Gathering detailed insights and metrics for next
Gathering detailed insights and metrics for next
Installations
npm install nextDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
^18.18.0 || ^19.8.0 || >= 20.0.0
Node Version
20.18.1
NPM Version
10.4.0
Score
69.2
Supply Chain
77.5
Quality
96.8
Maintenance
100
Vulnerability
72.9
License
Releases
2,846
v15.1.1-canary.17
v15.1.1-canary.17
Published on 22 Dec 2024
v13.5.8
v13.5.8
Published on 21 Dec 2024
v15.1.1-canary.16
v15.1.1-canary.16
Published on 20 Dec 2024
v15.1.1-canary.15
v15.1.1-canary.15
Published on 20 Dec 2024
v15.1.1-canary.14
v15.1.1-canary.14
Published on 19 Dec 2024
v15.1.2
v15.1.2
Published on 19 Dec 2024
Contributors
3,536
Languages
13
JavaScript
TypeScript
Rust
MDX
CSS
Shell
SCSS
Dockerfile
HTML
Sass
Batchfile
WebAssembly
Pug
JavaScript (59.41%)
TypeScript (25.5%)
Rust (13.93%)
MDX (0.58%)
CSS (0.53%)
Shell (0.02%)
SCSS (0.02%)
Dockerfile (0.01%)
HTML (0.01%)
Developer
Download Statistics
Total Downloads
841,732,799
Last Day
359,003
Last Week
8,004,135
Last Month
31,697,171
Last Year
337,542,370
GitHub Statistics
128,027 Stars
26,494 Commits
27,190 Forks
1,457 Watching
1,195 Branches
3,536 Contributors
Maintainers
3
Package Meta Information
Latest Version
15.1.2
Package Id
next@15.1.2
Unpacked Size
115.00 MB
Size
24.14 MB
File Count
6,873
NPM Version
10.4.0
Node Version
20.18.1
Publised On
19 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
841,732,799
Last day
-7.1%
359,003
Compared to previous day
Last week
1.8%
8,004,135
Compared to previous week
Last month
-3.9%
31,697,171
Compared to previous month
Last year
48.3%
337,542,370
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
202
@ampproject/toolbox-optimizer@babel/code-frame@babel/core@babel/eslint-parser@babel/generator@babel/plugin-proposal-class-properties@babel/plugin-proposal-export-namespace-from@babel/plugin-proposal-numeric-separator@babel/plugin-proposal-object-rest-spread@babel/plugin-syntax-bigint@babel/plugin-syntax-dynamic-import@babel/plugin-syntax-import-attributes@babel/plugin-syntax-jsx@babel/plugin-transform-modules-commonjs@babel/plugin-transform-runtime@babel/preset-env@babel/preset-react@babel/preset-typescript@babel/runtime@babel/traverse@babel/types@capsizecss/metrics@edge-runtime/cookies@edge-runtime/ponyfill@edge-runtime/primitives@hapi/accept@jest/transform@jest/types@mswjs/interceptors@napi-rs/triples@next/font@next/polyfill-module@next/polyfill-nomodule@next/react-refresh-utils@next/swc@opentelemetry/api@playwright/test@swc/core@swc/types@taskr/clear@taskr/esnext@types/amphtml-validator@types/babel__code-frame@types/babel__core@types/babel__generator@types/babel__template@types/babel__traverse@types/bytes@types/ci-info@types/compression@types/content-disposition@types/content-type@types/cookie@types/cross-spawn@types/debug@types/express-serve-static-core@types/fresh@types/glob@types/jsonwebtoken@types/lodash@types/lodash.curry@types/path-to-regexp@types/picomatch@types/platform@types/react@types/react-dom@types/react-is@types/semver@types/send@types/shell-quote@types/tar@types/text-table@types/ua-parser-js@types/webpack-sources1@types/ws@vercel/ncc@vercel/nft@vercel/turbopack-ecmascript-runtimeacornamphtml-validatoranserargassertasync-retryasync-semababel-plugin-react-compilerbabel-plugin-transform-definebabel-plugin-transform-react-remove-prop-typesbrowserify-zlibbrowserslistbufferbytesci-infocli-selectclient-onlycommandercomment-jsoncompressionconfconstants-browserifycontent-dispositioncontent-typecookiecross-envcross-spawncrypto-browserifycss.escapecssnano-preset-defaultdata-uri-to-bufferdebugdevaluedomain-browseredge-runtimeeventsfind-upfreshglobgzip-sizehttp-proxyhttp-proxy-agenthttps-browserifyhttps-proxy-agenticss-utilsignore-loaderimage-sizeis-dockeris-wsljest-workerjson5jsonwebtokenloader-runnerloader-utils2loader-utils3lodash.currymini-css-extract-pluginmswnanoidnative-urlneo-asyncnode-html-parseroraos-browserifyp-limitp-queuepath-browserifypath-to-regexppicomatchplatformpostcss-flexbugs-fixespostcss-modules-extract-importspostcss-modules-local-by-defaultpostcss-modules-scopepostcss-modules-valuespostcss-preset-envpostcss-safe-parserpostcss-scsspostcss-value-parserprocesspunycodequerystring-es3raw-bodyreact-refreshregenerator-runtimesass-loaderschema-utils2schema-utils3semversendserver-onlysetimmediateshell-quotesource-mapsource-map-loadersource-map08stacktrace-parserstream-browserifystream-httpstrict-event-emitterstring-hashstring_decoderstrip-ansisuperstructtartaskrterserterser-webpack-plugintext-tabletimers-browserifytty-browserifytypescriptua-parser-jsunistoreutilvm-browserifywatchpackweb-vitalswebpackwebpack-sources1webpack-sources3wszodzod-validation-error
Versions
Next.js
Getting Started
Used by some of the world's largest companies, Next.js enables you to create full-stack web applications by extending the latest React features, and integrating powerful Rust-based JavaScript tooling for the fastest builds.
- Visit our Learn Next.js course to get started with Next.js.
- Visit the Next.js Showcase to see more sites built with Next.js.
Documentation
Visit https://nextjs.org/docs to view the full documentation.
Community
The Next.js community can be found on GitHub Discussions where you can ask questions, voice ideas, and share your projects with other people.
To chat with other community members you can join the Next.js Discord server.
Do note that our Code of Conduct applies to all Next.js community channels. Users are highly encouraged to read and adhere to them to avoid repercussions.
Contributing
Contributions to Next.js are welcome and highly appreciated. However, before you jump right into it, we would like you to review our Contribution Guidelines to make sure you have a smooth experience contributing to Next.js.
Good First Issues:
We have a list of good first issues that contain bugs that have a relatively limited scope. This is a great place for newcomers and beginners alike to get started, gain experience, and get familiar with our contribution process.
Authors
A list of the original co-authors of Next.js that helped bring this amazing framework to life!
- Tim Neutkens (@timneutkens)
- Naoyuki Kanezawa (@nkzawa)
- Guillermo Rauch (@rauchg)
- Arunoda Susiripala (@arunoda)
- Tony Kovanen (@tonykovanen)
- Dan Zajdband (@impronunciable)
Security
If you believe you have found a security vulnerability in Next.js, we encourage you to responsibly disclose this and NOT open a public issue. We will investigate all legitimate reports. Email security@vercel.com to disclose any security vulnerabilities. Alternatively, you can visit this link to know more about Vercel's security and report any security vulnerabilities.
Stable Version
Stable Version
15.1.2
HIGH
12
HIGH
7.5/10
Summary
Next.js authorization bypass vulnerability
Affected Versions
>= 9.5.5, < 14.2.15
Patched Versions
14.2.15
HIGH
7.5/10
Summary
Next.js Denial of Service (DoS) condition
Affected Versions
>= 13.3.1, < 13.5.0
Patched Versions
13.5.0
HIGH
7.5/10
Summary
Next.js Cache Poisoning
Affected Versions
>= 14.0.0, < 14.2.10
Patched Versions
14.2.10
HIGH
7.5/10
Summary
Next.js Cache Poisoning
Affected Versions
>= 13.5.1, < 13.5.7
Patched Versions
13.5.7
HIGH
7.5/10
Summary
Next.js Server-Side Request Forgery in Server Actions
Affected Versions
>= 13.4.0, < 14.1.1
Patched Versions
14.1.1
HIGH
7.5/10
Summary
Next.js Vulnerable to HTTP Request Smuggling
Affected Versions
>= 13.4.0, < 13.5.1
Patched Versions
13.5.1
HIGH
7.5/10
Summary
Unexpected server crash in Next.js.
Affected Versions
>= 0.9.9, < 11.1.3
Patched Versions
11.1.3
HIGH
7.5/10
Summary
Unexpected server crash in Next.js.
