Reason

no binaries found in the repo

Reason

no dangerous workflow patterns detected

Reason

license file detected

Details

• Info: project has a license file: LICENSE:0
• Info: FSF or OSI recognized license: MIT License: LICENSE:0

Reason

Found 12/23 approved changesets -- score normalized to 5

Reason

0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0

Reason

detected GitHub workflow tokens with excessive permissions

Details

• Warn: no topLevel permission defined: .github/workflows/test.yml:1
• Info: no jobLevel write permissions found

Reason

no effort to earn an OpenSSF best practices badge detected

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/reactjs/react-modal/test.yml/master?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/reactjs/react-modal/test.yml/master?enable=pin
• Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned

Reason

security policy file not detected

Details

• Warn: no security policy file detected
• Warn: no security file to analyze
• Warn: no security file to analyze
• Warn: no security file to analyze

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

SAST tool is not run on all commits -- score normalized to 0

Details

• Warn: 0 commits out of 19 are checked with a SAST tool

Reason

79 existing vulnerabilities detected

Details

• Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
• Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
• Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
• Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
• Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
• Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
• Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
• Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
• Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
• Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
• Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
• Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
• Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
• Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
• Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
• Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p
• Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
• Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
• Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
• Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
• Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
• Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
• Warn: Project is vulnerable to: GHSA-273r-mgr4-v34f
• Warn: Project is vulnerable to: GHSA-r7qp-cfhv-p84w
• Warn: Project is vulnerable to: GHSA-q9mw-68c2-j6m5
• Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
• Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
• Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
• Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
• Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
• Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
• Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
• Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
• Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
• Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
• Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
• Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
• Warn: Project is vulnerable to: GHSA-7x7c-qm48-pq9c
• Warn: Project is vulnerable to: GHSA-rc3x-jf5g-xvc5
• Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
• Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
• Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
• Warn: Project is vulnerable to: GHSA-82v2-mx6x-wq7q
• Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
• Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
• Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
• Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
• Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
• Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
• Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
• Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
• Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
• Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
• Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
• Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
• Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
• Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
• Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
• Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
• Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
• Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
• Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
• Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
• Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
• Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
• Warn: Project is vulnerable to: GHSA-qm95-pgcg-qqfq
• Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
• Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
• Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
• Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
• Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
• Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
• Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
• Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
• Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
• Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
• Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
• Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
• Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q