Gathering detailed insights and metrics for git-describe
Gathering detailed insights and metrics for git-describe
Installations
npm install git-describeDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=4.0.0
Node Version
16.14.0
NPM Version
8.3.1
Releases
3
Languages
2
JavaScript
Shell
JavaScript (98.62%)
Shell (1.38%)
Developer
tvdstaaij
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
36 Stars
78 Commits
5 Forks
3 Watchers
9 Branches
5 Contributors
Updated on Aug 28, 2024
Maintainers
1
Package Meta Information
Latest Version
4.1.1
Package Id
git-describe@4.1.1
Unpacked Size
16.09 kB
Size
5.54 kB
File Count
7
NPM Version
8.3.1
Node Version
16.14.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
4
Optional Dependencies
1
git-describe
This Node.js module runs git describe on the working directory or any
other directory and parses the output to individual components. Additionally,
if your tags follow semantic versioning the semver will be parsed and
supplemented with the git-specific information as build metadata.
Installation
Available from npm:
npm install git-describe
Tests are not included in the npm package — clone the git repository to run tests (Node.js 4+ required).
As of version 4.0.0, semver is an optional dependency that does not have to
be installed if you do not require semver functionality.
Note that the git executable must be in the system's executable path for this module to function.
Usage
The module exposes two functions:
gitDescribe(directory, options, cb) -> PromisegitDescribeSync(directory, options) -> Object
The only difference is that gitDescribe has an asynchronous API
(either the callback argument or the returned promise can be used), whilst
gitDescribeSync is fully synchronous
(blocks until the git executable returns and throws an Error on failure).
Both functions can take a directory string (defaults to working directory)
and an options object. Either or both arguments can be omitted.
1const {gitDescribe, gitDescribeSync} = require('git-describe'); 2 3// Target working directory 4const gitInfo = gitDescribeSync(); 5 6// Target the directory of the calling script 7// Recommended when you want to target the repo your app resides in 8const gitInfo = gitDescribeSync(__dirname); 9 10// With options (see below) 11const gitInfo = gitDescribeSync(__dirname, { 12 longSemver: true, 13 dirtySemver: false 14}); 15 16// Another example: working directory, use 16 character commit hash abbreviation 17const gitInfo = gitDescribeSync({ 18 customArguments: ['--abbrev=16'] 19}); 20 21// Asynchronous with promise 22gitDescribe(__dirname) 23 .then((gitInfo) => console.dir(gitInfo)) 24 .catch((err) => console.error(err)); 25 26// Asynchronous with node-style callback 27gitDescribe(__dirname, (err, gitInfo) => { 28 if (err) 29 return console.error(err); 30 console.dir(gitInfo); 31});
Example output
1{ 2 dirty: false, 3 hash: 'g3c9c15b', 4 distance: 6, 5 tag: 'v2.1.0-beta', 6 semver: SemVer, // SemVer instance, see https://github.com/npm/node-semver 7 suffix: '6-g3c9c15b', 8 raw: 'v2.1.0-beta-6-g3c9c15b', 9 semverString: '2.1.0-beta+6.g3c9c15b' 10}
Options
| Option | Default | Description |
|---|---|---|
dirtyMark | '-dirty' | Dirty mark to use if repo state is dirty (see git describe's --dirty). |
dirtySemver | true | Appends the dirty mark to semverString if repo state is dirty. |
long | true | Always adds commit distance and hash to raw, suffix and .toString() (matches the behaviour of git describe's --long) |
longSemver | false | Always adds commit distance and hash to semverString (similar to git describe's --long, but for semver). |
requireAnnotated | false | Uses --tags if false, so that simple git tags are allowed. |
match | 'v[0-9]*' | Uses --match to filter tag names. By default only tags resembling a version number are considered. |
customArguments | [] | Array of additional arguments to pass to git describe. Not all arguments are useful and some may even break the library, but things like --abbrev and --candidates should be safe to add. |
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
Found 4/7 approved changesets -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tvdstaaij/node-git-describe/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/tvdstaaij/node-git-describe/test.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Score
3.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More