npmpackage.info

Gathering detailed insights and metrics for hosted-git-info

hosted-git-info - 8.1.0 | npmpackage.info

hosted-git-info

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

8.1.0

226

ISC

JavaScript

27.44 kB

6.4

Installations

npm install hosted-git-info

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

^18.17.0 || >=20.5.0

Node Version

22.14.0

NPM Version

11.3.0 Pull Requests

Open

0

Total

227

Closed

115

Merged

112

Issues

Open

3

Total

51

Closed

48

Releases

v8.1.0

Updated on Apr 14, 2025

v8.0.2

Updated on Nov 21, 2024

v6.1.3

Updated on Nov 21, 2024

v6.1.2

Updated on Nov 21, 2024

v8.0.1

Updated on Nov 20, 2024

v8.0.0

Updated on Sep 04, 2024

View All 16 releases

Languages

JavaScript

JavaScript (100%)

Developer

npm

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

ISC License

226 Stars

274 Commits

87 Forks

28 Watchers

5 Branches

95 Contributors

Updated on Jul 09, 2025

Maintainers

View All 95 Contributors

Package Meta Information

Latest Version

8.1.0

Package Id

hosted-git-info@8.1.0

Unpacked Size

27.44 kB

Size

7.76 kB

File Count

NPM Version

11.3.0

Node Version

22.14.0

Published on

Apr 14, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

lru-cache

Dev Dependencies

@npmcli/eslint-config @npmcli/template-oss tap

hosted-git-info

This will let you identify and transform various git hosts URLs between protocols. It also can tell you what the URL is for the raw path for particular file for direct access without git.

Example

1const hostedGitInfo = require("hosted-git-info")
2const info = hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git", opts)
3/* info looks like:
4{
5  type: "github",
6  domain: "github.com",
7  user: "npm",
8  project: "hosted-git-info"
9}
10*/

If the URL can't be matched with a git host, null will be returned. We can match git, ssh and https urls. Additionally, we can match ssh connect strings (git@github.com:npm/hosted-git-info) and shortcuts (eg, github:npm/hosted-git-info). GitHub specifically, is detected in the case of a third, unprefixed, form: npm/hosted-git-info.

If it does match, the returned object has properties of:

info.type -- The short name of the service
info.domain -- The domain for git protocol use
info.user -- The name of the user/org on the git host
info.project -- The name of the project on the git host

Version Contract

The major version will be bumped any time…

The constructor stops accepting URLs that it previously accepted.
A method is removed.
A method can no longer accept the number and type of arguments it previously accepted.
A method can return a different type than it currently returns.

Implications:

I do not consider the specific format of the urls returned from, say .https() to be a part of the contract. The contract is that it will return a string that can be used to fetch the repo via HTTPS. But what that string looks like, specifically, can change.
Dropping support for a hosted git provider would constitute a breaking change.

Usage

const info = hostedGitInfo.fromUrl(gitSpecifier[, options])

gitSpecifer is a URL of a git repository or a SCP-style specifier of one.
options is an optional object. It can have the following properties:
- noCommittish — If true then committishes won't be included in generated URLs.
- noGitPlus — If true then git+ won't be prefixed on URLs.

const infoOrURL = hostedGitInfo.fromManifest(manifest[, options])

manifest is a package manifest, such as that returned by pacote.manifest()
options is an optional object. It can have the same properties as fromUrl above.

Methods

All of the methods take the same options as the fromUrl factory. Options provided to a method override those provided to the constructor.

info.file(path, opts)

Given the path of a file relative to the repository, returns a URL for directly fetching it from the githost. If no committish was set then HEAD will be used as the default.

For example hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git#v1.0.0").file("package.json") would return https://raw.githubusercontent.com/npm/hosted-git-info/v1.0.0/package.json

info.shortcut(opts)

eg, github:npm/hosted-git-info

info.browse(path, fragment, opts)

eg, https://github.com/npm/hosted-git-info/tree/v1.2.0, https://github.com/npm/hosted-git-info/tree/v1.2.0/package.json, https://github.com/npm/hosted-git-info/tree/v1.2.0/README.md#supported-hosts

info.bugs(opts)

eg, https://github.com/npm/hosted-git-info/issues

info.docs(opts)

eg, https://github.com/npm/hosted-git-info/tree/v1.2.0#readme

info.https(opts)

eg, git+https://github.com/npm/hosted-git-info.git

info.sshurl(opts)

eg, git+ssh://git@github.com/npm/hosted-git-info.git

info.ssh(opts)

eg, git@github.com:npm/hosted-git-info.git

info.path(opts)

eg, npm/hosted-git-info

info.tarball(opts)

eg, https://github.com/npm/hosted-git-info/archive/v1.2.0.tar.gz

info.getDefaultRepresentation()

Returns the default output type. The default output type is based on the string you passed in to be parsed

info.toString(opts)

Uses the getDefaultRepresentation to call one of the other methods to get a URL for this resource. As such hostedGitInfo.fromUrl(url).toString() will give you a normalized version of the URL that still uses the same protocol.

Shortcuts will still be returned as shortcuts, but the special case github form of org/project will be normalized to github:org/project.

SSH connect strings will be normalized into git+ssh URLs.

Supported hosts

Currently this supports GitHub (including Gists), Bitbucket, GitLab and Sourcehut. Pull requests for additional hosts welcome.

Moderate

5.3/10

Summary

Regular Expression Denial of Service in hosted-git-info

Affected Versions

< 2.8.9

Patched Versions

2.8.9

Moderate

5.3/10

Summary

Regular Expression Denial of Service in hosted-git-info

Affected Versions

>= 3.0.0, < 3.0.8

Patched Versions

3.0.8

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

8

SAST

Determines if the project uses static code analysis.

3

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:41
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:62
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:46
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:45
Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:56
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:51
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:131
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.4

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More