Gathering detailed insights and metrics for piral-cycle
Gathering detailed insights and metrics for piral-cycle
Installations
npm install piral-cycleDeveloper Guide
BETA
Typescript
No
Module System
CommonJS, ESM
Node Version
20.10.0
NPM Version
lerna/8.1.7/node@v20.10.0+x64 (linux)
Score
72.4
Supply Chain
99.3
Quality
95.4
Maintenance
100
Vulnerability
100
License
Releases
135
Contributors
43
Languages
5
TypeScript
JavaScript
SCSS
HTML
CSS
TypeScript (94.24%)
JavaScript (3.62%)
SCSS (1.95%)
HTML (0.18%)
CSS (0.01%)
Developer
Download Statistics
Total Downloads
122,614
Last Day
17
Last Week
252
Last Month
1,769
Last Year
22,110
GitHub Statistics
1,732 Stars
3,798 Commits
127 Forks
33 Watching
5 Branches
43 Contributors
Maintainers
1
Package Meta Information
Latest Version
1.7.3
Package Id
piral-cycle@1.7.3
Unpacked Size
20.42 kB
Size
6.46 kB
File Count
25
NPM Version
lerna/8.1.7/node@v20.10.0+x64 (linux)
Node Version
20.10.0
Publised On
11 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
122,614
Last day
-19%
17
Compared to previous day
Last week
-40%
252
Compared to previous week
Last month
31.1%
1,769
Compared to previous month
Last year
-57.7%
22,110
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
4
Versions
Piral · 
Easily build a next generation web application using microfrontends. Piral enables you to create a modular frontend application that is extended at runtime with decoupled modules called pilets leveraging a microfrontend architecture.
A pilet can be developed independently and ships with the necessary code, as well as all other relevant assets. Pilets are as independent of the host application as you want them to be - making them transferrable between different applications.
This makes Piral an ideal foundation for a mid-sized to large-scale applications developed by distributed teams.
:zap: A pilet is capable of dynamically extending other pilets or using such extension slots itself.
:zap: A pilet can provide or use shared dependencies from other pilets.
:zap: A pilet is isolated (developed and handled) and will never destroy your application.
:zap: A pilet can be developed with any technology using a standard IDE.
:zap: A pilet can be updated and published within seconds.
:zap: A pilet can be rolled out or disabled dynamically to create self-forming applications.
:zap: A pilet can be debugged seamlessly just as if you write a monolith.
Important Links
- 📢 We are hiring! - work with us on Piral, its ecosystem and our users
- 🌍 Website - learn more about Piral
- 📖 Documentation - everything to get started and master micro frontends
- 🉐 Help translating Piral! - making PRs in the documentation branch
- 🐞 Issue Tracker - report bugs or suggest new features
- 🗨 Forums - use the community support on StackOverflow
- 👪 Community Chat - ask questions and provide answers in our Discord server
Getting Started
Piral itself is developed as a monorepo. As such this repository may contain an overwhelming amount of information.
Our recommendation is to start at the documentation available at docs.piral.io. Working through the available tutorials will give you the necessary information in the best possible order.
Questions
While the GitHub issues may be used in case of questions, we would prefer general usage questions to be raised either in our Discord server or at StackOverflow.
Be sure to check our FAQ and the official tutorials upfront!
Contributing
The main purpose of this repository is to continue to evolve Piral and its core ecosystem, making it faster, more powerful, and easier to use. Development of Piral happens in the open on GitHub, and we are grateful to the community for contributing bugfixes, ideas, and improvements.
Read below to learn how you can take part in improving Piral.
Repository Structure
docscontains the (user) documentationsrchas the sources for all the developed packages, samples, and pagestestcontains the test setup and (in the future) system teststoolshas some of the internal tooling for building the different components
Each subdirectory contains another README.md with more information regarding the contents of the specific folder.
Code of Conduct
We adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.
Contributing Guide
Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to Piral.
Good First Issues
To help you get your feet wet and get you familiar with our contribution process, we have a list of good first issues that contain bugs which have a relatively limited scope. This is a great place to get started.
License
Piral is released using the MIT license. For more information see the license file.
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (17) are checked with a SAST tool
Reason
Found 0/14 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/size.yml:1
- Warn: no topLevel permission defined: .github/workflows/twitter-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/twitter-tip.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/docs.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/docs.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/size.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/size.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/twitter-release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/twitter-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twitter-tip.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-tip.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/twitter-tip.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-tip.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/twitter-tip.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/smapiot/piral/twitter-tip.yml/develop?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-2qqx-w9hr-q5gx
- Warn: Project is vulnerable to: GHSA-2vrf-hf26-jrp5
- Warn: Project is vulnerable to: GHSA-4w4v-5hc9-xrr2
- Warn: Project is vulnerable to: GHSA-m2h2-264f-f486
- Warn: Project is vulnerable to: GHSA-m9gf-397r-hwpg
- Warn: Project is vulnerable to: GHSA-mqm9-c95h-x2p6
- Warn: Project is vulnerable to: GHSA-prc3-vjfx-vhm9
- Warn: Project is vulnerable to: GHSA-qwqh-hm9m-p5hr
- Warn: Project is vulnerable to: GHSA-vc8w-jr9v-vj7f
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Score
5.2
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More