Gathering detailed insights and metrics for piral-base
Gathering detailed insights and metrics for piral-base
Installations
npm install piral-baseScore
62.3
Supply Chain
94.9
Quality
95.4
Maintenance
100
Vulnerability
100
License
Releases
134
Contributors
43
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
Developer
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
No
Node Version
20.10.0
NPM Version
lerna/8.1.7/node@v20.10.0+x64 (linux)
Statistics
1,723 Stars
3,773 Commits
127 Forks
33 Watching
5 Branches
43 Contributors
Updated on 27 Nov 2024
Bundle Size
26.53 kB
Minified
9.29 kB
Minified + Gzipped
Languages
TypeScript (94.23%)
JavaScript (3.63%)
SCSS (1.95%)
HTML (0.18%)
Total Downloads
Cumulative downloads
Total Downloads
808,750
Last day
87.2%
1,780
Compared to previous day
Last week
5.6%
5,799
Compared to previous week
Last month
38%
24,821
Compared to previous month
Last year
4.6%
199,568
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
2
Versions
Piral · 
Easily build a next generation web application using microfrontends. Piral enables you to create a modular frontend application that is extended at runtime with decoupled modules called pilets leveraging a microfrontend architecture.
A pilet can be developed independently and ships with the necessary code, as well as all other relevant assets. Pilets are as independent of the host application as you want them to be - making them transferrable between different applications.
This makes Piral an ideal foundation for a mid-sized to large-scale applications developed by distributed teams.
:zap: A pilet is capable of dynamically extending other pilets or using such extension slots itself.
:zap: A pilet can provide or use shared dependencies from other pilets.
:zap: A pilet is isolated (developed and handled) and will never destroy your application.
:zap: A pilet can be developed with any technology using a standard IDE.
:zap: A pilet can be updated and published within seconds.
:zap: A pilet can be rolled out or disabled dynamically to create self-forming applications.
:zap: A pilet can be debugged seamlessly just as if you write a monolith.
Important Links
- 📢 We are hiring! - work with us on Piral, its ecosystem and our users
- 🌍 Website - learn more about Piral
- 📖 Documentation - everything to get started and master micro frontends
- 🉐 Help translating Piral! - making PRs in the documentation branch
- 🐞 Issue Tracker - report bugs or suggest new features
- 🗨 Forums - use the community support on StackOverflow
- 👪 Community Chat - ask questions and provide answers in our Discord server
Getting Started
Piral itself is developed as a monorepo. As such this repository may contain an overwhelming amount of information.
Our recommendation is to start at the documentation available at docs.piral.io. Working through the available tutorials will give you the necessary information in the best possible order.
Questions
While the GitHub issues may be used in case of questions, we would prefer general usage questions to be raised either in our Discord server or at StackOverflow.
Be sure to check our FAQ and the official tutorials upfront!
Contributing
The main purpose of this repository is to continue to evolve Piral and its core ecosystem, making it faster, more powerful, and easier to use. Development of Piral happens in the open on GitHub, and we are grateful to the community for contributing bugfixes, ideas, and improvements.
Read below to learn how you can take part in improving Piral.
Repository Structure
docscontains the (user) documentationsrchas the sources for all the developed packages, samples, and pagestestcontains the test setup and (in the future) system teststoolshas some of the internal tooling for building the different components
Each subdirectory contains another README.md with more information regarding the contents of the specific folder.
Code of Conduct
We adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.
Contributing Guide
Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to Piral.
Good First Issues
To help you get your feet wet and get you familiar with our contribution process, we have a list of good first issues that contain bugs which have a relatively limited scope. This is a great place to get started.
License
Piral is released using the MIT license. For more information see the license file.
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (21) are checked with a SAST tool
Reason
Found 1/14 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/size.yml:1
- Warn: no topLevel permission defined: .github/workflows/twitter-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/twitter-tip.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/docs.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/docs.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/size.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/size.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/twitter-release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twitter-tip.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-tip.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/twitter-tip.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-tip.yml/develop?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-2qqx-w9hr-q5gx
- Warn: Project is vulnerable to: GHSA-2vrf-hf26-jrp5
- Warn: Project is vulnerable to: GHSA-4w4v-5hc9-xrr2
- Warn: Project is vulnerable to: GHSA-m2h2-264f-f486
- Warn: Project is vulnerable to: GHSA-m9gf-397r-hwpg
- Warn: Project is vulnerable to: GHSA-mqm9-c95h-x2p6
- Warn: Project is vulnerable to: GHSA-prc3-vjfx-vhm9
- Warn: Project is vulnerable to: GHSA-qwqh-hm9m-p5hr
- Warn: Project is vulnerable to: GHSA-vc8w-jr9v-vj7f
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Score
5.2
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More