Gathering detailed insights and metrics for javascript-typescript-langserver
Gathering detailed insights and metrics for javascript-typescript-langserver
JavaScript and TypeScript code intelligence through the Language Server Protocol
Installations
npm install javascript-typescript-langserverDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>=6.0.0
Node Version
8.15.1
NPM Version
6.0.0
Releases
27
Languages
2
TypeScript
JavaScript
TypeScript (99.2%)
JavaScript (0.8%)
Developer
Download Statistics
Total Downloads
499,838
Last Day
51
Last Week
232
Last Month
1,627
Last Year
27,267
GitHub Statistics
Apache-2.0 License
793 Stars
811 Commits
73 Forks
77 Watchers
83 Branches
194 Contributors
Updated on Dec 28, 2024
Maintainers
17
Package Meta Information
Latest Version
2.11.3
Package Id
javascript-typescript-langserver@2.11.3
Unpacked Size
734.76 kB
Size
123.21 kB
File Count
98
NPM Version
6.0.0
Node Version
8.15.1
Total Downloads
Cumulative downloads
Total Downloads
499,838
Last Day
-42.7%
51
Compared to previous day
Last Week
-42.7%
232
Compared to previous week
Last Month
-27%
1,627
Compared to previous month
Last Year
-9.1%
27,267
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
19
Dev Dependencies
28
@commitlint/cli@commitlint/config-conventional@sourcegraph/prettierrc@sourcegraph/tsconfig@sourcegraph/tslint-config@types/chai@types/chai-as-promised@types/glob@types/lodash@types/mocha@types/mz@types/node@types/object-hash@types/rimraf@types/sinon@types/tempcz-conventional-changeloghuskymochanycprettierrimrafsemantic-releasesinonsource-map-supporttemptslinttslint-language-service
JavaScript/TypeScript language server
This is a language server for JavaScript and TypeScript that adheres to the Language Server Protocol (LSP). It uses TypeScript's LanguageService to perform source code analysis.
Try it out
- On sourcegraph.com
- In Visual Studio Code (as an alternative to the built-in TypeScript integration)
- In Eclipse Che
- In NeoVim
- In Sublime Text
Features
- Hovers
- Goto definition
- Goto type definition
- Find all references
- Document symbols
- Workspace symbol search
- Rename
- Completion
- Signature help
- Diagnostics
- Quick fixes
Run it from source
1# install dependencies 2npm install 3 4# compile 5npm run build 6# or compile on file changes 7npm run watch 8 9# run over STDIO 10node lib/language-server-stdio 11# or run over TCP 12node lib/language-server 13 14# run tests 15npm test
Options
Usage: language-server [options]
Options:
-h, --help output usage information
-V, --version output the version number
-s, --strict enabled strict mode
-p, --port [port] specifies LSP port to use (2089)
-c, --cluster [num] number of concurrent cluster workers (defaults to number of CPUs, 8)
-t, --trace print all requests and responses
-l, --logfile [file] log to this file
-j, --enable-jaeger enable OpenTracing through Jaeger
Extensions
This language server implements some LSP extensions, prefixed with an x.
- Files extension Allows the server to request file contents without accessing the file system
- SymbolDescriptor extension Get a SymbolDescriptor for a symbol, search the workspace for symbols or references to it
- Streaming Supports streaming partial results for all endpoints through JSON Patches
- Packages extension Methods to get information about dependencies
- TCP / multiple client support
When running over TCP, the
exitnotification will not kill the process, but close the TCP socket
Versioning
This project follows semver for command line arguments and standard LSP methods. Any change to command line arguments, Node version or protocol breaking changes will result in a major version increase.
Debugging Performance with OpenTracing
The language server is fully traced through OpenTracing, which allows to debug what exact operations caused method calls to take long.
You can pass a span context through an optional meta field on the JSON RPC message object.
For local development, there is built-in support for the open source OpenTracing implementation Jaeger, which can be set up to run on localhost with just one command (you need Docker installed):
docker run -d -p5775:5775/udp -p6831:6831/udp -p6832:6832/udp \
-p5778:5778 -p16686:16686 -p14268:14268 jaegertracing/all-in-one:latest
After that, run the language server with the --enable-jaeger command line flag and do some requests from your client.
Open http://localhost:16686 in your browser and you will see method calls broken down into spans.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
Found 1/2 approved changesets -- score normalized to 5
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/lsif.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lsif.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/sourcegraph/javascript-typescript-langserver/lsif.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/lsif.yml:12
- Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
60 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-8gh8-hqwg-xf34
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
- Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
- Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
- Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
- Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
- Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
- Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
- Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
- Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
- Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-pc5p-h8pf-mvwp
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-675m-85rw-j3w4
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-xf5p-87ch-gxw2
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
- Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg
- Warn: Project is vulnerable to: GHSA-r2j6-p67h-q639
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-29xr-v42j-r956
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More