npmpackage.info

Gathering detailed insights and metrics for globals

Other packages similar to globals

eslint-restricted-globals

0.2.0

A list of confusing globals that should be restricted to be used as globals

@react-spring/shared

9.7.5

Globals and shared modules

jsonify

0.0.1

JSON without touching any globals

confusing-browser-globals

1.0.11

A list of browser globals that are often used by mistake instead of local variables

Gathering detailed insights and metrics for globals

globals

Global identifiers from different JavaScript environments

15.12.0

408

MIT

JavaScript

10.58 kB

14,613,209,244 5.4

Installations

npm install globals

Pull Requests

Open

2

Total

199

Closed

40

Merged

157

Issues

Open

4

Total

72

Closed

68

Releases

v15.12.0

Published on 04 Nov 2024

v15.11.0

Published on 09 Oct 2024

v15.10.0

Published on 01 Oct 2024

v15.9.0

Published on 01 Aug 2024

v15.8.0

Published on 02 Jul 2024

v15.7.0

Published on 30 Jun 2024

View all 48 releases

Developer

sindresorhus

Developer Guide

BETA

Module System

Unable to determine the module system for this package.

Min. Node Version

>=18

Typescript Support

Yes

Node Version

18.20.4

NPM Version

10.6.0 Statistics

408 Stars

371 Commits

115 Forks

12 Watching

1 Branches

99 Contributors

Updated on 28 Nov 2024

Bundle Size

59.75 kB

Minified

10.58 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (99.27%)

TypeScript (0.43%)

Makefile (0.3%)

Total Downloads

Cumulative downloads

Total Downloads

14,613,209,244

Last day

-7.5%

18,586,870

Compared to previous day

Last week

108,439,169

Compared to previous week

Last month

14.5%

444,059,097

Compared to previous month

Last year

22.4%

4,229,291,132

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

ava cheerio eslint-plugin-jest execa get-port npm-run-all2 outdent puppeteer shelljs tsd type-fest xo

Versions

globals

Global identifiers from different JavaScript environments

It's just a JSON file, so you can use it in any environment.

This package is used by ESLint 8 and earlier. For ESLint 9 and later, you should depend on this package directly in your ESLint config.

Install

1npm install globals

Usage

1import globals from 'globals';
2
3console.log(globals.browser);
4/*
5{
6	addEventListener: false,
7	applicationCache: false,
8	ArrayBuffer: false,
9	atob: false,
10	…
11}
12*/

Each global is given a value of true or false. A value of true indicates that the variable may be overwritten. A value of false indicates that the variable should be considered read-only. This information is used by static analysis tools to flag incorrect behavior. We assume all variables should be false unless we hear otherwise.

For Node.js this package provides two sets of globals:

globals.nodeBuiltin: Globals available to all code running in Node.js. These will usually be available as properties on the globalThis object and include process, Buffer, but not CommonJS arguments like require. See: https://nodejs.org/api/globals.html
globals.node: A combination of the globals from nodeBuiltin plus all CommonJS arguments ("CommonJS module scope"). See: https://nodejs.org/api/modules.html#modules_the_module_scope

When analyzing code that is known to run outside of a CommonJS wrapper, for example, JavaScript modules, nodeBuiltin can find accidental CommonJS references.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

4

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/es-yearly-globals.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/es-yearly-globals.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/es-yearly-globals.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/es-yearly-globals.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/es-yearly-globals.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/es-yearly-globals.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/main.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/globals/update.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/es-yearly-globals.yml:21
Warn: npmCommand not pinned by hash: .github/workflows/main.yml:21
Warn: npmCommand not pinned by hash: .github/workflows/update.yml:65
Warn: npmCommand not pinned by hash: .github/workflows/update.yml:70
Warn: npmCommand not pinned by hash: .github/workflows/update.yml:24
Warn: npmCommand not pinned by hash: .github/workflows/update.yml:25
Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 6 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

5.4

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More