npmpackage.info

Gathering detailed insights and metrics for gatsby-sharp

gatsby-sharp

The best React-based framework with performance, scalability and security built in.

1.14.0

55,312

MIT

JavaScript

15.83 kB

36,021,237 6.9

Installations

npm install gatsby-sharp

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>=18.0.0

Node Version

20.11.1

NPM Version

lerna/3.22.1/node@v20.11.1+arm64 (darwin)

Score

81.5

Supply Chain

54.2

Quality

Maintenance

100

Vulnerability

97.9

License

Pull Requests

Open

207

Total

22,269

Closed

3,921

Merged

18,141

Issues

Open

192

Total

14,079

Closed

13,887

Releases

146

v5.14.0

gatsby@5.14.0

Published on 06 Nov 2024

gatsby-source-shopify@8.13.2

Published on 28 Oct 2024

gatsby-source-wordpress@7.13.5 and 6 more...

gatsby-source-wordpress@7.13.5

Published on 28 Oct 2024

v5.13.7

gatsby@5.13.7

Published on 28 Oct 2024

v5.13.6

gatsby@5.13.6

Published on 28 Oct 2024

v5.13.5

gatsby@5.13.5

Published on 28 Oct 2024

View all 146 releases

Contributors

3,988

View all 3,988 contributors

Languages

JavaScript

TypeScript

CSS

HTML

MDX

Shell

Dockerfile

PHP

EJS

Python

Less

SCSS

Stylus

JavaScript (59.01%)

TypeScript (38.61%)

CSS (1.05%)

HTML (0.69%)

MDX (0.45%)

Shell (0.12%)

Dockerfile (0.03%)

PHP (0.02%)

EJS (0.01%)

Developer

gatsbyjs

Download Statistics

Total Downloads

36,021,237

Last Day

16,298

Last Week

177,554

Last Month

1,014,244

Last Year

13,103,149

GitHub Statistics

55,312 Stars

21,714 Commits

10,306 Forks

727 Watching

468 Branches

3,988 Contributors

Maintainers

Package Meta Information

Latest Version

1.14.0

Package Id

gatsby-sharp@1.14.0

Unpacked Size

15.83 kB

Size

4.20 kB

File Count

NPM Version

lerna/3.22.1/node@v20.11.1+arm64 (darwin)

Node Version

20.11.1

Publised On

06 Nov 2024

Total Downloads

Cumulative downloads

Total Downloads

36,021,237

Last day

-61.8%

16,298

Compared to previous day

Last week

-27.1%

177,554

Compared to previous week

Last month

-21.9%

1,014,244

Compared to previous month

Last year

-6.5%

13,103,149

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

sharp

Dev Dependencies

@babel/cli @babel/core babel-plugin-replace-ts-export-assignment cross-env npm-run-all typescript

Versions

ERROR: No README data found!

No vulnerabilities found.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

8

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

8

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedule-stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/gatsbyjs/gatsby/schedule-stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schedule-stale.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/gatsbyjs/gatsby/schedule-stale.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedule-stale.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/gatsbyjs/gatsby/schedule-stale.yml/master?enable=pin
Warn: containerImage not pinned by hash: .github/actions/gatsby-site-showcase-validator/Dockerfile:1: pin your Docker image by updating node:10-slim to node:10-slim@sha256:88932859e3d022d79161b99628c4c2c50e836437455e2d1b1a008d98367b10d6
Warn: containerImage not pinned by hash: .github/actions/high-priority-prs/Dockerfile:1: pin your Docker image by updating node:10-slim to node:10-slim@sha256:88932859e3d022d79161b99628c4c2c50e836437455e2d1b1a008d98367b10d6
Warn: containerImage not pinned by hash: .gitpod.Dockerfile:1: pin your Docker image by updating gitpod/workspace-full to gitpod/workspace-full@sha256:bec45ebdcc9b9c5ec28d5c61c16bf599200aa0d2dc1e69e2ed8ab0a424bae6db
Warn: containerImage not pinned by hash: benchmarks/docker-runner/Dockerfile:1: pin your Docker image by updating node:14-buster to node:14-buster@sha256:a158d3b9b4e3fa813fa6c8c590b8f0a860e015ad4e59bbce5744d2f6fd8461aa
Warn: containerImage not pinned by hash: integration-tests/gatsby-source-wordpress/docker/wordpress/Dockerfile:1: pin your Docker image by updating wordpress:5.9 to wordpress:5.9@sha256:f9d68493ee98ea8f39e6e0fc2327b48e0b555ef0ec3fcc06b8d42cbc539c49a4
Warn: containerImage not pinned by hash: integration-tests/gatsby-source-wordpress/docker/wp-cli/Dockerfile:1: pin your Docker image by updating wordpress:cli-php7.4 to wordpress:cli-php7.4@sha256:946a8b7f237f6cf90d8f04aff952544a0332d43374d598925dcf0180e4441c6c
Warn: npmCommand not pinned by hash: .gitpod.Dockerfile:8
Warn: npmCommand not pinned by hash: benchmarks/docker-runner/Dockerfile:6
Warn: npmCommand not pinned by hash: examples/build-all-examples.sh:34
Warn: npmCommand not pinned by hash: scripts/e2e-test.sh:17
Warn: npmCommand not pinned by hash: scripts/e2e-test.sh:17
Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned
Info: 0 out of 6 containerImage dependencies pinned
Info: 1 out of 6 npmCommand dependencies pinned

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

84 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-7hpj-7hhx-2fgx
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-rm97-x556-q36h
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h
Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
Warn: Project is vulnerable to: GHSA-8gh8-hqwg-xf34
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
Warn: Project is vulnerable to: GHSA-3wc5-fcw2-2329
Warn: Project is vulnerable to: GHSA-64fm-8hw2-v72w
Warn: Project is vulnerable to: GHSA-f98w-7cxr-ff2h
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-rxrc-rgv4-jpvx
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv
Warn: Project is vulnerable to: GHSA-4r6h-8v6p-xvw6
Warn: Project is vulnerable to: GHSA-5pgg-2g8v-p4x9
Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh

Score

6.9

/10

Last Scanned on 2024-12-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More