Gathering detailed insights and metrics for next
Gathering detailed insights and metrics for next
Installations
npm install nextDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
^18.18.0 || ^19.8.0 || >= 20.0.0
Node Version
20.19.0
NPM Version
10.4.0
Score
36
Supply Chain
6.3
Quality
97.1
Maintenance
100
Vulnerability
0
License
Releases
2,992
v15.3.0-canary.26
v15.3.0-canary.26
Updated on Mar 30, 2025
v15.3.0-canary.25
v15.3.0-canary.25
Updated on Mar 29, 2025
v12.3.7
v12.3.7
Updated on Mar 28, 2025
v13.5.11
v13.5.11
Updated on Mar 27, 2025
v15.3.0-canary.24
v15.3.0-canary.24
Updated on Mar 26, 2025
v15.3.0-canary.23
v15.3.0-canary.23
Updated on Mar 26, 2025
Languages
13
JavaScript
TypeScript
Rust
CSS
MDX
Shell
SCSS
Dockerfile
HTML
Sass
Batchfile
WebAssembly
Pug
JavaScript (59.1%)
TypeScript (25.31%)
Rust (14.04%)
CSS (0.94%)
MDX (0.55%)
Shell (0.02%)
SCSS (0.02%)
Dockerfile (0.01%)
HTML (0.01%)
Developer
Download Statistics
Total Downloads
954,628,325
Last Day
555,152
Last Week
10,043,936
Last Month
38,965,656
Last Year
374,448,125
GitHub Statistics
MIT License
130,695 Stars
27,951 Commits
28,026 Forks
1,474 Watchers
1,512 Branches
3,584 Contributors
Updated on Mar 31, 2025
Maintainers
3
Package Meta Information
Latest Version
15.2.4
Package Id
next@15.2.4
Unpacked Size
105.88 MB
Size
22.77 MB
File Count
7,277
NPM Version
10.4.0
Node Version
20.19.0
Published on
Mar 24, 2025
Total Downloads
Cumulative downloads
Total Downloads
954,628,325
Last Day
-4.6%
555,152
Compared to previous day
Last Week
3.4%
10,043,936
Compared to previous week
Last Month
4.5%
38,965,656
Compared to previous month
Last Year
49%
374,448,125
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
212
@ampproject/toolbox-optimizer@babel/code-frame@babel/core@babel/eslint-parser@babel/generator@babel/plugin-proposal-class-properties@babel/plugin-proposal-export-namespace-from@babel/plugin-proposal-numeric-separator@babel/plugin-proposal-object-rest-spread@babel/plugin-syntax-bigint@babel/plugin-syntax-dynamic-import@babel/plugin-syntax-import-attributes@babel/plugin-syntax-jsx@babel/plugin-transform-modules-commonjs@babel/plugin-transform-runtime@babel/preset-env@babel/preset-react@babel/preset-typescript@babel/runtime@babel/traverse@babel/types@capsizecss/metrics@edge-runtime/cookies@edge-runtime/ponyfill@edge-runtime/primitives@hapi/accept@jest/transform@jest/types@mswjs/interceptors@napi-rs/triples@next/font@next/polyfill-module@next/polyfill-nomodule@next/react-refresh-utils@next/swc@opentelemetry/api@playwright/test@storybook/addon-a11y@storybook/addon-essentials@storybook/addon-interactions@storybook/addon-webpack5-compiler-swc@storybook/blocks@storybook/react@storybook/react-webpack5@storybook/test@storybook/test-runner@swc/core@swc/types@taskr/clear@taskr/esnext@types/amphtml-validator@types/babel__code-frame@types/babel__core@types/babel__generator@types/babel__template@types/babel__traverse@types/bytes@types/ci-info@types/compression@types/content-disposition@types/content-type@types/cookie@types/cross-spawn@types/debug@types/express-serve-static-core@types/fresh@types/glob@types/jsonwebtoken@types/lodash@types/lodash.curry@types/path-to-regexp@types/picomatch@types/platform@types/react@types/react-dom@types/react-is@types/semver@types/send@types/shell-quote@types/tar@types/text-table@types/ua-parser-js@types/webpack-sources1@types/ws@vercel/ncc@vercel/nft@vercel/turbopack-ecmascript-runtimeacornamphtml-validatoranserargassertasync-retryasync-semaaxe-playwrightbabel-plugin-react-compilerbabel-plugin-transform-definebabel-plugin-transform-react-remove-prop-typesbrowserify-zlibbrowserslistbufferbytesci-infocli-selectclient-onlycommandercomment-jsoncompressionconfconstants-browserifycontent-dispositioncontent-typecookiecross-envcross-spawncrypto-browserifycss.escapecssnano-preset-defaultdata-uri-to-bufferdebugdevaluedomain-browseredge-runtimeeventsfind-upfreshglobgzip-sizehttp-proxyhttp-proxy-agenthttps-browserifyhttps-proxy-agenticss-utilsignore-loaderimage-sizeis-dockeris-wsljest-workerjson5jsonwebtokenloader-runnerloader-utils2loader-utils3lodash.currymini-css-extract-pluginmswnanoidnative-urlneo-asyncnode-html-parseroraos-browserifyp-limitp-queuepath-browserifypath-to-regexppicomatchpostcss-flexbugs-fixespostcss-modules-extract-importspostcss-modules-local-by-defaultpostcss-modules-scopepostcss-modules-valuespostcss-preset-envpostcss-safe-parserpostcss-scsspostcss-value-parserprocesspunycodequerystring-es3raw-bodyreact-refreshregenerator-runtimesass-loaderschema-utils2schema-utils3semversendserver-onlysetimmediateshell-quotesource-mapsource-map-loadersource-map08stacktrace-parserstorybookstream-browserifystream-httpstrict-event-emitterstring-hashstring_decoderstrip-ansisuperstructtartaskrterserterser-webpack-plugintext-tabletimers-browserifytty-browserifytypescriptua-parser-jsunistoreutilvm-browserifywatchpackweb-vitalswebpackwebpack-sources1webpack-sources3wszodzod-validation-error
Next.js
Getting Started
Used by some of the world's largest companies, Next.js enables you to create full-stack web applications by extending the latest React features, and integrating powerful Rust-based JavaScript tooling for the fastest builds.
- Visit our Learn Next.js course to get started with Next.js.
- Visit the Next.js Showcase to see more sites built with Next.js.
Documentation
Visit https://nextjs.org/docs to view the full documentation.
Community
The Next.js community can be found on GitHub Discussions where you can ask questions, voice ideas, and share your projects with other people.
To chat with other community members you can join the Next.js Discord server.
Do note that our Code of Conduct applies to all Next.js community channels. Users are highly encouraged to read and adhere to them to avoid repercussions.
Contributing
Contributions to Next.js are welcome and highly appreciated. However, before you jump right into it, we would like you to review our Contribution Guidelines to make sure you have a smooth experience contributing to Next.js.
Good First Issues:
We have a list of good first issues that contain bugs that have a relatively limited scope. This is a great place for newcomers and beginners alike to get started, gain experience, and get familiar with our contribution process.
Security
If you believe you have found a security vulnerability in Next.js, we encourage you to responsibly disclose this and NOT open a public issue. We will investigate all legitimate reports. Email security@vercel.com to disclose any security vulnerabilities. Alternatively, you can visit this link to know more about Vercel's security and report any security vulnerabilities.
Critical
9.1/10
Summary
Authorization Bypass in Next.js Middleware
Affected Versions
>= 11.1.4, < 12.3.5
Patched Versions
12.3.5
Critical
9.1/10
Summary
Authorization Bypass in Next.js Middleware
Affected Versions
>= 15.0.0, < 15.2.3
Patched Versions
15.2.3
Critical
9.1/10
Summary
Authorization Bypass in Next.js Middleware
Affected Versions
>= 14.0.0, < 14.2.25
Patched Versions
14.2.25
Critical
9.1/10
Summary
Authorization Bypass in Next.js Middleware
Affected Versions
>= 13.0.0, < 13.5.9
Patched Versions
13.5.9
High
7.5/10
Summary
Next.js authorization bypass vulnerability
Affected Versions
>= 9.5.5, < 14.2.15
Patched Versions
14.2.15
High
7.5/10
Summary
Next.js Denial of Service (DoS) condition
Affected Versions
>= 13.3.1, < 13.5.0
Patched Versions
13.5.0
High
7.5/10
Summary
Next.js Cache Poisoning
Affected Versions
>= 14.0.0, < 14.2.10
Patched Versions
14.2.10
High
7.5/10
Summary
Next.js Cache Poisoning
Affected Versions
>= 13.5.1, < 13.5.7
Patched Versions
13.5.7
High
7.5/10
Summary
Next.js Server-Side Request Forgery in Server Actions
Affected Versions
>= 13.4.0, < 14.1.1
Patched Versions
14.1.1
High
7.5/10
Summary
Next.js Vulnerable to HTTP Request Smuggling
Affected Versions
>= 13.4.0, < 13.5.1
Patched Versions
13.5.1
High
7.5/10
Summary
Unexpected server crash in Next.js.
