Gathering detailed insights and metrics for jointjs
Gathering detailed insights and metrics for jointjs
A proven SVG-based JavaScript diagramming library powering exceptional UIs
Installations
npm install jointjsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.18.2
NPM Version
9.8.1
Score
91.5
Supply Chain
99
Quality
80.6
Maintenance
100
Vulnerability
80.9
License
Releases
64
Languages
8
JavaScript
TypeScript
HTML
CSS
Shell
SCSS
Vue
Makefile
JavaScript (95.66%)
TypeScript (2.04%)
HTML (1.54%)
CSS (0.67%)
Shell (0.03%)
SCSS (0.03%)
Vue (0.03%)
Makefile (0.01%)
Developer
Download Statistics
Total Downloads
4,740,557
Last Day
741
Last Week
18,061
Last Month
76,518
Last Year
1,110,840
GitHub Statistics
MPL-2.0 License
4,963 Stars
1,770 Commits
872 Forks
154 Watchers
7 Branches
93 Contributors
Updated on Jun 12, 2025
Bundle Size
630.30 kB
Minified
177.12 kB
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
3.7.7
Package Id
jointjs@3.7.7
Unpacked Size
7.88 MB
Size
1.82 MB
File Count
157
NPM Version
9.8.1
Node Version
18.18.2
Published on
Nov 07, 2023
Total Downloads
Cumulative downloads
Total Downloads
4,740,557
Last Day
37.7%
741
Compared to previous day
Last Week
-3.8%
18,061
Compared to previous week
Last Month
-11.3%
76,518
Compared to previous month
Last Year
18.1%
1,110,840
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
62
@types/backbone@types/dagre@types/graphlib@types/jquery@types/lodash@typescript-eslint/eslint-plugin@typescript-eslint/parserasyncchaicheeriocore-jses-module-shimseslintexpressgruntgrunt-browserifygrunt-compile-docsgrunt-contrib-cleangrunt-contrib-concatgrunt-contrib-copygrunt-contrib-cssmingrunt-contrib-qunitgrunt-contrib-uglifygrunt-contrib-watchgrunt-envgrunt-eslintgrunt-karmagrunt-mocha-testgrunt-newergrunt-shellgrunt-tsgrunt-webpackhandlebarsjit-gruntkarmakarma-chrome-launcherkarma-coveragekarma-qunitkarma-sinonload-grunt-configmochaopen-sans-fontfaceprism-themesprismjspuppeteerqunitrequirejsrolluprollup-plugin-bublerollup-plugin-commonjsrollup-plugin-external-globalsrollup-plugin-jsonrollup-plugin-node-resolveselenium-standaloneserve-staticshouldsinontime-grunttypescriptwebdriveriowebpackwebpack-dev-server
JointJS - JavaScript diagramming library powering exceptional UIs
JointJS is a tested and proven JavaScript/Typescript diagramming library that helps developers and companies of any size build visual and No-Code/Low-Code applications faster and with confidence. It’s a flexible tool from which a wide range of UIs can be created (interactive diagramming applications, drawing tools, data visualizations, UIs for monitoring systems, and many more). It can become the foundational layer of your next application and help you bring your idea to market in days, not months or years.
Further information, examples and documentation can be found at jointjs.com.
:1234: Get started with tutorials.
:bulb: To ask a question, share feedback, or engage in a discussion with other community members, visit our GitHub discussions.
:pen: More examples are available on CodePen.
:book: Check out our mind-map documentation.
Features
- essential diagram elements (rect, circle, ellipse, text, image, path)
- ready-to-use diagram elements of well-known diagrams (ERD, Org chart, FSA, UML, PN, DEVS, ...)
- custom diagram elements based on SVG or programmatically rendered
- connecting diagram elements with links or links with links
- customizable links, their arrowheads and labels
- configurable link shapes (anchors, connection points, vertices, routers, connectors)
- custom element properties and data
- import/export from/to JSON format
- customizable element ports (look and position, distributed around shapes or manually positioned)
- rich graph API (traversal, dfs, bfs, find neighbors, predecessors, elements at point, ...)
- granular interactivity
- hierarchical diagrams (containers, embedded elements, child-parent relationships)
- element & link tools (buttons, status icons, tools to change the shape of links, ...)
- highlighters (provide visual emphasis to your elements)
- automatic layouts (arrange the elements and links automatically)
- highly event driven (react on any event that happens inside the diagram)
- zoom in/out
- touch support
- MVC architecture
- SVG based
- ... a lot more
Supported browsers
- Latest Google Chrome (including mobile)
- Latest Firefox
- Latest Safari (including mobile)
- Latest Microsoft's Edge
- Latest Opera
Development Environment
If you want to work on JointJS locally, use the following guidelines to get started.
Dependencies
Make sure you have the following dependencies installed on your system:
Setup
Clone this git repository:
git clone https://github.com/clientIO/joint.git
Change into the joint directory:
cd joint
Install all NPM dependencies:
npm install
Generate build files from the source code:
grunt install
You are ready now to browse our demos:
cd demo
Tests
To run all tests:
grunt test
To run only the server-side tests:
grunt test:server
To run only the client-side tests:
grunt test:client
Lint
To check for linting errors in src and types directories:
npm run lint
To auto fix errors, run eslint for src and types directories:
npm run lint:fix
Code Coverage Reports
To output a code coverage report in HTML:
grunt test:coverage
To output a code coverage report in lcov format:
grunt test:coverage --reporter="lcov"
The output for all unit tests will be saved in the coverage directory.
Building Distribution Files
The dist directory contains pre-built distribution files. To re-build them, run the following:
grunt dist
Documentation
The source for the JointJS documentation (plus Geometry and Vectorizer libraries) are included in this repository; see the docs directory. The documentation can be built into stand-alone HTML documents like this:
grunt build:docs
The output of the above command can be found at build/docs.
Contributors
License
The JointJS library is licensed under the Mozilla Public License 2.0.
Copyright © 2013-2023 client IO
High
7.5/10
Summary
Denial of Service (DoS) via the unsetByPath function in jsjoints
Affected Versions
< 3.3.0
Patched Versions
3.3.0
High
0/10
Summary
Prototype pollution in JointJS
Affected Versions
< 3.3.0
Patched Versions
3.3.0
Moderate
5.6/10
Summary
Prototype Pollution in jointjs
Affected Versions
< 3.4.2
Patched Versions
3.4.2
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
27 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/clientIO/joint/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/clientIO/joint/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/clientIO/joint/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/clientIO/joint/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/clientIO/joint/stale.yml/master?enable=pin
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
50 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
- Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-jc84-3g44-wf2q
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Score
7.1
/10
Last Scanned on 2025-06-09
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More