Gathering detailed insights and metrics for single-spa
Gathering detailed insights and metrics for single-spa
Installations
npm install single-spaDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
22.9.0
NPM Version
10.8.3
Score
99.1
Supply Chain
91
Quality
84.2
Maintenance
100
Vulnerability
100
License
Releases
81
Contributors
48
Unable to fetch Contributors
Languages
2
JavaScript
TypeScript
JavaScript (99.06%)
TypeScript (0.94%)
Developer
Download Statistics
Total Downloads
28,410,869
Last Day
28,456
Last Week
209,393
Last Month
970,318
Last Year
10,395,752
GitHub Statistics
13,382 Stars
668 Commits
918 Forks
168 Watching
7 Branches
48 Contributors
Maintainers
4
Package Meta Information
Latest Version
6.0.3
Package Id
single-spa@6.0.3
Unpacked Size
2.02 MB
Size
503.23 kB
File Count
29
NPM Version
10.8.3
Node Version
22.9.0
Publised On
29 Sept 2024
Total Downloads
Cumulative downloads
Total Downloads
28,410,869
Last day
-36.6%
28,456
Compared to previous day
Last week
-15.7%
209,393
Compared to previous week
Last month
-2.1%
970,318
Compared to previous month
Last year
31.4%
10,395,752
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
31
@babel/core@babel/eslint-parser@babel/plugin-syntax-dynamic-import@babel/preset-env@babel/runtime@changesets/changelog-github@changesets/cli@rollup/plugin-babel@rollup/plugin-commonjs@rollup/plugin-node-resolve@rollup/plugin-replace@types/jestbabel-jestbabel-plugin-dynamic-import-nodeconcurrentlycross-envcustom-eventeslinteslint-config-important-stuffeslint-plugin-es5huskyjestjs-correct-lockfilepinstprettierpretty-quickrimrafrolluprollup-plugin-analyzerrollup-plugin-tersertsd
Versions
single-spa
A javascript framework for front-end microservices
Build micro frontends that coexist and can (but don't need to) be written with their own framework. This allows you to:
- Use multiple frameworks on the same page without refreshing the page (React, AngularJS, Angular, Ember, or whatever you're using)
- Write new code, possibly with a new framework, without rewriting your existing app
- Lazy load code for improved initial load time.
Sponsors
To add your company's logo to this section:
- Become a recurring Open Collective sponsor of at least $100 a month.
- Become a recurring Github sponsor of at least $100 a month.
- Sponsor a core team member to implement a specific feature for single-spa. Pay our regular consulting rate. Inquire in our Slack workspace.
Documentation
You can find the single-spa documentation on the website.
Check out the Getting Started page for a quick overview.
Demo and examples
Please see the examples page on the website.
Want to help?
Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on our guidelines for contributing on the single-spa website.
Contributing
The main purpose of this repository is to continue to evolve single-spa, making it better and easier to use. Development of single-spa, and the single-spa ecosystem happens in the open on GitHub, and we are grateful to the community for contributing bugfixes and improvements. Read below to learn how you can take part in improving single-spa.
Code of Conduct
Single-spa has adopted a Code of Conduct that we expect project participants to adhere to. Please read the full text so that you can understand what actions will and will not be tolerated.
Contributing Guide
Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to single-spa.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
6 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 9/29 approved changesets -- score normalized to 3
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build-and-test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/single-spa/single-spa/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/single-spa/single-spa/build-and-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/single-spa/single-spa/build-and-test.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Reason
14 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
4.1
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More