Affected Versions
>= 12.0.0, < 12.0.5
Patched Versions
12.0.5
HIGH
7.5/10
Summary
Next.js Directory Traversal Vulnerability
Affected Versions
>= 1.0.0, < 2.4.1
Patched Versions
2.4.1
HIGH
0/10
Summary
Remote Code Execution in next
Affected Versions
>= 0.9.9, < 5.1.0
Patched Versions
5.1.0
HIGH
7.5/10
Summary
XSS in Image Optimization API for Next.js
Affected Versions
>= 10.0.0, < 11.1.1
Patched Versions
11.1.1
HIGH
7.5/10
Summary
Directory traversal vulnerability in Next.js
Affected Versions
>= 1.0.0, < 4.2.3
Patched Versions
4.2.3
MODERATE
8
MODERATE
5.9/10
Summary
Denial of Service condition in Next.js image optimization
Affected Versions
>= 10.0.0, < 14.2.7
Patched Versions
14.2.7
MODERATE
5.3/10
Summary
Unexpected server crash in Next.js
Affected Versions
= 12.2.3
Patched Versions
12.2.4
MODERATE
6.9/10
Summary
Open Redirect in Next.js
Affected Versions
>= 0.9.9, < 11.1.0
Patched Versions
11.1.0
MODERATE
5.9/10
Summary
Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
Affected Versions
>= 10.0.0, < 12.1.0
Patched Versions
12.1.0
MODERATE
5.9/10
Summary
Denial of Service Vulnerability in next.js
Affected Versions
>= 12.0.0, < 12.0.9
Patched Versions
12.0.9
MODERATE
4.7/10
Summary
Open Redirect in Next.js versions
Affected Versions
>= 9.5.0, < 9.5.4
Patched Versions
9.5.4
MODERATE
4.4/10
Summary
Directory Traversal in Next.js
Affected Versions
< 9.3.2
Patched Versions
9.3.2
MODERATE
6.1/10
Summary
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Affected Versions
>= 7.0.0, < 7.0.2
Patched Versions
7.0.2
LOW
1
LOW
0/10
Summary
Next.js missing cache-control header may lead to CDN caching empty reply
Affected Versions
>= 0.9.9, < 13.4.20-canary.13
Patched Versions
13.4.20-canary.13
Reason
30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: license.md:0
- Info: FSF or OSI recognized license: MIT License: license.md:0
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/vercel/.github/SECURITY.md:1
- Info: Found linked content: github.com/vercel/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/vercel/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/vercel/.github/SECURITY.md:1
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build_and_deploy.yml:565
Reason
Found 27/30 approved changesets -- score normalized to 9
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build_and_deploy.yml:511
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build_and_deploy.yml:570
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build_and_test.yml:39
- Warn: no topLevel permission defined: .github/workflows/build_and_deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/build_and_test.yml:1
- Warn: no topLevel permission defined: .github/workflows/build_reusable.yml:1
- Warn: no topLevel permission defined: .github/workflows/cancel.yml:1
- Warn: no topLevel permission defined: .github/workflows/code_freeze.yml:1
- Warn: no topLevel permission defined: .github/workflows/graphite_ci_optimizer.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_bankrupt.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_version.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue_wrong_template.yml:1
- Warn: no topLevel permission defined: .github/workflows/notify_release.yml:1
- Warn: no topLevel permission defined: .github/workflows/popular.yml:1
- Warn: no topLevel permission defined: .github/workflows/pull_request_stats.yml:1
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/retry_deploy_test.yml:13
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/retry_test.yml:14
- Warn: no topLevel permission defined: .github/workflows/setup-nextjs-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-turbopack-rust-bench-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/test_e2e_deploy_release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test_examples.yml:1
- Warn: no topLevel permission defined: .github/workflows/triage_with_ai.yml:1
- Warn: no topLevel permission defined: .github/workflows/trigger_release.yml:1
- Warn: no topLevel permission defined: .github/workflows/turbopack-nextjs-build-integration-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/turbopack-update-tests-manifest.yml:1
- Warn: no topLevel permission defined: .github/workflows/turbopack-upload-tests-manifest.yml:1
- Warn: no topLevel permission defined: .github/workflows/update_fonts_data.yml:1
- Warn: no topLevel permission defined: .github/workflows/update_react.yml:1
Reason
binaries present in source code
Details
- Warn: binary detected: examples/with-webassembly/add.wasm:1
- Warn: binary detected: packages/next/next_error_code_swc_plugin.wasm:1
- Warn: binary detected: packages/next/src/compiled/@vercel/og/resvg.wasm:1
- Warn: binary detected: packages/next/src/compiled/@vercel/og/yoga.wasm:1
- Warn: binary detected: packages/next/src/compiled/source-map08/mappings.wasm:1
- Warn: binary detected: test/e2e/edge-can-use-wasm-files/add.wasm:1
- Warn: binary detected: test/integration/edge-runtime-dynamic-code/lib/square.wasm:1
- Warn: binary detected: test/production/app-dir-edge-runtime-with-wasm/add.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/module/input/add.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/simple/input/add.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/simple/input/factorial.wasm:1
- Warn: binary detected: turbopack/crates/turbopack-tests/tests/execution/turbopack/wasm/simple/input/fibonacci.wasm:1