Affected Versions
>= 0.9.9, < 11.1.3
Patched Versions
11.1.3
High
7.5/10
Summary
Unexpected server crash in Next.js.
Affected Versions
>= 12.0.0, < 12.0.5
Patched Versions
12.0.5
High
7.5/10
Summary
Next.js Directory Traversal Vulnerability
Affected Versions
>= 1.0.0, < 2.4.1
Patched Versions
2.4.1
High
0/10
Summary
Remote Code Execution in next
Affected Versions
>= 0.9.9, < 5.1.0
Patched Versions
5.1.0
High
7.5/10
Summary
XSS in Image Optimization API for Next.js
Affected Versions
>= 10.0.0, < 11.1.1
Patched Versions
11.1.1
High
7.5/10
Summary
Directory traversal vulnerability in Next.js
Affected Versions
>= 1.0.0, < 4.2.3
Patched Versions
4.2.3
Moderate
5.3/10
Summary
Next.js Allows a Denial of Service (DoS) with Server Actions
Affected Versions
>= 15.0.0, < 15.1.2
Patched Versions
15.1.2
Moderate
5.3/10
Summary
Next.js Allows a Denial of Service (DoS) with Server Actions
Affected Versions
>= 14.0.0, < 14.2.21
Patched Versions
14.2.21
Moderate
5.3/10
Summary
Next.js Allows a Denial of Service (DoS) with Server Actions
Affected Versions
>= 13.0.0, < 13.5.8
Patched Versions
13.5.8
Moderate
5.9/10
Summary
Denial of Service condition in Next.js image optimization
Affected Versions
>= 10.0.0, < 14.2.7
Patched Versions
14.2.7
Moderate
5.3/10
Summary
Unexpected server crash in Next.js
Affected Versions
= 12.2.3
Patched Versions
12.2.4
Moderate
6.9/10
Summary
Open Redirect in Next.js
Affected Versions
>= 0.9.9, < 11.1.0
Patched Versions
11.1.0
Moderate
5.9/10
Summary
Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
Affected Versions
>= 10.0.0, < 12.1.0
Patched Versions
12.1.0
Moderate
5.9/10
Summary
Denial of Service Vulnerability in next.js
Affected Versions
>= 12.0.0, < 12.0.9
Patched Versions
12.0.9
Moderate
4.7/10
Summary
Open Redirect in Next.js versions
Affected Versions
>= 9.5.0, < 9.5.4
Patched Versions
9.5.4
Moderate
4.4/10
Summary
Directory Traversal in Next.js
Affected Versions
< 9.3.2
Patched Versions
9.3.2
Moderate
6.1/10
Summary
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Affected Versions
>= 7.0.0, < 7.0.2
Patched Versions
7.0.2
Low
0/10
Summary
Next.js missing cache-control header may lead to CDN caching empty reply
Affected Versions
>= 0.9.9, < 13.4.20-canary.13
Patched Versions
13.4.20-canary.13
Reason
30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: license.md:0
- Info: FSF or OSI recognized license: MIT License: license.md:0
Reason
no dangerous workflow patterns detected
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build_and_deploy.yml:595
Reason
Found 24/30 approved changesets -- score normalized to 8
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/vercel/.github/SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/vercel/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/vercel/.github/SECURITY.md:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build_and_deploy.yml:538
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build_and_deploy.yml:600
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build_and_test.yml:40
- Warn: no topLevel permission defined: .github/workflows/bench.yml:1
- Warn: no topLevel permission defined: .github/workflows/build_and_deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/build_and_test.yml:1
- Warn: no topLevel permission defined: .github/workflows/build_reusable.yml:1
- Warn: no topLevel permission defined: .github/workflows/cancel.yml:1
- Warn: no topLevel permission defined: .github/workflows/code_freeze.yml:1
- Warn: no topLevel permission defined: .github/workflows/graphite_ci_optimizer.yml:1
- Warn: no topLevel permission defined: .github/workflows/integration_tests_reusable.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_bankrupt.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_version.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_wrong_template.yml:1
- Warn: no topLevel permission defined: .github/workflows/notify_release.yml:1
- Warn: no topLevel permission defined: .github/workflows/popular.yml:1
- Warn: no topLevel permission defined: .github/workflows/pull_request_stats.yml:1
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/retry_deploy_test.yml:13
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/retry_test.yml:14
- Warn: no topLevel permission defined: .github/workflows/rspack-nextjs-build-integration-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/rspack-nextjs-dev-integration-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/rspack-update-tests-manifest.yml:1
- Warn: no topLevel permission defined: .github/workflows/setup-nextjs-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-turbopack-rust-bench-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/test_e2e_deploy_release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test_examples.yml:1
- Warn: no topLevel permission defined: .github/workflows/triage_with_ai.yml:1
- Warn: no topLevel permission defined: .github/workflows/trigger_release.yml:1
- Warn: no topLevel permission defined: .github/workflows/turbopack-nextjs-build-integration-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/turbopack-update-tests-manifest.yml:1
- Warn: no topLevel permission defined: .github/workflows/update_fonts_data.yml:1
- Warn: no topLevel permission defined: .github/workflows/update_react.yml:1
- Warn: no topLevel permission defined: .github/workflows/upload-tests-manifest.yml:1
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Reason
binaries present in source code
