npmpackage.info

Gathering detailed insights and metrics for hosted-git-info

Other packages similar to hosted-git-info

@types/hosted-git-info

3.0.5

TypeScript definitions for hosted-git-info

@zkochan/hosted-git-info

4.0.2

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

mos-hosted-git-info

1.0.0

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

hosted-git-info-fixed

4.0.5

Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab

Gathering detailed insights and metrics for hosted-git-info

hosted-git-info

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

8.0.2

219

ISC

JavaScript

7.86 kB

9,989,060,149 6.8

Installations

npm install hosted-git-info

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

^18.17.0 || >=20.5.0

Node Version

22.11.0

NPM Version

10.9.0 Score

99.8

Supply Chain

100

Quality

85.9

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

4

Total

216

Closed

113

Merged

99

Issues

Open

3

Total

51

Closed

48

Releases

v8.0.2

Updated on Nov 21, 2024

v6.1.3

Updated on Nov 21, 2024

v6.1.2

Updated on Nov 21, 2024

v8.0.1

Updated on Nov 20, 2024

v8.0.0

Updated on Sep 04, 2024

v7.0.2

Updated on May 04, 2024

View All 15 releases

Contributors

Unable to fetch Contributors

View All 95 Contributors

Languages

JavaScript

JavaScript (100%)

Love this project? Help keep it running — sponsor us today! 🚀

Developer

npm

Download Statistics

Total Downloads

9,989,060,149

Last Day

10,151,646

Last Week

55,478,786

Last Month

227,257,938

Last Year

2,530,054,073

GitHub Statistics

ISC License

219 Stars

268 Commits

86 Forks

29 Watchers

8 Branches

95 Contributors

Updated on Jan 03, 2025

Bundle Size

26.39 kB

Minified

7.86 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

8.0.2

Package Id

hosted-git-info@8.0.2

Unpacked Size

26.17 kB

Size

7.37 kB

File Count

NPM Version

10.9.0

Node Version

22.11.0

Published on

Nov 21, 2024

Total Downloads

Cumulative downloads

Total Downloads

9,989,060,149

Last Day

2.4%

10,151,646

Compared to previous day

Last Week

3.7%

55,478,786

Compared to previous week

Last Month

37.3%

227,257,938

Compared to previous month

Last Year

11.2%

2,530,054,073

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

lru-cache

Dev Dependencies

@npmcli/eslint-config @npmcli/template-oss tap

hosted-git-info

This will let you identify and transform various git hosts URLs between protocols. It also can tell you what the URL is for the raw path for particular file for direct access without git.

Example

1const hostedGitInfo = require("hosted-git-info")
2const info = hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git", opts)
3/* info looks like:
4{
5  type: "github",
6  domain: "github.com",
7  user: "npm",
8  project: "hosted-git-info"
9}
10*/

If the URL can't be matched with a git host, null will be returned. We can match git, ssh and https urls. Additionally, we can match ssh connect strings (git@github.com:npm/hosted-git-info) and shortcuts (eg, github:npm/hosted-git-info). GitHub specifically, is detected in the case of a third, unprefixed, form: npm/hosted-git-info.

If it does match, the returned object has properties of:

info.type -- The short name of the service
info.domain -- The domain for git protocol use
info.user -- The name of the user/org on the git host
info.project -- The name of the project on the git host

Version Contract

The major version will be bumped any time…

The constructor stops accepting URLs that it previously accepted.
A method is removed.
A method can no longer accept the number and type of arguments it previously accepted.
A method can return a different type than it currently returns.

Implications:

I do not consider the specific format of the urls returned from, say .https() to be a part of the contract. The contract is that it will return a string that can be used to fetch the repo via HTTPS. But what that string looks like, specifically, can change.
Dropping support for a hosted git provider would constitute a breaking change.

Usage

const info = hostedGitInfo.fromUrl(gitSpecifier[, options])

gitSpecifer is a URL of a git repository or a SCP-style specifier of one.
options is an optional object. It can have the following properties:
- noCommittish — If true then committishes won't be included in generated URLs.
- noGitPlus — If true then git+ won't be prefixed on URLs.

Methods

All of the methods take the same options as the fromUrl factory. Options provided to a method override those provided to the constructor.

info.file(path, opts)

Given the path of a file relative to the repository, returns a URL for directly fetching it from the githost. If no committish was set then HEAD will be used as the default.

For example hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git#v1.0.0").file("package.json") would return https://raw.githubusercontent.com/npm/hosted-git-info/v1.0.0/package.json

info.shortcut(opts)

eg, github:npm/hosted-git-info

info.browse(path, fragment, opts)

eg, https://github.com/npm/hosted-git-info/tree/v1.2.0, https://github.com/npm/hosted-git-info/tree/v1.2.0/package.json, https://github.com/npm/hosted-git-info/tree/v1.2.0/README.md#supported-hosts

info.bugs(opts)

eg, https://github.com/npm/hosted-git-info/issues

info.docs(opts)

eg, https://github.com/npm/hosted-git-info/tree/v1.2.0#readme

info.https(opts)

eg, git+https://github.com/npm/hosted-git-info.git

info.sshurl(opts)

eg, git+ssh://git@github.com/npm/hosted-git-info.git

info.ssh(opts)

eg, git@github.com:npm/hosted-git-info.git

info.path(opts)

eg, npm/hosted-git-info

info.tarball(opts)

eg, https://github.com/npm/hosted-git-info/archive/v1.2.0.tar.gz

info.getDefaultRepresentation()

Returns the default output type. The default output type is based on the string you passed in to be parsed

info.toString(opts)

Uses the getDefaultRepresentation to call one of the other methods to get a URL for this resource. As such hostedGitInfo.fromUrl(url).toString() will give you a normalized version of the URL that still uses the same protocol.

Shortcuts will still be returned as shortcuts, but the special case github form of org/project will be normalized to github:org/project.

SSH connect strings will be normalized into git+ssh URLs.

Supported hosts

Currently this supports GitHub (including Gists), Bitbucket, GitLab and Sourcehut. Pull requests for additional hosts welcome.

Stable Version

8.0.2

Moderate

5.3/10

Summary

Regular Expression Denial of Service in hosted-git-info

Affected Versions

< 2.8.9

Patched Versions

2.8.9

Moderate

5.3/10

Summary

Regular Expression Denial of Service in hosted-git-info

Affected Versions

>= 3.0.0, < 3.0.8

Patched Versions

3.0.8

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

9

SAST

Determines if the project uses static code analysis.

6

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:58
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:43
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:52
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:51
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:131
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

Score

6.8

/10

Last Scanned on 2025-02-03

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More