Gathering detailed insights and metrics for fastify
Gathering detailed insights and metrics for fastify
Fast and low overhead web framework, for Node.js
Installations
npm install fastifyDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
20.18.0
NPM Version
10.8.2
Score
64.9
Supply Chain
98.7
Quality
93.5
Maintenance
100
Vulnerability
99.6
License
Releases
289
Contributors
768
Languages
3
JavaScript
TypeScript
Shell
JavaScript (91.09%)
TypeScript (8.86%)
Shell (0.05%)
Developer
Download Statistics
Total Downloads
203,494,598
Last Day
200,027
Last Week
1,823,092
Last Month
9,188,793
Last Year
90,482,265
GitHub Statistics
32,671 Stars
4,258 Commits
2,328 Forks
299 Watching
17 Branches
768 Contributors
Sponsor this package
Maintainers
4
Package Meta Information
Latest Version
5.2.0
Package Id
fastify@5.2.0
Unpacked Size
2.45 MB
Size
444.16 kB
File Count
349
NPM Version
10.8.2
Node Version
20.18.0
Publised On
14 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
203,494,598
Last day
-49.4%
200,027
Compared to previous day
Last week
-15.7%
1,823,092
Compared to previous week
Last month
9.1%
9,188,793
Compared to previous month
Last year
52.4%
90,482,265
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
15
Dev Dependencies
37
@fastify/pre-commit@sinclair/typebox@sinonjs/fake-timers@stylistic/eslint-plugin@stylistic/eslint-plugin-js@types/nodeajvajv-errorsajv-formatsajv-i18najv-merge-patchautocannonborpbranch-comparerconcurrentlycross-enveslintfast-json-bodyfastify-pluginfluent-json-schemah2urlhttp-errorsjoijson-schema-to-tsJSONStreammarkdownlint-cli2neostandardnode-forgeproxyquiresimple-getsplit2taptsdtypescriptundicivaryyup
Versions
An efficient server implies a lower cost of the infrastructure, a better responsiveness under load and happy users. How can you efficiently handle the resources of your server, knowing that you are serving the highest number of requests as possible, without sacrificing security validations and handy development?
Enter Fastify. Fastify is a web framework highly focused on providing the best developer experience with the least overhead and a powerful plugin architecture. It is inspired by Hapi and Express and as far as we know, it is one of the fastest web frameworks in town.
The main branch refers to the Fastify v5 release, which is not released/LTS yet.
Check out the 4.x branch for v4.
Table of Contents
- Quick start
- Install
- Example
- Core features
- Benchmarks
- Documentation
- Ecosystem
- Support
- Team
- Hosted by
- License
Quick start
Create a folder and make it your current working directory:
1mkdir my-app 2cd my-app
Generate a fastify project with npm init:
1npm init fastify
Install dependencies:
1npm i
To start the app in dev mode:
1npm run dev
For production mode:
1npm start
Under the hood npm init downloads and runs Fastify
Create, which in turn uses the
generate functionality of Fastify CLI.
Install
To install Fastify in an existing project as a dependency:
1npm i fastify
Example
1// Require the framework and instantiate it 2 3// ESM 4import Fastify from 'fastify' 5 6const fastify = Fastify({ 7 logger: true 8}) 9// CommonJs 10const fastify = require('fastify')({ 11 logger: true 12}) 13 14// Declare a route 15fastify.get('/', (request, reply) => { 16 reply.send({ hello: 'world' }) 17}) 18 19// Run the server! 20fastify.listen({ port: 3000 }, (err, address) => { 21 if (err) throw err 22 // Server is now listening on ${address} 23})
with async-await:
1// ESM 2import Fastify from 'fastify' 3 4const fastify = Fastify({ 5 logger: true 6}) 7// CommonJs 8const fastify = require('fastify')({ 9 logger: true 10}) 11 12fastify.get('/', async (request, reply) => { 13 reply.type('application/json').code(200) 14 return { hello: 'world' } 15}) 16 17fastify.listen({ port: 3000 }, (err, address) => { 18 if (err) throw err 19 // Server is now listening on ${address} 20})
Do you want to know more? Head to the Getting Started.
Note
.listenbinds to the local host,localhost, interface by default (127.0.0.1or::1, depending on the operating system configuration). If you are running Fastify in a container (Docker, GCP, etc.), you may need to bind to0.0.0.0. Be careful when deciding to listen on all interfaces; it comes with inherent security risks. See the documentation for more information.
Core features
- Highly performant: as far as we know, Fastify is one of the fastest web frameworks in town, depending on the code complexity we can serve up to 76+ thousand requests per second.
