Watches files and records, or triggers actions, when they change.
Installations
npm install fb-watchmanReleases
212
v2024.11.25.00
v2024.11.25.00
Published on 25 Nov 2024
v2024.11.18.00
v2024.11.18.00
Published on 18 Nov 2024
v2024.11.11.00
v2024.11.11.00
Published on 11 Nov 2024
v2024.11.04.00
v2024.11.04.00
Published on 04 Nov 2024
v2024.10.28.00
v2024.10.28.00
Published on 28 Oct 2024
v2024.10.21.00
v2024.10.21.00
Published on 21 Oct 2024
Contributors
329
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
16.15.1
NPM Version
8.11.0
Statistics
12,779 Stars
12,974 Commits
995 Forks
259 Watching
26 Branches
329 Contributors
Updated on 27 Nov 2024
Languages
C++ (45.73%)
Python (29.06%)
Rust (7.84%)
Java (5.01%)
CMake (4%)
Thrift (3.28%)
C (2.27%)
JavaScript (1.68%)
Ruby (0.56%)
Shell (0.29%)
CSS (0.18%)
Dockerfile (0.05%)
Starlark (0.04%)
Batchfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
4,246,512,751
Last day
-2.7%
5,496,381
Compared to previous day
Last week
4%
29,923,155
Compared to previous week
Last month
24.1%
116,515,204
Compared to previous month
Last year
13.1%
1,129,353,221
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
Watchman
A file watching service.
Purpose
Watchman exists to watch files and record when they actually change. It can also trigger actions (such as rebuilding assets) when matching files change.
Documentation
Head on over to https://facebook.github.io/watchman/
License
Watchman is made available under the terms of the MIT License. See the LICENSE file that accompanies this distribution for the full text of the license.
Support
Watchman is primarily maintained by the source control team at Meta Platforms, Inc. We support:
- Windows and macOS builds
- Linux builds on recent Ubuntu and Fedora releases
- Watchman's compatibility commitment
- Python, Rust, and JavaScript clients
Support for additional operating systems, release packaging, and language bindings is community-maintained:
- Homebrew
- FreeBSD
- Solaris
Please submit a GitHub issue to report any troubles.
Contributing
Please see the contributing document.
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
project is fuzzed
Details
- Info: CppLibFuzzer integration found: watchman/fuzz/BserDecode.cpp:10
- Info: CppLibFuzzer integration found: watchman/fuzz/JsonDecode.cpp:10
- Info: CppLibFuzzer integration found: watchman/fuzz/PyBserDecode.cpp:10
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:95
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/facebook/.github/SECURITY.md:1
- Info: Found linked content: github.com/facebook/.github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: github.com/facebook/.github/SECURITY.md:1
Reason
Found 12/30 approved changesets -- score normalized to 4
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/getdeps_linux.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/getdeps_mac.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/getdeps_windows.yml:14
- Warn: no topLevel permission defined: .github/workflows/package.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:10
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/getdeps_linux.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_linux.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/getdeps_linux.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_linux.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/getdeps_linux.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_linux.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/getdeps_mac.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_mac.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/getdeps_mac.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_mac.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/getdeps_mac.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_mac.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/getdeps_windows.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_windows.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/getdeps_windows.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/getdeps_windows.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/getdeps_windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/package.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/package.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/package.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/package.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/package.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/package.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/package.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/package.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:274: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:323: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:335: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:346: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/watchman/release.yml/main?enable=pin
- Warn: containerImage not pinned by hash: watchman/build/package/fedora-env/Dockerfile:2
- Warn: containerImage not pinned by hash: watchman/build/package/ubuntu-env/Dockerfile:2
- Warn: containerImage not pinned by hash: watchman/build/package/watchman-build/Dockerfile:2
- Warn: containerImage not pinned by hash: watchman/build/package/watchman-deb/Dockerfile:2
- Warn: downloadThenRun not pinned by hash: watchman/build/package/fedora-env/Dockerfile:6
- Warn: downloadThenRun not pinned by hash: watchman/build/package/ubuntu-env/Dockerfile:18
- Info: 0 out of 30 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 21 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 containerImage dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v2024.11.25.00 not signed: https://api.github.com/repos/facebook/watchman/releases/187334151
- Warn: release artifact v2024.11.18.00 not signed: https://api.github.com/repos/facebook/watchman/releases/185997220
- Warn: release artifact v2024.11.11.00 not signed: https://api.github.com/repos/facebook/watchman/releases/184711840
- Warn: release artifact v2024.11.04.00 not signed: https://api.github.com/repos/facebook/watchman/releases/183407166
- Warn: release artifact v2024.10.28.00 not signed: https://api.github.com/repos/facebook/watchman/releases/182277807
- Warn: release artifact v2024.11.25.00 does not have provenance: https://api.github.com/repos/facebook/watchman/releases/187334151
- Warn: release artifact v2024.11.18.00 does not have provenance: https://api.github.com/repos/facebook/watchman/releases/185997220
- Warn: release artifact v2024.11.11.00 does not have provenance: https://api.github.com/repos/facebook/watchman/releases/184711840
- Warn: release artifact v2024.11.04.00 does not have provenance: https://api.github.com/repos/facebook/watchman/releases/183407166
- Warn: release artifact v2024.10.28.00 does not have provenance: https://api.github.com/repos/facebook/watchman/releases/182277807
Reason
27 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3
- Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3
- Warn: Project is vulnerable to: GHSA-mvr2-9pj6-7w5j
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-jrvm-mcxc-mf6m
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-mf6x-hrgr-658f
- Warn: Project is vulnerable to: GHSA-xrh7-m5pp-39r6
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-m4gq-x24j-jpmf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More