Gathering detailed insights and metrics for picgo
Gathering detailed insights and metrics for picgo
Installations
npm install picgoDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>= 12.0.0
Node Version
16.20.2
NPM Version
8.19.4
Releases
Unable to fetch releases
Languages
5
TypeScript
JavaScript
PowerShell
Shell
AppleScript
TypeScript (95.21%)
JavaScript (2.06%)
PowerShell (1.14%)
Shell (1%)
AppleScript (0.58%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
893 Stars
276 Commits
92 Forks
7 Watchers
7 Branches
17 Contributors
Updated on Jul 13, 2025
Maintainers
1
Package Meta Information
Latest Version
1.5.9
Package Id
picgo@1.5.9
Unpacked Size
789.92 kB
Size
224.38 kB
File Count
58
NPM Version
8.19.4
Node Version
16.20.2
Published on
Jun 08, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
25
Dev Dependencies
41
@picgo/bump-version@rollup/plugin-commonjs@rollup/plugin-json@rollup/plugin-node-resolve@rollup/plugin-replace@types/cross-spawn@types/ejs@types/fs-extra@types/image-size@types/inquirer@types/js-yaml@types/lodash@types/md5@types/mime-types@types/minimatch@types/node@types/resolve@types/rimraf@types/tunnel@typescript-eslint/eslint-plugin@typescript-eslint/parserbabel-eslintbuiltinsconventional-changelogcopyfilescross-envcz-customizableeslinteslint-config-standard-with-typescripteslint-plugin-importeslint-plugin-nodeeslint-plugin-promiseeslint-plugin-standardexecahuskypre-commitrolluprollup-plugin-stringrollup-plugin-terserrollup-plugin-typescript2typescript
PicGo-Core
A tool for picture uploading. Both CLI & api supports. It also supports plugin system, please check Awesome-PicGo to find powerful plugins.
Typora supports PicGo-Core natively. If you like PicGo-Core and have time, welcome to help me translate the documentation of PicGo-Core into English.
Installation
PicGo should be installed with node.js >= 12 (v1.5.0-alpha.4 and small) & node.js >= 16 (since v1.5.0-alpha.5).
Global install
1npm install picgo -g 2 3# or 4 5yarn global add picgo
Local install
1npm install picgo -D 2 3# or 4 5yarn add picgo -D
Usage
Use in CLI
PicGo uses
SM.MSas the default upload pic-bed.
Show help:
1$ picgo -h 2 3 Usage: picgo [options] [command] 4 5 Options: 6 7 -v, --version output the version number 8 -d, --debug debug mode 9 -s, --silent silent mode 10 -c, --config <path> set config path 11 -h, --help output usage information 12 13 Commands: 14 15 install|add <plugins...> install picgo plugin 16 uninstall|rm <plugins...> uninstall picgo plugin 17 update <plugins...> update picgo plugin 18 set|config <module> [name] configure config of picgo modules 19 upload|u [input...] upload, go go go 20 use [module] use modules of picgo 21 init [options] <template> [project] create picgo plugin\'s development templates
Upload a picture from path
1picgo upload /xxx/xx/xx.jpg
Upload a picture from clipboard
picture from clipboard will be converted to
png
1picgo upload
Thanks to vs-picgo && Spades-S for providing the method to upload picture from clipboard.
Use in node project
Common JS
1const { PicGo } = require('picgo')
ES Module
1import { PicGo } from 'picgo'
API usage example
1const picgo = new PicGo() 2 3// upload a picture from path 4picgo.upload(['/xxx/xxx.jpg']) 5 6// upload a picture from clipboard 7picgo.upload()
Documentation
For more details, you can checkout documentation.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: License:0
- Info: FSF or OSI recognized license: MIT License: License:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/main.yml:7
Reason
Found 4/30 approved changesets -- score normalized to 1
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/alpha.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/manually.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/alpha.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/PicGo/PicGo-Core/alpha.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/alpha.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/PicGo/PicGo-Core/alpha.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/PicGo/PicGo-Core/main.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/PicGo/PicGo-Core/main.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manually.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/PicGo/PicGo-Core/manually.yml/dev?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manually.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/PicGo/PicGo-Core/manually.yml/dev?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'dev'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 4 are checked with a SAST tool
Reason
45 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-8jmw-wjr8-2x66
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-rjf2-j2r6-q8gr
- Warn: Project is vulnerable to: GHSA-6pw2-5hjv-9pf7
- Warn: Project is vulnerable to: GHSA-4w2j-2rg4-5mjw
- Warn: Project is vulnerable to: GHSA-mrgp-mrhc-5jrq
- Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
- Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
- Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More