🦘 - PouchDB is a pocket-sized database.
Installations
npm install pouchdb-collectionsScore
100
Supply Chain
72.9
Quality
83.2
Maintenance
100
Vulnerability
100
License
Developer
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
16.16.0
NPM Version
8.11.0
Statistics
16,925 Stars
5,192 Commits
1,468 Forks
271 Watching
1,554 Branches
376 Contributors
Updated on 28 Nov 2024
Bundle Size
1.49 kB
Minified
611.00 B
Minified + Gzipped
Languages
JavaScript (98.82%)
Shell (0.67%)
HTML (0.51%)
Total Downloads
Cumulative downloads
Total Downloads
37,848,564
Last day
-32%
17,573
Compared to previous day
Last week
15.3%
121,839
Compared to previous week
Last month
17.9%
476,638
Compared to previous month
Last year
-6.7%
4,853,846
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
PouchDB – The Database that Syncs!
PouchDB is an open-source JavaScript database inspired by Apache CouchDB that is designed to run well within the browser.
PouchDB was created to help web developers build applications that work as well offline as they do online.
Using PouchDB
To get started using PouchDB, check out the web site and API documentation.
Getting Help
The PouchDB community is active in #pouchdb on the CouchDB Slack, in the Google Groups mailing list, and on StackOverflow. Or you can mastodon @pouchdb!
If you think you've found a bug in PouchDB, please write a reproducible test case and file a Github issue.
Prerelease builds
If you like to live on the bleeding edge, you can build PouchDB from source using these steps:
git clone https://github.com/pouchdb/pouchdb.git
cd pouchdb
npm install
After running these steps, the browser build can be found in packages/node_modules/pouchdb/dist/pouchdb.js.
Changelog
PouchDB follows semantic versioning. To see a changelog with all PouchDB releases, check out the Github releases page.
For a concise list of breaking changes, there's the wiki list of breaking changes.
Keep in mind that PouchDB is auto-migrating, so a database created in 1.0.0 will still work if you open it in 4.0.0+. Any release containing a migration is clearly marked in the release notes.
Contributing
We're always looking for new contributors! If you'd like to try your hand at writing code, writing documentation, designing the website, writing a blog post, or answering questions on StackOverflow, then we'd love to have your input.
If you have a pull request that you'd like to submit, please read the contributing guide for info on style, commit message format, and other (slightly!) nitpicky things like that. PouchDB is heavily tested, so you'll also want to check out the testing guide.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m
- Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8
- Warn: Project is vulnerable to: GHSA-5866-49gr-22v4
- Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6
- Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:21
- Warn: no topLevel permission defined: .github/workflows/docs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/docs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/pouchdb/pouchdb/docs.yml/master?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 9.0.0 not signed: https://api.github.com/repos/pouchdb/pouchdb/releases/161701446
- Warn: release artifact 8.0.1 not signed: https://api.github.com/repos/pouchdb/pouchdb/releases/91872018
- Warn: release artifact 8.0.0 not signed: https://api.github.com/repos/pouchdb/pouchdb/releases/86152678
- Warn: release artifact 7.3.1 not signed: https://api.github.com/repos/pouchdb/pouchdb/releases/82805630
- Warn: release artifact 7.3.0 not signed: https://api.github.com/repos/pouchdb/pouchdb/releases/64433152
- Warn: release artifact 9.0.0 does not have provenance: https://api.github.com/repos/pouchdb/pouchdb/releases/161701446
- Warn: release artifact 8.0.1 does not have provenance: https://api.github.com/repos/pouchdb/pouchdb/releases/91872018
- Warn: release artifact 8.0.0 does not have provenance: https://api.github.com/repos/pouchdb/pouchdb/releases/86152678
- Warn: release artifact 7.3.1 does not have provenance: https://api.github.com/repos/pouchdb/pouchdb/releases/82805630
- Warn: release artifact 7.3.0 does not have provenance: https://api.github.com/repos/pouchdb/pouchdb/releases/64433152
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
4.5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More