Gathering detailed insights and metrics for react-hook-form
Gathering detailed insights and metrics for react-hook-form
📋 React Hooks for form state management and validation (Web + React Native)
Installations
npm install react-hook-formScore
95.4
Supply Chain
98.4
Quality
89.3
Maintenance
100
Vulnerability
100
License
Releases
555
Developer
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
>=18.0.0
Typescript Support
Yes
Node Version
20.0.0
NPM Version
9.6.4
Statistics
41,707 Stars
3,690 Commits
2,088 Forks
169 Watching
16 Branches
320 Contributors
Updated on 28 Nov 2024
Bundle Size
29.31 kB
Minified
10.43 kB
Minified + Gzipped
Languages
TypeScript (98.75%)
JavaScript (1.15%)
CSS (0.07%)
HTML (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
592,874,562
Last day
-5.6%
1,142,829
Compared to previous day
Last week
2.4%
6,366,261
Compared to previous week
Last month
6.8%
26,899,620
Compared to previous month
Last year
54.6%
263,498,346
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
39
@eslint/compat@microsoft/api-extractor@rollup/plugin-commonjs@rollup/plugin-node-resolve@rollup/plugin-terser@swc/core@swc/jest@testing-library/jest-dom@testing-library/react@types/jest@types/react@types/react-dom@types/testing-library__jest-domeslintbundlewatchcypresseslint-config-prettiereslint-plugin-cypresseslint-plugin-prettiereslint-plugin-reacteslint-plugin-react-hookseslint-plugin-simple-import-sorthuskyjestjest-environment-jsdomjest-previewlint-stagedmswprettierreactreact-domreact-test-rendererrimrafrolluprollup-plugin-typescript2typescript-eslinttsdtypescriptwhatwg-fetch
Versions
Get started | API | Form Builder | FAQs | Examples
Features
- Built with performance, UX and DX in mind
- Embraces native HTML form validation
- Out of the box integration with UI libraries
- Small size and no dependencies
- Support Yup, Zod, AJV, Superstruct, Joi and others
Install
npm install react-hook-form
Quickstart
1import { useForm } from 'react-hook-form'; 2 3function App() { 4 const { 5 register, 6 handleSubmit, 7 formState: { errors }, 8 } = useForm(); 9 10 return ( 11 <form onSubmit={handleSubmit((data) => console.log(data))}> 12 <input {...register('firstName')} /> 13 <input {...register('lastName', { required: true })} /> 14 {errors.lastName && <p>Last name is required.</p>} 15 <input {...register('age', { pattern: /\d+/ })} /> 16 {errors.age && <p>Please enter number for age.</p>} 17 <input type="submit" /> 18 </form> 19 ); 20}
Sponsors
Thanks go to these kind and lovely sponsors!
Past sponsors
Backers
Thanks go to all our backers! [Become a backer].
Contributors
Thanks go to these wonderful people! [Become a contributor].
No vulnerabilities found.
Reason
30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (26) are checked with a SAST tool
Reason
Found 12/30 approved changesets -- score normalized to 4
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/README.yml:1
- Warn: no topLevel permission defined: .github/workflows/api-extrator.yml:1
- Warn: no topLevel permission defined: .github/workflows/automation.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-test.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:12
- Warn: no topLevel permission defined: .github/workflows/compressed-size.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/README.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/README.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/README.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/README.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/README.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/README.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-extrator.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/api-extrator.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/automation.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/automation.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/automation.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/automation.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/build-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compressed-size.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/compressed-size.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/compressed-size.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/compressed-size.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-issue.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/react-hook-form/react-hook-form/lock-issue.yml/master?enable=pin
- Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More