Gathering detailed insights and metrics for googleapis-common
Gathering detailed insights and metrics for googleapis-common
A set of common APIs and tools for Google npm modules.
Installations
npm install googleapis-commonScore
56.7
Supply Chain
98.5
Quality
78.1
Maintenance
100
Vulnerability
99.5
License
Developer
googleapis
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=14.0.0
Typescript Support
Yes
Node Version
14.21.3
NPM Version
6.14.18
Statistics
55 Stars
389 Commits
34 Forks
45 Watching
117 Branches
120 Contributors
Updated on 21 Oct 2024
Languages
TypeScript (89.61%)
JavaScript (10.02%)
Python (0.37%)
Total Downloads
Cumulative downloads
Total Downloads
303,888,187
Last day
-21.5%
391,714
Compared to previous day
Last week
-3.4%
2,581,373
Compared to previous week
Last month
4.4%
11,173,623
Compared to previous month
Last year
47.7%
109,340,799
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
6
Dev Dependencies
42
@babel/plugin-proposal-private-methods@compodoc/compodoc@types/execa@types/extend@types/mocha@types/mv@types/ncp@types/nock@types/proxyquire@types/qs@types/sinon@types/tmp@types/url-template@types/uuidc8codecovexecagtshttp2spyis-dockerkarmakarma-chrome-launcherkarma-coveragekarma-firefox-launcherkarma-mochakarma-remap-coveragekarma-sourcemap-loaderkarma-webpacklinkinatormochamvncpnocknull-loaderproxyquirepuppeteersinontmpts-loadertypescriptwebpackwebpack-cli
Versions
Google APIs Common Module: Node.js Client
A common tooling library used by the googleapis npm module. You probably don't want to use this directly.
A comprehensive list of changes in each version may be found in the CHANGELOG.
Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.
Table of contents:
Quickstart
Installing the client library
1npm install googleapis-common
The Google APIs Common Module Node.js Client API Reference documentation also contains samples.
Supported Node.js Versions
Our client libraries follow the Node.js release schedule. Libraries are compatible with all current active and maintenance versions of Node.js. If you are using an end-of-life version of Node.js, we recommend that you update as soon as possible to an actively supported LTS version.
Google's client libraries support legacy versions of Node.js runtimes on a best-efforts basis with the following warnings:
- Legacy versions are not tested in continuous integration.
- Some security patches and features cannot be backported.
- Dependencies cannot be kept up-to-date.
Client libraries targeting some end-of-life versions of Node.js are available, and
can be installed through npm dist-tags.
The dist-tags follow the naming convention legacy-(version).
For example, npm install googleapis-common@legacy-8 installs client libraries
for versions compatible with Node.js 8.
Versioning
This library follows Semantic Versioning.
This library is considered to be stable. The code surface will not change in backwards-incompatible ways unless absolutely necessary (e.g. because of critical security issues) or with an extensive deprecation period. Issues and requests against stable libraries are addressed with the highest priority.
More Information: Google Cloud Platform Launch Stages
Contributing
Contributions welcome! See the Contributing Guide.
Please note that this README.md, the samples/README.md,
and a variety of configuration files in this repository (including .nycrc and tsconfig.json)
are generated from a central template. To edit one of these files, make an edit
to its templates in
directory.
License
Apache Version 2.0
See LICENSE
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
SAST tool is not run on all commits -- score normalized to 4
Details
- Warn: 13 commits out of 30 are checked with a SAST tool
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
- Warn: no topLevel permission defined: .github/workflows/response.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/response.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/response.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/response.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-googleapis-common/response.yaml/main?enable=pin
- Warn: npmCommand not pinned by hash: .kokoro/browser-test.sh:27
- Warn: npmCommand not pinned by hash: .kokoro/docs.sh:23
- Warn: npmCommand not pinned by hash: .kokoro/lint.sh:23
- Warn: npmCommand not pinned by hash: .kokoro/lint.sh:29
- Warn: npmCommand not pinned by hash: .kokoro/publish.sh:29
- Warn: npmCommand not pinned by hash: .kokoro/release/docs-devsite.sh:27
- Warn: npmCommand not pinned by hash: .kokoro/release/docs-devsite.sh:28
- Warn: npmCommand not pinned by hash: .kokoro/release/docs.sh:27
- Warn: npmCommand not pinned by hash: .kokoro/release/docs.sh:31
- Warn: npmCommand not pinned by hash: .kokoro/samples-test.sh:35
- Warn: npmCommand not pinned by hash: .kokoro/samples-test.sh:40
- Warn: npmCommand not pinned by hash: .kokoro/system-test.sh:34
- Warn: npmCommand not pinned by hash: .kokoro/test.sh:23
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:57
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:23
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:26
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:48
- Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 17 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.9
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More