git, NPM, and Yarn.
Bit is working with Javascript and Javascript frameworks:
Installation 🚪
Using npm:
1npm install bit-bin --global
Using yarn:
1yarn global add bit-bin
Bit cli requires node 8.12 and above. Check other installation methods.
bit.dev cloud 🌩️
Use bit.dev cloud hosting solution as a shared server and showcase for your components.
Contributing 🎗️
Contributions are always welcome, no matter how large or small. Before contributing, please read the code of conduct.
See Contributing.
License 💮
Apache License, Version 2.0
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 17/30 approved changesets -- score normalized to 5
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 17 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: containerImage not pinned by hash: scripts/docker-teambit-bit/Dockerfile-bit:2
- Warn: containerImage not pinned by hash: scripts/docker-teambit-bit/Dockerfile-bit-non-root:2
- Warn: containerImage not pinned by hash: scripts/docker-teambit-bit/Dockerfile-bit-server:2
- Warn: containerImage not pinned by hash: scripts/linux/centos/Dockerfile:1: pin your Docker image by updating centos to centos@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
- Warn: containerImage not pinned by hash: scripts/linux/debian/Dockerfile:1: pin your Docker image by updating debian to debian@sha256:321341744acb788e251ebd374aecc1a42d60ce65da7bd4ee9207ff6be6686a62
- Warn: npmCommand not pinned by hash: scripts/docker-teambit-bit/Dockerfile-bit:5
- Warn: npmCommand not pinned by hash: scripts/docker-teambit-bit/Dockerfile-bit-non-root:7
- Warn: downloadThenRun not pinned by hash: scripts/linux/centos/Dockerfile:2
- Warn: npmCommand not pinned by hash: scripts/linux/centos/Dockerfile:7
- Warn: downloadThenRun not pinned by hash: scripts/linux/debian/Dockerfile:3
- Warn: npmCommand not pinned by hash: scripts/linux/debian/Dockerfile:6
- Warn: npmCommand not pinned by hash: scripts/bootstrap-env-ubuntu.sh:10
- Warn: npmCommand not pinned by hash: scripts/build-tar.sh:10
- Info: 0 out of 6 npmCommand dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
- Info: 0 out of 5 containerImage dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
39 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h
- Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-6fx8-h7jm-663j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442
- Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc
- Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
- Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
- Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
- Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Score
3.8
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More