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:404: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:407: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:435: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:441: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:658: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:603: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:631: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:635: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:457: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:467: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:479: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:485: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:495: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:517: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:527: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:539: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:559: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:573: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:575: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:547: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cancel.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/cancel.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_freeze.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/code_freeze.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/graphite_ci_optimizer.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/graphite_ci_optimizer.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_bankrupt.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_bankrupt.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_bankrupt.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_bankrupt.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_lock.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_lock.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_version.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_version.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_version.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_wrong_template.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_wrong_template.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_wrong_template.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_wrong_template.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/popular.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/popular.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/popular.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/popular.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_stats.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/pull_request_stats.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_stats.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/pull_request_stats.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/retry_deploy_test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/retry_deploy_test.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/retry_test.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/retry_test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-turbopack-rust-bench-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test-turbopack-rust-bench-test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-turbopack-rust-bench-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test-turbopack-rust-bench-test.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_examples.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_examples.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_examples.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_examples.yml/canary?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/triage.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage_with_ai.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage_with_ai.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage_with_ai.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage_with_ai.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger_release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/trigger_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger_release.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/trigger_release.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-upload-tests-manifest.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-upload-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-upload-tests-manifest.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-upload-tests-manifest.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_fonts_data.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_fonts_data.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_fonts_data.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_fonts_data.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_react.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_react.yml/canary?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_react.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_react.yml/canary?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5
- Warn: containerImage not pinned by hash: .devcontainer/base.Dockerfile:5
- Warn: containerImage not pinned by hash: .github/actions/next-stats-action/Dockerfile:3: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/dev.Dockerfile:3: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:6eb9c3d9bd191bd2cc6ce7ec3d5ec4c2127616140c8586af96a6bec8f28689d1
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod-without-multistage.Dockerfile:3: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:6eb9c3d9bd191bd2cc6ce7ec3d5ec4c2127616140c8586af96a6bec8f28689d1
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:48
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:22
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:31
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:23
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:32
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:23
- Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:32
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:6
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:22
- Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:40
