Gathering detailed insights and metrics for egg-cors
Gathering detailed insights and metrics for egg-cors
Installations
npm install egg-corsDeveloper Guide
BETA
Typescript
Yes
Module System
N/A
Min. Node Version
>=14.0.0
Node Version
18.20.2
NPM Version
10.5.0
Score
86.8
Supply Chain
90.6
Quality
82.8
Maintenance
100
Vulnerability
100
License
Releases
4
Contributors
29
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
Developer
eggjs
Download Statistics
Total Downloads
5,153,970
Last Day
1,880
Last Week
9,574
Last Month
41,304
Last Year
514,389
GitHub Statistics
152 Stars
39 Commits
12 Forks
10 Watching
3 Branches
29 Contributors
Maintainers
5
Package Meta Information
Latest Version
3.0.1
Package Id
egg-cors@3.0.1
Unpacked Size
7.47 kB
Size
3.25 kB
File Count
7
NPM Version
10.5.0
Node Version
18.20.2
Publised On
25 Apr 2024
Total Downloads
Cumulative downloads
Total Downloads
5,153,970
Last day
28.1%
1,880
Compared to previous day
Last week
1.2%
9,574
Compared to previous week
Last month
-0.4%
41,304
Compared to previous month
Last year
-71.4%
514,389
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
7
Versions
egg-cors
CORS plugin for egg, based on @koa/cors.
Install
1$ npm i egg-cors --save
Usage
1// {app_root}/config/plugin.js 2exports.cors = { 3 enable: true, 4 package: 'egg-cors', 5};
egg-cors works internally with egg-security. By defining the property of domainWhiteList on object security, you have successfully informed the framework to whitelist the passed domains.
When you make a request from client side, egg should return an Access-Control-Allow-Origin response header with the domain that you passed in along with the payload and status code 200.
1exports.security = { 2 domainWhiteList: [ 'http://localhost:4200' ], 3};
Configuration
Support all configurations in @koa/cors.
1// {app_root}/config/config.default.js 2exports.cors = { 3 // {string|Function} origin: '*', 4 // {string|Array} allowMethods: 'GET,HEAD,PUT,POST,DELETE,PATCH' 5};
If the origin is set, the plugin will follow it to set the Access-Control-Allow-Origin and ignore the security.domainWhiteList. Otherwise, the security.domainWhiteList which is default will take effect as described above.
Security
Only in safe domain list support CORS when security plugin enabled.
Questions & Suggestions
Please open an issue here.
License
Contributors
 atian25 |  dead-horse |  fengmk2 |  brickyang |  sinchang |  XadillaX |
|---|---|---|---|---|---|
 mattma |  SoraYama |  Yelmor |  angela-1 |  waitingsong |
This project follows the git-contributor spec, auto updated at Mon Dec 11 2023 13:25:00 GMT+0800.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 3 commits out of 17 are checked with a SAST tool
Reason
Found 10/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:26
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:27
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/eggjs/egg-cors/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/eggjs/egg-cors/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/eggjs/egg-cors/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/eggjs/egg-cors/codeql-analysis.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Score
4.6
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More