Gathering detailed insights and metrics for install-artifact-from-github
Gathering detailed insights and metrics for install-artifact-from-github
No-dependency micro helper for developers of binary addons for Node that checks the cache for an artifact before attempting to build a project. Save time for your users!
Installations
npm install install-artifact-from-githubDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
24.0.1
NPM Version
11.3.0
Releases
Unable to fetch releases
Languages
2
JavaScript
Shell
JavaScript (94.86%)
Shell (5.14%)
Developer
uhop
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
NOASSERTION License
6 Stars
63 Commits
3 Forks
2 Watchers
1 Branches
3 Contributors
Updated on May 12, 2025
Maintainers
1
Package Meta Information
Latest Version
1.4.0
Package Id
install-artifact-from-github@1.4.0
Unpacked Size
20.74 kB
Size
6.66 kB
File Count
5
NPM Version
11.3.0
Node Version
24.0.1
Published on
May 12, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
install-artifact-from-github 
This is a no-dependency micro helper for developers of binary addons for Node. It is literally two small one-file utilities integrated with GitHub releases. The project solves two problems:
- save-to-github-cache saves a binary artifact to a Github release according to the platform, architecture, and Node ABI.
- Designed to be used with GitHub actions.
- install-from-cache retrieves a previously saved artifact, tests if it works properly, and rebuilds a project from sources in the case of failure.
In general, it can save your users from a long recompilation and, in some cases, even save them from installing build tools. By using GitHub facilities (Releases and Actions) the whole process of publishing and subsequent installations are secure, transparent, painless, inexpensive, or even free for public repositories.
How to install
Installation:
npm install --save install-artifact-from-github
How to use
In your package.json (pseudo-code with comments):
1{ 2 // your custom package.json stuff 3 // ... 4 "scripts": { 5 // your scripts go here 6 // ... 7 8 // saves an artifact 9 "save-to-github": "save-to-github-cache --artifact build/Release/ABC.node", 10 11 // installs using pre-created artifacts 12 "install": "install-from-cache --artifact build/Release/ABC.node", 13 14 // used by "install" to test the artifact 15 "verify-build": "node scripts/verify-build.js" 16 17 // used by "install" to rebuild from sources 18 "rebuild": "node-gyp rebuild" 19 } 20}
Examples of GitHub actions can be found in the documentation.
Documentation
The full documentation is available in the wiki.
Release history
- 1.4.0 added support for uncompresed artifacts and selective compression format.
- 1.3.5 propagated the previous timeout fix to the saving utility.
- 1.3.4 minor fixes + a timeout fix: use a new default agent for GET. Thx, Laura Hausmann.
- 1.3.3 minor refactor, added support for a personal token.
- 1.3.2 added support for the 204 response and error logging.
- 1.3.1 added a way to specify a custom build, thx Grisha Pushkov + a test.
- 1.3.0 enhanced support for custom mirrors.
- 1.2.0 support for NPM >= 7.
- 1.1.3 technical release: updated docs.
- 1.1.2 technical release: updated docs.
- 1.1.1 numerous bugfixes to please Github REST API.
- 1.1.0 moved
save-to-githubhere from a separate project, reduced 3rd-party dependencies. - 1.0.2 fixed a
yarn-specific bug. - 1.0.1 fixed a bug in the environment variable parameter.
- 1.0.0 initial release (extracted from node-re2).
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 1 are checked with a SAST tool
Reason
5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/uhop/install-artifact-from-github/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/uhop/install-artifact-from-github/build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/uhop/install-artifact-from-github/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/uhop/install-artifact-from-github/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/uhop/install-artifact-from-github/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/uhop/install-artifact-from-github/codeql-analysis.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:35
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
4.2
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More