Gathering detailed insights and metrics for min-dash
Gathering detailed insights and metrics for min-dash
Installations
npm install min-dashScore
99.6
Supply Chain
81.9
Quality
87.3
Maintenance
100
Vulnerability
100
License
Developer
bpmn-io
Developer Guide
BETA
Module System
ESM
Min. Node Version
Typescript Support
Yes
Node Version
20.11.1
NPM Version
10.9.0
Statistics
13 Stars
181 Commits
6 Forks
10 Watching
4 Branches
11 Contributors
Updated on 17 Oct 2024
Languages
JavaScript (99.46%)
TypeScript (0.54%)
Total Downloads
Cumulative downloads
Total Downloads
14,501,454
Last day
-5.9%
27,148
Compared to previous day
Last week
7.9%
151,760
Compared to previous week
Last month
9.1%
612,882
Compared to previous month
Last year
53.6%
5,960,854
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
min-dash
Minimal utility tool belt to be used with bpmn.io related libraries.
Features
- fine selection of powerful utilities on board
- ES2015 compatible
- complete bundle
< 2 kBminified and gzipped - utilities optimized for speed (i.e. sorting and union only by key)
How to use
1import { 2 find, 3 sortBy, 4 assign 5} from 'min-dash';
Your favourite module bundler should apply tree-shaking to only include the components your application requires. If you're using CommonJS modules give common-shake a try.
Related
- 1-liners - a slightly more opinionated collection of useful utilities
- min-dom - minimal DOM utility toolbelt
- tiny-svg - tiny SVG utility toolbelt
License
MIT
Stable Version
The latest stable version of the package.
Stable Version
4.2.2
HIGH
2
HIGH
0/10
Summary
Prototype pollution in min-dash < 3.8.1
Affected Versions
< 3.8.1
Patched Versions
3.8.1
HIGH
7.5/10
Summary
Prototype Pollution in min-dash
Affected Versions
< 3.8.1
Patched Versions
3.8.1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found linked content: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/bpmn-io/.github/SECURITY.md:1
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/min-dash/CI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/min-dash/CI.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 5/20 approved changesets -- score normalized to 2
Reason
3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/CI.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Score
3.9
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More