Details
- Warn: binary detected: examples/with-webassembly/add.wasm:1
- Warn: binary detected: packages/next/next_error_code_swc_plugin.wasm:1
- Warn: binary detected: packages/next/src/compiled/@vercel/og/resvg.wasm:1
- Warn: binary detected: packages/next/src/compiled/@vercel/og/yoga.wasm:1
- Warn: binary detected: packages/next/src/compiled/source-map08/mappings.wasm:1
- Warn: binary detected: test/e2e/edge-can-use-wasm-files/add.wasm:1
- Warn: binary detected: test/integration/edge-runtime-dynamic-code/lib/square.wasm:1
- Warn: binary detected: test/production/app-dir-edge-runtime-with-wasm/add.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/module/input/add.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/simple/input/add.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/simple/input/factorial.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/simple/input/fibonacci.wasm:1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/bench.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/bench.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/bench.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/bench.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/bench.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:664: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:668: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:691: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:398: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:404: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:410: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:430: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:433: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:459: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:465: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:481: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:494: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:506: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:512: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:522: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:636: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:544: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:557: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:569: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:575: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:589: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:603: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:605: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cancel.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/cancel.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_freeze.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/code_freeze.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/graphite_ci_optimizer.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/graphite_ci_optimizer.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration_tests_reusable.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/integration_tests_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration_tests_reusable.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/integration_tests_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_bankrupt.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_bankrupt.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_bankrupt.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_bankrupt.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_lock.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_lock.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_version.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_version.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_version.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_wrong_template.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_wrong_template.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_wrong_template.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_wrong_template.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/popular.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/popular.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/popular.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/popular.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_stats.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/pull_request_stats.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_stats.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/pull_request_stats.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/retry_deploy_test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/retry_deploy_test.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/retry_test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/retry_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rspack-update-tests-manifest.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/rspack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rspack-update-tests-manifest.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/rspack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rspack-update-tests-manifest.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/rspack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rspack-update-tests-manifest.