Gathering detailed insights and metrics for metro-source-map
Gathering detailed insights and metrics for metro-source-map
🚇 The JavaScript bundler for React Native
Installations
npm install metro-source-mapDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=18.18
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
5,245 Stars
4,569 Commits
626 Forks
95 Watching
52 Branches
408 Contributors
Updated on 27 Nov 2024
Bundle Size
860.79 kB
Minified
210.21 kB
Minified + Gzipped
Languages
JavaScript (99.8%)
SCSS (0.16%)
CSS (0.03%)
TypeScript (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
397,803,780
Last day
-12.1%
572,440
Compared to previous day
Last week
-1.5%
3,275,322
Compared to previous week
Last month
8.5%
13,799,435
Compared to previous month
Last year
29.3%
139,090,890
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Metro
🚇 The JavaScript bundler for React Native.
- 🚅 Fast: We aim for sub-second reload cycles, fast startup and quick bundling speeds.
- ⚖️ Scalable: Works with thousands of modules in a single application.
- ⚛️ Integrated: Supports every React Native project out of the box.
Installation
Metro is included with React Native — see the React Native docs to quickly get started ⏱️.
To add Metro to an existing project, see our Getting Started guide.
Documentation
All available documentation, including on configuring Metro, can be found on the Metro website.
Source code for documentation is located in this repository under docs/.
Contributing
Metro was previously part of the react-native repository. In this standalone repository it is easier for the team working on Metro to respond to issues and pull requests. See react-native#13976 for the initial announcement.
Code of Conduct
Meta has adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.
Contributing guide
Read our contributing guide to learn about our development process, how to propose bug fixes and improvements, and how to build and test your changes to Metro.
Discussions
Larger discussions and proposals concerning React Native and Metro are discussed in @react-native-community/discussions-and-proposals.
License
Metro is MIT licensed, as found in the LICENSE file.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/facebook/.github/SECURITY.md:1
- Info: Found linked content: github.com/facebook/.github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: github.com/facebook/.github/SECURITY.md:1
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-jrvm-mcxc-mf6m
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/deploy-website.yml:18
- Warn: no topLevel permission defined: .github/workflows/build-test-and-deploy.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-website.yml:13
- Warn: no topLevel permission defined: .github/workflows/nightly-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-and-deploy.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/build-test-and-deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-and-deploy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/build-test-and-deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-and-deploy.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/build-test-and-deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/deploy-website.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/deploy-website.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-website.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/deploy-website.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-tests.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/nightly-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/metro/test.yml/main?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More