Gathering detailed insights and metrics for graphql-sse
Gathering detailed insights and metrics for graphql-sse
Zero-dependency, HTTP/1 safe, simple, GraphQL over Server-Sent Events Protocol server and client.
Installations
npm install graphql-sseDeveloper
Developer Guide
BETA
Module System
CommonJS, ESM, UMD
Min. Node Version
>=12
Typescript Support
Yes
Node Version
21.7.1
NPM Version
10.3.0
Statistics
390 Stars
258 Commits
21 Forks
9 Watching
2 Branches
11 Contributors
Updated on 17 Nov 2024
Bundle Size
9.26 kB
Minified
3.40 kB
Minified + Gzipped
Languages
TypeScript (85.45%)
MDX (11.54%)
JavaScript (3.01%)
Total Downloads
Cumulative downloads
Total Downloads
53,938,270
Last day
-10.8%
46,369
Compared to previous day
Last week
-13.1%
203,176
Compared to previous week
Last month
21.5%
923,655
Compared to previous month
Last year
-17.6%
8,592,337
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
32
@rollup/plugin-terser@rollup/plugin-typescript@semantic-release/changelog@semantic-release/git@types/eslint@types/eventsource@types/express@types/glob@types/koa@types/koa-bodyparser@types/koa-mount@typescript-eslint/eslint-plugin@typescript-eslint/parsereslinteslint-config-prettiereventsourceexpressfastifyglobgraphqlkoakoa-bodyparserkoa-mountprettierrolluprollup-plugin-gzipsemantic-releasetslibtypedoctypedoc-plugin-markdowntypescriptvitest
Versions
graphql-sse
Zero-dependency, HTTP/1 safe, simple, GraphQL over Server-Sent Events Protocol server and client.
Use WebSockets instead? Check out graphql-ws!
Get started
Swiftly start with the get started guide on the website.
Recipes
Short and concise code snippets for starting with common use-cases. Available on the website.
Documentation
Auto-generated by TypeDoc and then rendered on the website.
How does it work?
Read about the exact transport intricacies used by the library in the GraphQL over Server-Sent Events Protocol document.
Want to help?
File a bug, contribute with code, or improve documentation? Read up on our guidelines for contributing and drive development with yarn test --watch away!
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (10) are checked with a SAST tool
Reason
Found 9/30 approved changesets -- score normalized to 3
Reason
1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/algolia.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-and-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/website.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/algolia.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/algolia.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/algolia.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/algolia.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/algolia.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/algolia.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/build-and-release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/website.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/website.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/website.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/website.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/website.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/enisdenjo/graphql-sse/website.yml/master?enable=pin
- Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v2.5.3 not signed: https://api.github.com/repos/enisdenjo/graphql-sse/releases/148738223
- Warn: release artifact v2.5.2 not signed: https://api.github.com/repos/enisdenjo/graphql-sse/releases/134615933
- Warn: release artifact v2.5.1 not signed: https://api.github.com/repos/enisdenjo/graphql-sse/releases/133888880
- Warn: release artifact v2.5.0 not signed: https://api.github.com/repos/enisdenjo/graphql-sse/releases/133776047
- Warn: release artifact v2.4.1 not signed: https://api.github.com/repos/enisdenjo/graphql-sse/releases/133718276
- Warn: release artifact v2.5.3 does not have provenance: https://api.github.com/repos/enisdenjo/graphql-sse/releases/148738223
- Warn: release artifact v2.5.2 does not have provenance: https://api.github.com/repos/enisdenjo/graphql-sse/releases/134615933
- Warn: release artifact v2.5.1 does not have provenance: https://api.github.com/repos/enisdenjo/graphql-sse/releases/133888880
- Warn: release artifact v2.5.0 does not have provenance: https://api.github.com/repos/enisdenjo/graphql-sse/releases/133776047
- Warn: release artifact v2.4.1 does not have provenance: https://api.github.com/repos/enisdenjo/graphql-sse/releases/133718276
Reason
29 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-3wc5-fcw2-2329
- Warn: Project is vulnerable to: GHSA-64fm-8hw2-v72w
- Warn: Project is vulnerable to: GHSA-cvr6-37gx-v8wc
- Warn: Project is vulnerable to: GHSA-f98w-7cxr-ff2h
- Warn: Project is vulnerable to: GHSA-m4gq-x24j-jpmf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-gp8f-8m3g-qvj9
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More