- Extensible: Fastify is fully extensible via its hooks, plugins and decorators.
- Schema based: even if it is not mandatory we recommend to use JSON Schema to validate your routes and serialize your outputs, internally Fastify compiles the schema in a highly performant function.
- Logging: logs are extremely important but are costly; we chose the best logger to almost remove this cost, Pino!
- Developer friendly: the framework is built to be very expressive and help the developer in their daily use, without sacrificing performance and security.
Benchmarks
Machine: EX41S-SSD, Intel Core i7, 4Ghz, 64GB RAM, 4C/8T, SSD.
Method:: autocannon -c 100 -d 40 -p 10 localhost:3000 * 2, taking the
second average
| Framework | Version | Router? | Requests/sec |
|---|---|---|---|
| Express | 4.17.3 | ✓ | 14,200 |
| hapi | 20.2.1 | ✓ | 42,284 |
| Restify | 8.6.1 | ✓ | 50,363 |
| Koa | 2.13.0 | ✗ | 54,272 |
| Fastify | 4.0.0 | ✓ | 77,193 |
| - | |||
http.Server | 16.14.2 | ✗ | 74,513 |
Benchmarks taken using https://github.com/fastify/benchmarks. This is a synthetic, "hello world" benchmark that aims to evaluate the framework overhead. The overhead that each framework has on your application depends on your application, you should always benchmark if performance matters to you.
Documentation
Getting StartedGuidesServerRoutesEncapsulationLoggingMiddlewareHooksDecoratorsValidation and SerializationFluent SchemaLifecycleReplyRequestErrorsContent Type ParserPluginsTestingBenchmarkingHow to write a good pluginPlugins GuideHTTP2Long Term SupportTypeScript and types supportServerlessRecommendations
中文文档地址
Ecosystem
- Core - Core plugins maintained by the Fastify team.
- Community - Community supported plugins.
- Live Examples - Multirepo with a broad set of real working examples.
- Discord - Join our discord server and chat with the maintainers.
Support
Please visit Fastify help to view prior support issues and to ask new support questions.
Version 3 of Fastify and lower are EOL and will not receive any security or bug fixes.
Fastify's partner, HeroDevs, provides commercial security fixes for all unsupported versions at https://herodevs.com/support/fastify-nes. Fastify's supported version matrix is available in the Long Term Support documentation.
Contributing
Whether reporting bugs, discussing improvements and new ideas or writing code, we welcome contributions from anyone and everyone. Please read the CONTRIBUTING guidelines before submitting pull requests.
Team
Fastify is the result of the work of a great community. Team members are listed in alphabetical order.
Lead Maintainers:
- Matteo Collina, https://twitter.com/matteocollina, https://www.npmjs.com/~matteo.collina
- Tomas Della Vedova, https://twitter.com/delvedor, https://www.npmjs.com/~delvedor
- Manuel Spigolon, https://twitter.com/manueomm, https://www.npmjs.com/~eomm
- James Sumners, https://twitter.com/jsumners79, https://www.npmjs.com/~jsumners
Fastify Core team
- Tommaso Allevi, https://twitter.com/allevitommaso, https://www.npmjs.com/~allevo
- Harry Brundage, https://twitter.com/harrybrundage, https://www.npmjs.com/~airhorns
- David Mark Clements, https://twitter.com/davidmarkclem, https://www.npmjs.com/~davidmarkclements
- Matteo Collina, https://twitter.com/matteocollina, https://www.npmjs.com/~matteo.collina
- Tomas Della Vedova, https://twitter.com/delvedor, https://www.npmjs.com/~delvedor
- Dustin Deus, https://twitter.com/dustindeus, https://www.npmjs.com/~starptech
- Ayoub El Khattabi, https://twitter.com/ayoubelkh, https://www.npmjs.com/~ayoubelk
- Denis Fäcke, https://twitter.com/serayaeryn, https://www.npmjs.com/~serayaeryn
- Carlos Fuentes, https://twitter.com/metcoder95, https://www.npmjs.com/~metcoder95
- Vincent Le Goff
- Luciano Mammino, https://twitter.com/loige, https://www.npmjs.com/~lmammino
- Luis Orbaiceta, https://twitter.com/luisorbai, https://www.npmjs.com/~luisorbaiceta
- Maksim Sinik, https://twitter.com/maksimsinik, https://www.npmjs.com/~fox1t
- Manuel Spigolon, https://twitter.com/manueomm, https://www.npmjs.com/~eomm
- James Sumners, https://twitter.com/jsumners79, https://www.npmjs.com/~jsumners
- Aras Abbasi, https://www.npmjs.com/~uzlopak
- Gürgün Dayıoğlu, https://www.npmjs.com/~gurgunday
Fastify Plugins team
- Matteo Collina, https://twitter.com/matteocollina, https://www.npmjs.com/~matteo.collina
- Harry Brundage, https://twitter.com/harrybrundage, https://www.npmjs.com/~airhorns
- Tomas Della Vedova, https://twitter.com/delvedor, https://www.npmjs.com/~delvedor
- Ayoub El Khattabi, https://twitter.com/ayoubelkh, https://www.npmjs.com/~ayoubelk
- Carlos Fuentes, https://twitter.com/metcoder95, https://www.npmjs.com/~metcoder95
- Vincent Le Goff
- Salman Mitha, https://www.npmjs.com/~salmanm
- Maksim Sinik, https://twitter.com/maksimsinik, https://www.npmjs.com/~fox1t
- Frazer Smith, https://www.npmjs.com/~fdawgs
- Manuel Spigolon, https://twitter.com/manueomm, https://www.npmjs.com/~eomm
- Simone Busoli, https://twitter.com/simonebu, https://www.npmjs.com/~simoneb
- Gürgün Dayıoğlu, https://www.npmjs.com/~gurgunday
- Dan Castillo, https://www.npmjs.com/~dancastillo
- Jean Michelet, https://www.npmjs.com/~jean-michelet
Great Contributors
Great contributors on a specific area in the Fastify ecosystem will be invited to join this group by Lead Maintainers.
- dalisoft, https://twitter.com/dalisoft, https://www.npmjs.com/~dalisoft
- Luciano Mammino, https://twitter.com/loige, https://www.npmjs.com/~lmammino
- Evan Shortiss, https://twitter.com/evanshortiss, https://www.npmjs.com/~evanshortiss
Past Collaborators
- Çağatay Çalı, https://twitter.com/cagataycali, https://www.npmjs.com/~cagataycali
- Trivikram Kamat, https://twitter.com/trivikram, https://www.npmjs.com/~trivikr
- Cemre Mengu, https://twitter.com/cemremengu, https://www.npmjs.com/~cemremengu
- Nathan Woltman, https://twitter.com/NathanWoltman, https://www.npmjs.com/~nwoltman