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/rspack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-turbopack-rust-bench-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test-turbopack-rust-bench-test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-turbopack-rust-bench-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test-turbopack-rust-bench-test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_examples.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_examples.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_examples.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_examples.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/triage.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage_with_ai.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage_with_ai.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage_with_ai.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage_with_ai.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger_release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/trigger_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger_release.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/trigger_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_fonts_data.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_fonts_data.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_fonts_data.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_fonts_data.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_react.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_react.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_react.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_react.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-tests-manifest.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/upload-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-tests-manifest.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/upload-tests-manifest.yml/canary?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5
- Warn: containerImage not pinned by hash: .devcontainer/base.Dockerfile:5
- Warn: containerImage not pinned by hash: .github/actions/next-stats-action/Dockerfile:3: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/dev.Dockerfile:3: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod-without-multistage.Dockerfile:3: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:48
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:22
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:31
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:23
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:32
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:23
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:32
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:22
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:40
- Warn: npmCommand not pinned by hash: .devcontainer/base.Dockerfile:22-47
- Warn: downloadThenRun not pinned by hash: .github/actions/next-stats-action/Dockerfile:14
- Warn: npmCommand not pinned by hash: .github/actions/next-stats-action/Dockerfile:15
- Warn: downloadThenRun not pinned by hash: scripts/setup-node.sh:5
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:611
- Warn: downloadThenRun not pinned by hash: .github/workflows/build_and_deploy.yml:446
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:487
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:550
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:582
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:641
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:34
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:78
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_test.yml:113
- Warn: npmCommand not pinned by hash: .github/workflows/code_freeze.yml:36
- Warn: npmCommand not pinned by hash: .github/workflows/issue_wrong_template.yml:16
- Warn: npmCommand not pinned by hash: .github/workflows/popular.yml:17
- Warn: npmCommand not pinned by hash: .github/workflows/rspack-update-tests-manifest.yml:31
- Warn: npmCommand not pinned by hash: .github/workflows/rspack-update-tests-manifest.yml:71
- Warn: npmCommand not pinned by hash: .github/workflows/setup-nextjs-build.yml:85
- Warn: downloadThenRun not pinned by hash: .github/workflows/setup-nextjs-build.yml:109
- Warn: npmCommand not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:29
- Warn: npmCommand not pinned by hash: .github/workflows/test_examples.yml:44
- Warn: npmCommand not pinned by hash: .github/workflows/triage_with_ai.yml:15
- Warn: npmCommand not pinned by hash: .github/workflows/trigger_release.yml:87
- Warn: npmCommand not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:31
- Warn: npmCommand not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:67
- Warn: npmCommand not pinned by hash: .github/workflows/update_fonts_data.yml:33
- Warn: npmCommand not pinned by hash: .github/workflows/update_react.yml:44
- Warn: npmCommand not pinned by hash: .github/workflows/upload-tests-manifest.yml:32
- Info: 0 out of 94 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 15 third-party GitHubAction dependencies pinned
- Info: 7 out of 32 npmCommand dependencies pinned
- Info: 0 out of 4 downloadThenRun dependencies pinned
- Info: 0 out of 24 containerImage dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
214 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: RUSTSEC-2021-0139
- Warn: Project is vulnerable to: RUSTSEC-2024-0388
- Warn: Project is vulnerable to: RUSTSEC-2020-0095