- Warn: npmCommand not pinned by hash: .devcontainer/base.Dockerfile:22-47
- Warn: downloadThenRun not pinned by hash: .github/actions/next-stats-action/Dockerfile:14
- Warn: downloadThenRun not pinned by hash: scripts/setup-node.sh:5
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:608
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:419
- Warn: downloadThenRun not pinned by hash: .github/workflows/build_and_deploy.yml:422
- Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:552
- Warn: npmCommand not pinned by hash: .github/workflows/build_reusable.yml:141
- Warn: downloadThenRun not pinned by hash: .github/workflows/setup-nextjs-build.yml:108
- Info: 0 out of 106 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 12 third-party GitHubAction dependencies pinned
- Info: 0 out of 24 containerImage dependencies pinned
- Info: 7 out of 12 npmCommand dependencies pinned
- Info: 0 out of 4 downloadThenRun dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
186 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: RUSTSEC-2021-0139
- Warn: Project is vulnerable to: RUSTSEC-2024-0388
- Warn: Project is vulnerable to: RUSTSEC-2020-0095
- Warn: Project is vulnerable to: RUSTSEC-2024-0332 / GHSA-q6cp-qfwq-4gcv
- Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq
- Warn: Project is vulnerable to: RUSTSEC-2024-0384
- Warn: Project is vulnerable to: RUSTSEC-2022-0081
- Warn: Project is vulnerable to: RUSTSEC-2023-0055 / GHSA-c2hm-mjxv-89r4
- Warn: Project is vulnerable to: GHSA-2326-pfpj-vx3h
- Warn: Project is vulnerable to: RUSTSEC-2023-0086
- Warn: Project is vulnerable to: RUSTSEC-2021-0095 / GHSA-2gxj-qrp2-53jv / GHSA-8mv5-7x95-7wcf
- Warn: Project is vulnerable to: RUSTSEC-2023-0022 / GHSA-3gxf-9r58-2ghg
- Warn: Project is vulnerable to: RUSTSEC-2023-0024 / GHSA-6hcf-g6gr-hhcr
- Warn: Project is vulnerable to: RUSTSEC-2023-0023 / GHSA-9qwg-crg9-m2vc
- Warn: Project is vulnerable to: RUSTSEC-2023-0044 / GHSA-xcf7-rvmh-g6q4
- Warn: Project is vulnerable to: RUSTSEC-2023-0072 / GHSA-xphf-cx8h-7q9g
- Warn: Project is vulnerable to: GHSA-q445-7m23-qrmw
- Warn: Project is vulnerable to: RUSTSEC-2024-0357
- Warn: Project is vulnerable to: RUSTSEC-2024-0370
- Warn: Project is vulnerable to: RUSTSEC-2024-0336
- Warn: Project is vulnerable to: RUSTSEC-2023-0065 / GHSA-9mcr-873m-xcxp
- Warn: Project is vulnerable to: RUSTSEC-2023-0052 / GHSA-8qv2-5vq6-g2g7
- Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-fpm5-vv97-jfwg
- Warn: Project is vulnerable to: GHSA-pp75-xfpw-37g9
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-hxwm-x553-x359
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-h452-7996-h45h
- Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-q8pj-2vqx-8ggc
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-3wf4-68gx-mph8
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
- Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-m4gq-x24j-jpmf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
- Warn: Project is vulnerable to: GHSA-3xq5-wjfh-ppjc / GHSA-wc69-rhjr-hc9g
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-pwfr-8pq7-x9qv
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-g954-5hwp-pp24
- Warn: Project is vulnerable to: GHSA-h755-8qp9-cq85
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
- Warn: Project is vulnerable to: RUSTSEC-2023-0034 / GHSA-f8vr-r385-rh5r
- Warn: Project is vulnerable to: RUSTSEC-2024-0003 / GHSA-8r5v-vm4m-4g25
- Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7
- Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr
- Warn: Project is vulnerable to: RUSTSEC-2021-0124 / GHSA-fg7r-2g4j-5cgr
- Warn: Project is vulnerable to: RUSTSEC-2023-0001 / GHSA-7rrj-xr53-82p7
- Warn: Project is vulnerable to: RUSTSEC-2023-0005 / GHSA-4q83-7cq4-p6wg
- Warn: Project is vulnerable to: GHSA-4g6q-77j7-vvjc
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-gp2j-mg4w-2rh5
- Warn: Project is vulnerable to: GHSA-xwcq-pm8m-c4vf
- Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
- Warn: Project is vulnerable to: GHSA-4gxf-g5gf-22h4
- Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
- Warn: Project is vulnerable to: GHSA-r7qp-cfhv-p84w
- Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
- Warn: Project is vulnerable to: GHSA-w7q9-p3jq-fmhm
- Warn: Project is vulnerable to: GHSA-xvf7-4v9q-58w6
- Warn: Project is vulnerable to: GHSA-wgfq-7857-4jcc
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-9m93-w8w6-76hh
- Warn: Project is vulnerable to: GHSA-m7xq-9374-9rvx
- Warn: Project is vulnerable to: GHSA-7hpj-7hhx-2fgx
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-9h6g-pr28-7cqp
- Warn: Project is vulnerable to: GHSA-v923-w3x8-wh69
- Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf
- Warn: Project is vulnerable to: GHSA-3965-hpx2-q597
- Warn: Project is vulnerable to: GHSA-wrh9-cjv3-2hpw
- Warn: Project is vulnerable to: GHSA-8c25-f3mj-v6h8
- Warn: Project is vulnerable to: GHSA-vqfx-gj96-3w95
- Warn: Project is vulnerable to: GHSA-f598-mfpv-gmfx
- Warn: Project is vulnerable to: GHSA-54xq-cgqr-rpm3
- Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
- Warn: Project is vulnerable to: GHSA-qm95-pgcg-qqfq
- Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
- Warn: Project is vulnerable to: GHSA-jqv5-7xpx-qj74
- Warn: Project is vulnerable to: GHSA-2rq5-699j-x7p6
- Warn: Project is vulnerable to: GHSA-c9f4-xj24-8jqx
- Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
- Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
- Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
- Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
- Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
- Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
- Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
Score
4.7
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More