npmpackage.info

Gathering detailed insights and metrics for hosted-git-info

Other packages similar to hosted-git-info

@types/hosted-git-info

3.0.5

TypeScript definitions for hosted-git-info

@pnpm/hosted-git-info

1.0.0

Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab

get-pkg-repo

5.0.0

Get repository user and project information from package.json file contents.

@hutson/parse-repository-url

5.0.0

Parse repository URLs to extract, SCM platform, domain, user, and project information.

Gathering detailed insights and metrics for hosted-git-info

hosted-git-info

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

8.0.2

218

ISC

JavaScript

7.86 kB

9,470,609,506 7.2

Installations

npm install hosted-git-info

Pull Requests

Open

3

Total

210

Closed

111

Merged

96

Issues

Open

3

Total

51

Closed

48

Releases

v8.0.2

Published on 21 Nov 2024

v6.1.3

Published on 21 Nov 2024

v6.1.2

Published on 21 Nov 2024

v8.0.1

Published on 20 Nov 2024

v8.0.0

Published on 04 Sept 2024

v7.0.2

Published on 04 May 2024

View all 15 releases

Developer

npm

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

^18.17.0 || >=20.5.0

Typescript Support

No

Node Version

22.11.0

NPM Version

10.9.0 Statistics

218 Stars

267 Commits

86 Forks

30 Watching

8 Branches

94 Contributors

Updated on 21 Nov 2024

Bundle Size

26.39 kB

Minified

7.86 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

9,470,609,506

Last day

-7.5%

10,408,641

Compared to previous day

Last week

2.9%

62,661,964

Compared to previous week

Last month

18.2%

246,888,425

Compared to previous month

Last year

12.1%

2,490,714,784

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

lru-cache

Dev Dependencies

@npmcli/eslint-config @npmcli/template-oss tap

Versions

hosted-git-info

This will let you identify and transform various git hosts URLs between protocols. It also can tell you what the URL is for the raw path for particular file for direct access without git.

Example

1const hostedGitInfo = require("hosted-git-info")
2const info = hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git", opts)
3/* info looks like:
4{
5  type: "github",
6  domain: "github.com",
7  user: "npm",
8  project: "hosted-git-info"
9}
10*/

If the URL can't be matched with a git host, null will be returned. We can match git, ssh and https urls. Additionally, we can match ssh connect strings (git@github.com:npm/hosted-git-info) and shortcuts (eg, github:npm/hosted-git-info). GitHub specifically, is detected in the case of a third, unprefixed, form: npm/hosted-git-info.

If it does match, the returned object has properties of:

info.type -- The short name of the service
info.domain -- The domain for git protocol use
info.user -- The name of the user/org on the git host
info.project -- The name of the project on the git host

Version Contract

The major version will be bumped any time…

The constructor stops accepting URLs that it previously accepted.
A method is removed.
A method can no longer accept the number and type of arguments it previously accepted.
A method can return a different type than it currently returns.

Implications:

I do not consider the specific format of the urls returned from, say .https() to be a part of the contract. The contract is that it will return a string that can be used to fetch the repo via HTTPS. But what that string looks like, specifically, can change.
Dropping support for a hosted git provider would constitute a breaking change.

Usage

const info = hostedGitInfo.fromUrl(gitSpecifier[, options])

gitSpecifer is a URL of a git repository or a SCP-style specifier of one.
options is an optional object. It can have the following properties:
- noCommittish — If true then committishes won't be included in generated URLs.
- noGitPlus — If true then git+ won't be prefixed on URLs.

Methods

All of the methods take the same options as the fromUrl factory. Options provided to a method override those provided to the constructor.

info.file(path, opts)

Given the path of a file relative to the repository, returns a URL for directly fetching it from the githost. If no committish was set then HEAD will be used as the default.

For example hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git#v1.0.0").file("package.json") would return https://raw.githubusercontent.com/npm/hosted-git-info/v1.0.0/package.json

info.shortcut(opts)

eg, github:npm/hosted-git-info

info.browse(path, fragment, opts)

eg, https://github.com/npm/hosted-git-info/tree/v1.2.0, https://github.com/npm/hosted-git-info/tree/v1.2.0/package.json, https://github.com/npm/hosted-git-info/tree/v1.2.0/README.md#supported-hosts

info.bugs(opts)

eg, https://github.com/npm/hosted-git-info/issues

info.docs(opts)

eg, https://github.com/npm/hosted-git-info/tree/v1.2.0#readme

info.https(opts)

eg, git+https://github.com/npm/hosted-git-info.git

info.sshurl(opts)

eg, git+ssh://git@github.com/npm/hosted-git-info.git

info.ssh(opts)

eg, git@github.com:npm/hosted-git-info.git

info.path(opts)

eg, npm/hosted-git-info

info.tarball(opts)

eg, https://github.com/npm/hosted-git-info/archive/v1.2.0.tar.gz

info.getDefaultRepresentation()

Returns the default output type. The default output type is based on the string you passed in to be parsed

info.toString(opts)

Uses the getDefaultRepresentation to call one of the other methods to get a URL for this resource. As such hostedGitInfo.fromUrl(url).toString() will give you a normalized version of the URL that still uses the same protocol.

Shortcuts will still be returned as shortcuts, but the special case github form of org/project will be normalized to github:org/project.

SSH connect strings will be normalized into git+ssh URLs.

Supported hosts

Currently this supports GitHub (including Gists), Bitbucket, GitLab and Sourcehut. Pull requests for additional hosts welcome.

Stable Version

The latest stable version of the package.

Stable Version

8.0.2

MODERATE

5.3/10

Summary

Regular Expression Denial of Service in hosted-git-info

Affected Versions

< 2.8.9

Patched Versions

2.8.9

MODERATE

5.3/10

Summary

Regular Expression Denial of Service in hosted-git-info

Affected Versions

>= 3.0.0, < 3.0.8

Patched Versions

3.0.8

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Maintained

Determines if the project is "actively maintained".

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

9

SAST

Determines if the project uses static code analysis.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/hosted-git-info/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:58
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:43
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:42
Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:52
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:131
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:51
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

Score

7.2

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More