Gathering detailed insights and metrics for serialport
Gathering detailed insights and metrics for serialport
Access serial ports with JavaScript. Linux, OSX and Windows. Welcome your robotic JavaScript overlords. Better yet, program them!
Installations
npm install serialportDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=20.0.0
Node Version
20.18.1
NPM Version
lerna/7.2.0/node@v20.18.1+arm64 (darwin)
Score
93.9
Supply Chain
95.1
Quality
79
Maintenance
100
Vulnerability
100
License
Releases
100
Languages
4
TypeScript
JavaScript
HTML
C++
TypeScript (85.61%)
JavaScript (13.42%)
HTML (0.79%)
C++ (0.19%)
Developer
Download Statistics
Total Downloads
21,077,313
Last Day
6,546
Last Week
89,407
Last Month
378,943
Last Year
4,131,629
GitHub Statistics
MIT License
5,919 Stars
2,121 Commits
1,013 Forks
172 Watchers
60 Branches
167 Contributors
Updated on Jul 02, 2025
Bundle Size
50.89 kB
Minified
12.56 kB
Minified + Gzipped
Sponsor this package
Maintainers
2
Package Meta Information
Latest Version
13.0.0
Package Id
serialport@13.0.0
Unpacked Size
11.98 kB
Size
4.39 kB
File Count
9
NPM Version
lerna/7.2.0/node@v20.18.1+arm64 (darwin)
Node Version
20.18.1
Published on
Dec 24, 2024
Total Downloads
Cumulative downloads
Total Downloads
21,077,313
Dependencies
14
@serialport/binding-mock@serialport/bindings-cpp@serialport/parser-byte-length@serialport/parser-cctalk@serialport/parser-delimiter@serialport/parser-inter-byte-timeout@serialport/parser-packet-length@serialport/parser-readline@serialport/parser-ready@serialport/parser-regex@serialport/parser-slip-encoder@serialport/parser-spacepacket@serialport/streamdebug
Dev Dependencies
1
serialport
Access serial ports with JavaScript. Linux, OSX and Windows. Welcome your robotic JavaScript overlords. Better yet, program them!
Go to https://serialport.io/ to learn more, find guides and api documentation.
Quick Links
Serialport
serialportChances are you're looking for theserialportpackage which provides a good set of defaults for most projects. However it is quite easy to mix and match the parts of serialport you need.
Bindings
The Bindings provide a low level interface to work with your serialport. It is possible to use them alone but it's usually easier to use them with an interface.
@serialport/bindings-cppbindings for Linux, Mac and Windows@serialport/bindings-interfacea typescript interface to use if you're making your own bindings@serialport/binding-mockfor a mock binding package for testing
Interfaces
Interfaces take a binding object and provide a different API on top of it. Currently we only ship a Node Stream Interface.
@serialport/streamour traditional Node.js Stream interface
Parsers
Parsers are used to take raw binary data and transform them into usable messages. This may include tasks such as converting the data to text, emitting useful chunks of data when they have been fully received, or even validating protocols.
Parsers are traditionally Transform streams, but Duplex streams and other non stream interfaces are acceptable.
- @serialport/parser-byte-length
- @serialport/parser-cctalk
- @serialport/parser-delimiter
- @serialport/parser-readline
- @serialport/parser-ready
- @serialport/parser-regex
- @serialport/parser-slip-encoder
Developing
Developing node serialport projects
- Clone this repo
git clone git@github.com:serialport/node-serialport.git - Run
npm installto setup local package dependencies (run this any time you depend on a package local to this repo) - Run
npm testto ensure everything is working properly - Add dev dependencies to the root package.json and package dependencies to the package's one.
Developing Docs
You can develop the docs with in the website repo.
Docs are automatically built with vercel including previews on branches. The main branch is deployed to https://serialport.io
License
SerialPort packages are all MIT licensed and all it's dependencies are MIT licensed.
Code of Conduct
SerialPort follows the Nodebots Code of Conduct. While the code is MIT licensed participation in the community has some rules to make this a good place to work and learn.
TLDR
- Be respectful.
- Abusive behavior is never tolerated.
- Data published to NodeBots is hosted at the discretion of the service administrators, and may be removed.
- Don't build evil robots.
- Violations of this code may result in swift and permanent expulsion from the NodeBots community.
Governance and Community
SerialPort is currently employees a governance with a group of maintainers, committers and contributors, all fixing bugs and adding features and improving documentation. You need not apply to work on SerialPort, all are welcome to join, build, and maintain this project.
- A Contributor is any individual creating or commenting on an issue or pull request. By participating, this is you.
- Committers are contributors who have been given write access to the repository. They can review and merge pull requests.
- Maintainers are committers representing the required technical expertise to resolve rare disputes.
If you have a PR that improves the project people in any or all of the above people will help you land it.
Maintainers
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-merge.yml:5
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:5
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 7
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-merge.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/serialport/node-serialport/test-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-merge.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/serialport/node-serialport/test-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/serialport/node-serialport/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/serialport/node-serialport/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/serialport/node-serialport/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/serialport/node-serialport/test.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 2 third-party GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6.3
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More