- Warn: Project is vulnerable to: RUSTSEC-2024-0332 / GHSA-q6cp-qfwq-4gcv
- Warn: Project is vulnerable to: RUSTSEC-2024-0384
- Warn: Project is vulnerable to: RUSTSEC-2022-0081
- Warn: Project is vulnerable to: RUSTSEC-2023-0055 / GHSA-c2hm-mjxv-89r4
- Warn: Project is vulnerable to: GHSA-2326-pfpj-vx3h
- Warn: Project is vulnerable to: RUSTSEC-2023-0086
- Warn: Project is vulnerable to: RUSTSEC-2021-0095 / GHSA-2gxj-qrp2-53jv / GHSA-8mv5-7x95-7wcf
- Warn: Project is vulnerable to: RUSTSEC-2023-0022 / GHSA-3gxf-9r58-2ghg
- Warn: Project is vulnerable to: RUSTSEC-2023-0024 / GHSA-6hcf-g6gr-hhcr
- Warn: Project is vulnerable to: RUSTSEC-2023-0023 / GHSA-9qwg-crg9-m2vc
- Warn: Project is vulnerable to: RUSTSEC-2023-0044 / GHSA-xcf7-rvmh-g6q4
- Warn: Project is vulnerable to: RUSTSEC-2023-0072 / GHSA-xphf-cx8h-7q9g
- Warn: Project is vulnerable to: GHSA-q445-7m23-qrmw
- Warn: Project is vulnerable to: RUSTSEC-2024-0357
- Warn: Project is vulnerable to: RUSTSEC-2025-0004 / GHSA-rpmj-rpgj-qmpm
- Warn: Project is vulnerable to: RUSTSEC-2024-0436
- Warn: Project is vulnerable to: RUSTSEC-2024-0370
- Warn: Project is vulnerable to: RUSTSEC-2025-0010
- Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6
- Warn: Project is vulnerable to: RUSTSEC-2025-0009
- Warn: Project is vulnerable to: RUSTSEC-2024-0336
- Warn: Project is vulnerable to: RUSTSEC-2023-0065 / GHSA-9mcr-873m-xcxp
- Warn: Project is vulnerable to: RUSTSEC-2023-0052 / GHSA-8qv2-5vq6-g2g7
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-7m27-7ghc-44w9
- Warn: Project is vulnerable to: GHSA-f82v-jwr5-mffw
- Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-fpm5-vv97-jfwg
- Warn: Project is vulnerable to: GHSA-pp75-xfpw-37g9
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-hxwm-x553-x359
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-h452-7996-h45h
- Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-q8pj-2vqx-8ggc
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-3wf4-68gx-mph8
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
- Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
- Warn: Project is vulnerable to: GHSA-cg87-wmx4-v546
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-m4gq-x24j-jpmf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
- Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-pwfr-8pq7-x9qv
- Warn: Project is vulnerable to: GHSA-8g77-54rh-46hx
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-g954-5hwp-pp24
- Warn: Project is vulnerable to: GHSA-h755-8qp9-cq85
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-9crc-q9x8-hgqq
- Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
- Warn: Project is vulnerable to: RUSTSEC-2023-0034 / GHSA-f8vr-r385-rh5r
- Warn: Project is vulnerable to: RUSTSEC-2024-0003 / GHSA-8r5v-vm4m-4g25
- Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq
- Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7
- Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr
- Warn: Project is vulnerable to: RUSTSEC-2021-0124 / GHSA-fg7r-2g4j-5cgr
- Warn: Project is vulnerable to: RUSTSEC-2023-0001 / GHSA-7rrj-xr53-82p7
- Warn: Project is vulnerable to: RUSTSEC-2023-0005 / GHSA-4q83-7cq4-p6wg
- Warn: Project is vulnerable to: GHSA-4g6q-77j7-vvjc
- Warn: Project is vulnerable to: GHSA-gp2j-mg4w-2rh5
- Warn: Project is vulnerable to: GHSA-xwcq-pm8m-c4vf
- Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
- Warn: Project is vulnerable to: GHSA-4gxf-g5gf-22h4
- Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
- Warn: Project is vulnerable to: GHSA-r7qp-cfhv-p84w
- Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
- Warn: Project is vulnerable to: GHSA-w7q9-p3jq-fmhm
- Warn: Project is vulnerable to: GHSA-xvf7-4v9q-58w6
- Warn: Project is vulnerable to: GHSA-wgfq-7857-4jcc
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m
- Warn: Project is vulnerable to: GHSA-3xq5-wjfh-ppjc
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-9m93-w8w6-76hh
- Warn: Project is vulnerable to: GHSA-m7xq-9374-9rvx
- Warn: Project is vulnerable to: GHSA-vg7j-7cwx-8wgw
- Warn: Project is vulnerable to: GHSA-7hpj-7hhx-2fgx
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-9h6g-pr28-7cqp
- Warn: Project is vulnerable to: GHSA-6fx8-h7jm-663j
- Warn: Project is vulnerable to: GHSA-v923-w3x8-wh69
- Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-3965-hpx2-q597
- Warn: Project is vulnerable to: GHSA-wrh9-cjv3-2hpw
- Warn: Project is vulnerable to: GHSA-8c25-f3mj-v6h8
- Warn: Project is vulnerable to: GHSA-vqfx-gj96-3w95
- Warn: Project is vulnerable to: GHSA-f598-mfpv-gmfx
- Warn: Project is vulnerable to: GHSA-54xq-cgqr-rpm3
- Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
- Warn: Project is vulnerable to: GHSA-qm95-pgcg-qqfq
- Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
- Warn: Project is vulnerable to: GHSA-jqv5-7xpx-qj74
- Warn: Project is vulnerable to: GHSA-2rq5-699j-x7p6
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-c9f4-xj24-8jqx
- Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
- Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
- Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
- Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
- Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
- Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
- Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
Score
4.3
/10
Last Scanned on 2025-03-24
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More