Installations
npm install esqueryScore
99.6
Supply Chain
80.8
Quality
79
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Developer
Developer Guide
Module System
CommonJS
Min. Node Version
>=0.10
Typescript Support
No
Node Version
22.4.0
NPM Version
10.8.1
Statistics
831 Stars
149 Commits
91 Forks
15 Watching
2 Branches
28 Contributors
Updated on 25 Nov 2024
Bundle Size
34.54 kB
Minified
9.08 kB
Minified + Gzipped
Languages
JavaScript (93.92%)
PEG.js (4.8%)
HTML (1.28%)
Total Downloads
Cumulative downloads
Total Downloads
5,719,218,672
Last day
-9%
7,462,278
Compared to previous day
Last week
0.9%
44,671,686
Compared to previous week
Last month
16.8%
179,581,609
Compared to previous month
Last year
23.4%
1,684,580,758
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
ESQuery is a library for querying the AST output by Esprima for patterns of syntax using a CSS style selector system. Check out the demo:
The following selectors are supported:
- AST node type:
ForStatement - wildcard:
* - attribute existence:
[attr] - attribute value:
[attr="foo"]or[attr=123] - attribute regex:
[attr=/foo.*/]or (with flags)[attr=/foo.*/is] - attribute conditions:
[attr!="foo"],[attr>2],[attr<3],[attr>=2], or[attr<=3] - nested attribute:
[attr.level2="foo"] - field:
FunctionDeclaration > Identifier.id - First or last child:
:first-childor:last-child - nth-child (no ax+b support):
:nth-child(2) - nth-last-child (no ax+b support):
:nth-last-child(1) - descendant:
ancestor descendant - child:
parent > child - following sibling:
node ~ sibling - adjacent sibling:
node + adjacent - negation:
:not(ForStatement) - has:
:has(ForStatement),:has(> ForStatement) - matches-any:
:matches([attr] > :first-child, :last-child) - subject indicator:
!IfStatement > [name="foo"] - class of AST node:
:statement,:expression,:declaration,:function, or:pattern
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license.txt:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 8/14 approved changesets -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/NodeCI.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/estools/esquery/NodeCI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/estools/esquery/NodeCI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/estools/esquery/NodeCI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/estools/esquery/NodeCI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/estools/esquery/NodeCI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/estools/esquery/NodeCI.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:20
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:35
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:49
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:50
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 24 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More