Gathering detailed insights and metrics for evaluatory
Gathering detailed insights and metrics for evaluatory
Installations
npm install evaluatoryDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=18.0.0
Node Version
20.10.0
NPM Version
10.2.5
Score
41.7
Supply Chain
79.5
Quality
76.7
Maintenance
50
Vulnerability
95.8
License
Releases
29
Contributors
2
Unable to fetch Contributors
Languages
5
JavaScript
Nunjucks
HTML
SCSS
Shell
JavaScript (60.74%)
Nunjucks (31.36%)
HTML (5.09%)
SCSS (2.38%)
Shell (0.42%)
Developer
Download Statistics
Total Downloads
17,034
Last Day
1
Last Week
17
Last Month
77
Last Year
1,702
GitHub Statistics
99 Stars
117 Commits
7 Forks
6 Watching
2 Branches
2 Contributors
Maintainers
1
Package Meta Information
Latest Version
4.1.0
Package Id
evaluatory@4.1.0
Unpacked Size
203.12 kB
Size
138.33 kB
File Count
41
NPM Version
10.2.5
Node Version
20.10.0
Publised On
15 May 2024
Total Downloads
Cumulative downloads
Total Downloads
17,034
Last day
-50%
1
Compared to previous day
Last week
13.3%
17
Compared to previous week
Last month
-64%
77
Compared to previous month
Last year
-66.6%
1,702
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
19
Dev Dependencies
5
Versions
Evaluatory
Evaluatory is an open-source tool for website validation. It is mainly a wrapper around axe-core and html-validate, which test a website for accessibility and markup issues.
Evaluatory comes with some essential improvements:
- Run checks at multiple device breakpoints at the same time (e.g. mobile, tablet and desktop). Some accessibility issues appear only at a certain breakpoint.
- Emulate dark mode, disabled JavaScript, offline mode and more by using custom Playwright options.
- Return a visual HTML results page, including page screenshots.
- Support for sitemaps to check all referenced web pages at once.
This project uses a modular architecture, so in the long term it could become an alternative to tools like webhint.
Demo
Check out a demo results page at https://darekkay.com/evaluatory/demo/.
Modules
- base: Custom built-in checks.
- axe-core: Checks for accessibility issues using axe-core.
- html-validate: Validates the HTML using html-validate.
- screenshot: Takes a screenshot of the page.
Quickstart
Run evaluatory with default configuration for a single URL:
1npx evaluatory https://example.com
Installation
This tool requires Node.js version 12+.
Install globally:
1$ yarn add -g evaluatory # Yarn 2$ npm install -g evaluatory # Npm
Or install as a local dependency:
1$ yarn add evaluatory # Yarn 2$ npm install --save evaluatory # Npm
Or use without installing:
1$ npx evaluatory <url>
Usage
View program help:
1$ evaluatory --help 2Usage: evaluatory [url] [options] 3 4Arguments: 5 [url] URL 6 7Options: 8 -c, --config Configuration file path 9 -o, --output Output folder 10 --color-scheme Color scheme (light, dark, no-preference) 11 -m, --modules Modules to execute (comma-separated) 12 --no-open-results Don't open the results page after evaluation 13 --sitemap Sitemap URL 14 --verbose Verbose/debug mode 15 -h, --help Show help 16 -v, --version Show version number
Run default configuration for a single URL:
1$ evaluatory https://example.com
Run default configuration for all URLs within a sitemap:
1$ evaluatory --sitemap https://example.com/sitemap.xml
Provide a custom configuration:
1$ evaluatory -c config.json
Configuration
The configuration is a valid JSON5 file. See config.example.json5 for an example and config.default.js for available options (with defaults).
License
This project and its contents are open source under the MIT license.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/darekkay/evaluatory/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/darekkay/evaluatory/ci.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.9
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More