Gathering detailed insights and metrics for salmanh-geoip2-node
Gathering detailed insights and metrics for salmanh-geoip2-node
Installations
npm install salmanh-geoip2-nodeDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Score
63.1
Supply Chain
98.4
Quality
75.4
Maintenance
50
Vulnerability
98.6
License
Releases
34
Contributors
46
Unable to fetch Contributors
Languages
3
TypeScript
JavaScript
Shell
TypeScript (96.53%)
JavaScript (2.07%)
Shell (1.4%)
Developer
Download Statistics
Total Downloads
2,578
Last Day
1
Last Week
25
Last Month
100
Last Year
1,327
GitHub Statistics
227 Stars
1,983 Commits
25 Forks
19 Watching
17 Branches
46 Contributors
Bundle Size
57.29 kB
Minified
18.41 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.2.3
Package Id
salmanh-geoip2-node@2.2.3
Unpacked Size
54.82 kB
Size
15.48 kB
File Count
44
Publised On
27 Jul 2023
Total Downloads
Cumulative downloads
Total Downloads
2,578
Last day
-75%
1
Compared to previous day
Last week
8.7%
25
Compared to previous week
Last month
9.9%
100
Compared to previous month
Last year
6.1%
1,327
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Steps for releasing:
- Review open issues and PRs to see if any can easily be fixed, closed, or merged.
- Bump copyright year in
README.md, if necessary. - Review
CHANGELOG.mdfor completeness and correctness. Update its release date. - Create a release PR containing the updates relating to any of the steps above.
- Ensure that the release PR is merged into main.
- With
mainchecked out, runyarn run release. This will generate the docs, deploy docs, tag the release, push it to origin, create a GitHub release, and version the package on NPM. - Verify the release on GitHub and NPM.
- Manually edit the release on GitHub to include the release-specific notes found in
CHANGELOG.md.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
0 existing vulnerabilities detected
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/maxmind/GeoIP2-node/test.yml/main?enable=pin
- Warn: downloadThenRun not pinned by hash: bin/install-precious:17
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 4 out of 4 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.8
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More