Gathering detailed insights and metrics for loader-runner
Gathering detailed insights and metrics for loader-runner
Installations
npm install loader-runnerDeveloper
webpack
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=6.11.5
Typescript Support
No
Node Version
14.19.0
NPM Version
7.22.0
Statistics
303 Stars
107 Commits
60 Forks
10 Watching
4 Branches
86 Contributors
Updated on 25 Nov 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
4,774,162,860
Last day
-7.8%
4,341,828
Compared to previous day
Last week
1.4%
25,039,504
Compared to previous week
Last month
11.7%
103,672,457
Compared to previous month
Last year
-4.6%
1,109,709,277
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
6
Versions
loader-runner
1import { runLoaders } from "loader-runner"; 2 3runLoaders({ 4 resource: "/abs/path/to/file.txt?query", 5 // String: Absolute path to the resource (optionally including query string) 6 7 loaders: ["/abs/path/to/loader.js?query"], 8 // String[]: Absolute paths to the loaders (optionally including query string) 9 // {loader, options}[]: Absolute paths to the loaders with options object 10 11 context: { minimize: true }, 12 // Additional loader context which is used as base context 13 14 processResource: (loaderContext, resourcePath, callback) => { ... }, 15 // Optional: A function to process the resource 16 // Must have signature function(context, path, function(err, buffer)) 17 // By default readResource is used and the resource is added a fileDependency 18 19 readResource: fs.readFile.bind(fs) 20 // Optional: A function to read the resource 21 // Only used when 'processResource' is not provided 22 // Must have signature function(path, function(err, buffer)) 23 // By default fs.readFile is used 24}, function(err, result) { 25 // err: Error? 26 27 // result.result: Buffer | String 28 // The result 29 // only available when no error occurred 30 31 // result.resourceBuffer: Buffer 32 // The raw resource as Buffer (useful for SourceMaps) 33 // only available when no error occurred 34 35 // result.cacheable: Bool 36 // Is the result cacheable or do it require reexecution? 37 38 // result.fileDependencies: String[] 39 // An array of paths (existing files) on which the result depends on 40 41 // result.missingDependencies: String[] 42 // An array of paths (not existing files) on which the result depends on 43 44 // result.contextDependencies: String[] 45 // An array of paths (directories) on which the result depends on 46})
More documentation following...
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 3/13 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack/loader-runner/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/webpack/loader-runner/test.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Reason
14 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-qh2h-chj9-jffq
- Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Score
2.7
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More