Gathering detailed insights and metrics for editorjs-drag-drop
Gathering detailed insights and metrics for editorjs-drag-drop
Installations
npm install editorjs-drag-dropScore
93.7
Supply Chain
94.4
Quality
80.6
Maintenance
100
Vulnerability
100
License
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
20.17.0
NPM Version
10.8.2
Statistics
187 Stars
122 Commits
25 Forks
7 Watching
11 Branches
18 Contributors
Updated on 19 Nov 2024
Languages
JavaScript (95.27%)
CSS (4.73%)
Total Downloads
Cumulative downloads
Total Downloads
1,059,549
Last day
-12.2%
3,316
Compared to previous day
Last week
4.4%
22,667
Compared to previous week
Last month
31.4%
90,363
Compared to previous month
Last year
319%
759,185
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
EditorJS Drag/Drop Plugin
Drag/Drop feature for Editor.js.
Installation
Install via NPM
Get the package
1$ npm i --save-dev editorjs-drag-drop
Include module at your application
1import DragDrop from "editorjs-drag-drop";
Load from CDN
You can load a specific version of the package from jsDelivr CDN.
Require this script on a page with Editor.js.
1<script src="https://cdn.jsdelivr.net/npm/editorjs-drag-drop"></script>
Usage
Add the plugin to the onReady property of the Editor.js configuration to initialize it:
1const editor = new EditorJS({ 2 onReady: () => { 3 new DragDrop(editor); 4 }, 5});
You can customize the indicator border style by passing a second parameter to the plugin constructor:
1const editor = new EditorJS({ 2 onReady: () => { 3 new DragDrop(editor, "2px solid #fff"); 4 }, 5});
If no parameter is provided, the default border style 1px dashed #aaa is used.
Select the block, drag the toolbar settings button, and drop it at the desired position.
Integration with editorjs-undo
If you're already using editorjs-undo, your code might look like this:
1const editor = new EditorJS({ 2 onReady: () => { 3 new Undo({ editor }); 4 new DragDrop(editor); 5 }, 6});
Usage with React.
If you are using React, you could create a function to handle the onReady property, the function will store the DragDrop instance. Then, you must call the function in onReady in the editorJS instance.
1const handleReady = (editor) => { 2 new DragDrop(editor); 3}; 4 5class ReactEditor extends Component { 6 render() { 7 return ( 8 <EditorJs 9 onReady = { handleReady } 10 tools = { ... } 11 /> 12 ) 13 } 14}
Note: If you are also using editorjs-undo your handleReady function must have the editorjs-undo instance as well.
1const handleReady = (editor) => { 2 new Undo({ editor }); 3 new DragDrop(editor); 4};
Usage with react-editor-js.
If you are using react-editor-js, you should use the 'onInitialize' prop in the ReactEditorJS component to obtain the abstract editorjs as follow:
1........ 2export const ReactEditor = () => { 3 const editorCore = React.useRef(null) 4 5 const handleInitialize = React.useCallback((instance) => { 6 editorCore.current = instance 7 }, []) 8 9 const handleReady = () => { 10 const editor = editorCore.current._editorJS; 11 new Undo({ editor }) 12 new DragDrop(editor); 13 }; 14 15 const ReactEditorJS = createReactEditorJS() 16 return( 17 <ReactEditorJS 18 onInitialize={handleInitialize} 19 onReady = {handleReady} 20 tools={....} 21 defaultValue={....} 22 /> 23 ) 24}
Development
Development mode
1$ yarn build:dev
Production release
- Create a production bundle
1$ yarn build
- Commit
dist/bundle.js
Run tests
1$ yarn test
Code of conduct
We welcome everyone to contribute. Make sure you have read the CODE_OF_CONDUCT before.
Contributing
For information on how to contribute, please refer to our CONTRIBUTING guide.
Changelog
Features and bug fixes are listed in the CHANGELOG file.
License
This library is licensed under an MIT license. See LICENSE for details.
Acknowledgements
Made with 💙 by kommitters Open Source
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
3 different organizations found -- score normalized to 10
Details
- Info: contributors work for kommit,kommit - @kommitters,kommitters
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: tool 'RenovateBot' is used: renovate.json:1
Reason
license file detected
Details
- Info: License file found in expected location: LICENSE:1
- Info: FSF or OSI recognized license: LICENSE:1
Reason
publishing workflow detected
Details
- Info: GitHub/GitLab publishing workflow used in run https://api.github.com/repos/kommitters/editorjs-drag-drop/actions/runs/10853353582: .github/workflows/publish.yaml:9
Reason
all dependencies are pinned
Details
- Info: 11 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 6 out of 6 third-party GitHubAction dependencies pinned
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Info: topLevel 'contents' permission set to 'read': .github/workflows/publish.yaml:6
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:11
- Info: no jobLevel write permissions found
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
- Info: Found text in security policy: SECURITY.md:1
Reason
found 3 unreviewed changesets out of 24 -- score normalized to 8
Reason
SAST tool detected but not run on all commits
Details
- Warn: 14 commits out of 30 are checked with a SAST tool
- Info: SAST tool detected: CodeQL
Reason
badge detected: passing
Reason
6 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 5
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
14 out of 29 merged PRs checked by a CI test -- score normalized to 4
Reason
project is not fuzzed
Details
- Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
- Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
- Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
Score
8
/10
Last Scanned on 2024-11-24T01:58:46Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More