- Ethan Arrowood, https://twitter.com/arrowoodtech, https://www.npmjs.com/~ethan_arrowood
- Rafael Gonzaga, https://twitter.com/_rafaelgss, https://www.npmjs.com/~rafaelgss
Hosted by
We are a At-Large Project in the OpenJS Foundation.
Sponsors
Support this project by becoming a SPONSOR! Fastify has an Open Collective page where we accept and manage financial contributions.
Acknowledgements
This project is kindly sponsored by:
Past Sponsors:
This list includes all companies that support one or more of the team members in the maintenance of this project.
License
Licensed under MIT.
For your convenience, here is a list of all the licenses of our production dependencies:
- MIT
- ISC
- BSD-3-Clause
- BSD-2-Clause
Stable Version
Stable Version
5.2.0
HIGH
2
HIGH
7.5/10
Summary
fastify vulnerable to denial of service via malicious Content-Type
Affected Versions
>= 4.0.0, < 4.8.1
Patched Versions
4.8.1
HIGH
7.5/10
Summary
Denial of Service vulnerability with large JSON payloads in fastify
Affected Versions
<= 0.37.0
Patched Versions
0.38.0
MODERATE
3
MODERATE
4.2/10
Summary
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Affected Versions
>= 3.0.0, < 3.29.4
Patched Versions
3.29.4
MODERATE
4.2/10
Summary
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Affected Versions
>= 4.0.0, < 4.10.2
Patched Versions
4.10.2
MODERATE
0/10
Summary
Denial of service in fastify
Affected Versions
< 2.15.1
Patched Versions
2.15.1
Reason
30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
Reason
Found 28/29 approved changesets -- score normalized to 9
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
badge detected: Passing
Reason
SAST tool is not run on all commits -- score normalized to 5
Details
- Warn: 15 commits out of 29 are checked with a SAST tool
Reason
dangerous workflow patterns detected
Details
- Warn: untrusted code checkout '${{github.event.pull_request.head.sha}}': .github/workflows/benchmark-parser.yml:22
- Warn: untrusted code checkout '${{github.event.pull_request.head.sha}}': .github/workflows/benchmark.yml:22
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/benchmark-parser.yml:12
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/benchmark.yml:12
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci-alternative-runtime.yml:26
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci-alternative-runtime.yml:57
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci-alternative-runtime.yml:85
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:29
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:43
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:69
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:95
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:112
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:147
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:177
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:216
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:102
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/citgm-package.yml:45
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/citgm.yml:12
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/coverage-nix.yml:10
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/coverage-win.yml:10
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/integration-alternative-runtimes.yml:22
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/integration.yml:22
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/labeler.yml:7
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/test-compare.yml:11
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/backport.yml:10
- Warn: no topLevel permission defined: .github/workflows/benchmark-parser.yml:1
- Warn: no topLevel permission defined: .github/workflows/benchmark.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci-alternative-runtime.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/citgm-package.yml:1
- Warn: no topLevel permission defined: .github/workflows/citgm.yml:1
- Warn: no topLevel permission defined: .github/workflows/coverage-nix.yml:1
- Warn: no topLevel permission defined: .github/workflows/coverage-win.yml:1
- Warn: no topLevel permission defined: .github/workflows/integration-alternative-runtimes.yml:1
- Warn: no topLevel permission defined: .github/workflows/integration.yml:1
- Warn: no topLevel permission defined: .github/workflows/labeler.yml:1
- Warn: no topLevel permission defined: .github/workflows/links-check.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint-ecosystem-order.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/md-lint.yml:18
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/missing_types.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/package-manager-ci.yml:9
- Warn: no topLevel permission defined: .github/workflows/pull-request-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-compare.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/website.yml:15
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/backport.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/backport.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-parser.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark-parser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-parser.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark-parser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-parser.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark-parser.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark-parser.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark-parser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-alternative-runtime.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci-alternative-runtime.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-alternative-runtime.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci-alternative-runtime.