npmpackage.info

Gathering detailed insights and metrics for npm-normalize-package-bin

npm-normalize-package-bin - 4.0.0 | npmpackage.info

npm-normalize-package-bin

Turn any flavor of allowable package.json bin into a normalized object

4.0.0

ISC

JavaScript

415.00 B

2,279,477,231 6.2

Installations

npm install npm-normalize-package-bin

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

^18.17.0 || >=20.5.0

Node Version

22.8.0

NPM Version

10.8.3 Score

99.9

Supply Chain

Quality

82.8

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

92

Closed

53

Merged

38

Issues

Open

0

Total

1

Closed

1

Releases

v4.0.0

Updated on Sep 05, 2024

v3.0.1

Updated on May 02, 2023

v3.0.0

Updated on Oct 14, 2022

v2.0.0

Updated on Aug 22, 2022

View All 4 releases

Languages

JavaScript

JavaScript (100%)

Developer

npm

Download Statistics

Total Downloads

2,279,477,231

Last Day

2,799,708

Last Week

15,132,796

Last Month

63,621,134

Last Year

689,607,760

GitHub Statistics

ISC License

7 Stars

73 Commits

5 Forks

8 Watchers

2 Branches

72 Contributors

Updated on Apr 28, 2025

Bundle Size

720.00 B

Minified

415.00 B

Minified + Gzipped

Bundlephobia

Maintainers

View All 72 Contributors

Package Meta Information

Latest Version

4.0.0

Package Id

npm-normalize-package-bin@4.0.0

Unpacked Size

3.54 kB

Size

1.83 kB

File Count

NPM Version

10.8.3

Node Version

22.8.0

Published on

Sep 05, 2024

Total Downloads

Cumulative downloads

Total Downloads

2,279,477,231

Last Day

56.5%

2,799,708

Compared to previous day

Last Week

7.2%

15,132,796

Compared to previous week

Last Month

-3.6%

63,621,134

Compared to previous month

Last Year

16.3%

689,607,760

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@npmcli/eslint-config @npmcli/template-oss tap

npm-normalize-package-bin

Turn any flavor of allowable package.json bin into a normalized object.

API

1const normalize = require('npm-normalize-package-bin')
2const pkg = {name: 'foo', bin: 'bar'}
3console.log(normalize(pkg)) // {name:'foo', bin:{foo: 'bar'}}

Also strips out weird dots and slashes to prevent accidental and/or malicious bad behavior when the package is installed.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

8

SAST

Determines if the project uses static code analysis.

1

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-integration.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/npm-normalize-package-bin/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:41
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:62
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:45
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:45
Warn: npmCommand not pinned by hash: .github/workflows/release-integration.yml:56
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:50
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:130
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 8 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.2

/10

Last Scanned on 2025-04-28

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More