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-alternative-runtime.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci-alternative-runtime.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-alternative-runtime.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci-alternative-runtime.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-alternative-runtime.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci-alternative-runtime.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-alternative-runtime.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci-alternative-runtime.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/citgm-package.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/citgm-package.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/citgm-package.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/citgm-package.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/citgm-package.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/citgm-package.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/citgm-package.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/citgm-package.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/citgm.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/citgm.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-nix.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/coverage-nix.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-nix.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/coverage-nix.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-win.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/coverage-win.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-win.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/coverage-win.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-alternative-runtimes.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/integration-alternative-runtimes.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration-alternative-runtimes.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/integration-alternative-runtimes.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration-alternative-runtimes.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/integration-alternative-runtimes.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/integration.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/links-check.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/links-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-ecosystem-order.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/lint-ecosystem-order.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-ecosystem-order.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/lint-ecosystem-order.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/md-lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/md-lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/md-lint.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/md-lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/missing_types.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/missing_types.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package-manager-ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/package-manager-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package-manager-ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/package-manager-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package-manager-ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/package-manager-ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package-manager-ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/package-manager-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/package-manager-ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/package-manager-ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-title.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/pull-request-title.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-compare.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/fastify/fastify/test-compare.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/benchmark-parser.yml:35
- Warn: npmCommand not pinned by hash: .github/workflows/benchmark-parser.yml:54
- Warn: npmCommand not pinned by hash: .github/workflows/benchmark.yml:35
- Warn: npmCommand not pinned by hash: .github/workflows/benchmark.yml:54
- Warn: npmCommand not pinned by hash: .github/workflows/ci-alternative-runtime.yml:48
- Warn: npmCommand not pinned by hash: .github/workflows/ci-alternative-runtime.yml:71
- Warn: npmCommand not pinned by hash: .github/workflows/ci-alternative-runtime.yml:95
- Warn: npmCommand not pinned by hash: .github/workflows/ci-alternative-runtime.yml:98
- Warn: npmCommand not pinned by hash: .github/workflows/ci-alternative-runtime.yml:104
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:191
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:194
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:200
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:59
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:85
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:163
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:134
- Warn: npmCommand not pinned by hash: .github/workflows/citgm-package.yml:62
- Warn: npmCommand not pinned by hash: .github/workflows/citgm-package.yml:86
- Warn: npmCommand not pinned by hash: .github/workflows/coverage-nix.yml:25
- Warn: npmCommand not pinned by hash: .github/workflows/md-lint.yml:39
- Warn: downloadThenRun not pinned by hash: .github/workflows/package-manager-ci.yml:68
- Info: 0 out of 42 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 19 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 20 npmCommand dependencies pinned
Score
6.2
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More