Gathering detailed insights and metrics for svelte-check
Gathering detailed insights and metrics for svelte-check
The Svelte Language Server, and official extensions which use it
Installations
npm install svelte-checkReleases
545
extensions-109.3.2
extensions-109.3.2
Published on 22 Nov 2024
extensions-109.3.1
extensions-109.3.1
Published on 22 Nov 2024
svelte2tsx-0.7.28
svelte2tsx-0.7.28
Published on 22 Nov 2024
extensions-109.3.0
extensions-109.3.0
Published on 22 Nov 2024
svelte-check-4.1.0
svelte-check-4.1.0
Published on 22 Nov 2024
language-server-0.17.7
language-server-0.17.7
Published on 22 Nov 2024
Developer
sveltejs
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 18.0.0
Typescript Support
No
Node Version
20.18.0
NPM Version
10.8.2
Statistics
1,258 Stars
1,707 Commits
201 Forks
14 Watching
24 Branches
133 Contributors
Updated on 25 Nov 2024
Bundle Size
2.35 MB
Minified
573.13 kB
Minified + Gzipped
Languages
TypeScript (78.79%)
JavaScript (16.14%)
Svelte (5.07%)
Total Downloads
Cumulative downloads
Total Downloads
35,461,415
Last day
0.3%
85,373
Compared to previous day
Last week
3.3%
470,816
Compared to previous week
Last month
15.9%
1,883,219
Compared to previous month
Last year
55.8%
17,409,109
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Peer Dependencies
2
Dev Dependencies
17
@rollup/plugin-commonjs@rollup/plugin-json@rollup/plugin-node-resolve@rollup/plugin-replace@rollup/plugin-typescript@types/sadebuiltin-modulesrolluprollup-plugin-cleanuprollup-plugin-copysveltetypescriptvscode-languageservervscode-languageserver-protocolvscode-languageserver-typesvscode-urisvelte-language-server
Versions
What is Svelte Language Tools?
Svelte Language Tools contains a library implementing the Language Server Protocol (LSP). LSP powers the VSCode extension, which is also hosted in this repository. Additionally, LSP is capable of powering plugins for numerous other IDEs.
A .svelte file would look something like this:
1<script> 2 let count = 1; 3 4 // the `$:` means 're-run whenever these values change' 5 $: doubled = count * 2; 6 $: quadrupled = doubled * 2; 7 8 function handleClick() { 9 count += 1; 10 } 11</script> 12 13<button on:click="{handleClick}">Count: {count}</button> 14 15<p>{count} * 2 = {doubled}</p> 16<p>{doubled} * 2 = {quadrupled}</p>
Which is a mix of HTMLx and vanilla JavaScript (but with additional runtime behavior coming from the svelte compiler).
This repo contains the tools which provide editor integrations for Svelte files like this.
Packages
This repo uses pnpm workspaces, which TLDR means if you want to run a commands in each project then you can either cd to that directory and run the command, or use pnpm -r [command].
For example pnpm -r test.
svelte-language-server
The language server for Svelte. Built from UnwrittenFun/svelte-language-server and heavily inspired by Vetur to become the official language server for the language.
svelte-check
A command line tool to check your svelte files for type errors, unused css, and more. Built from Vetur's VTI.
svelte-vscode
The official vscode extension for Svelte. Built from UnwrittenFun/svelte-vscode to become the official vscode extension for the language.
svelte2tsx
Converts a .svelte file into a legal TypeScript file. Built from halfnelson/svelte2tsx to provide the auto-complete and import mapping inside the language server.
Want to see how it's transformed? Check out this REPL
Development
High Level Overview
1flowchart LR 2 %% IDEs 3 VSC[IDE: VSCode + Svelte for VS Code extension] 4 click VSC "https://github.com/sveltejs/language-tools/tree/master/packages/svelte-vscode" "Svelte for VSCode extension" 5 %% Tools 6 CLI[CLI: svelte-check] 7 click CLI "https://github.com/sveltejs/language-tools/tree/master/packages/svelte-check" "A command line tool to get diagnostics for Svelte code" 8 %% Svelte - Extensions 9 VSC_TSSP[typescript-svelte-plugin] 10 click VSC_TSSP "https://github.com/sveltejs/language-tools/tree/master/packages/typescript-plugin" "A TypeScript plugin for Svelte intellisense" 11 %% Svelte - Packages 12 SVELTE_LANGUAGE_SERVER["svelte-language-server"] 13 SVELTE_COMPILER_SERVICE["svelte2tsx"] 14 TS_SERVICE["TS/JS intellisense using TypeScript language service"] 15 SVELTE_SERVICE["Svelte intellisense using Svelte compiler"] 16 click SVELTE_LANGUAGE_SERVER "https://github.com/sveltejs/language-tools/tree/master/packages/language-server" "A language server adhering to the LSP" 17 click SVELTE_COMPILER_SERVICE "https://github.com/sveltejs/language-tools/tree/master/packages/language-server/src/plugins/svelte" "Transforms Svelte code into JSX/TSX code" 18 click TS_SERVICE "https://github.com/sveltejs/language-tools/tree/master/packages/language-server/src/plugins/typescript" 19 click SVELTE_SERVICE "https://github.com/sveltejs/language-tools/tree/master/packages/language-server/src/plugins/svelte" 20 %% External Packages 21 HTML_SERVICE[HTML intellisense using vscode-html-languageservice] 22 CSS_SERVICE[CSS intellisense using vscode-css-languageservice] 23 VSC_TS[vscode-typescript-language-features] 24 click HTML_SERVICE "https://github.com/microsoft/vscode-html-languageservice" 25 click CSS_SERVICE "https://github.com/microsoft/vscode-css-languageservice" 26 click VSC_TS "https://github.com/microsoft/vscode/tree/main/extensions/typescript-language-features" 27 subgraph EMBEDDED_SERVICES[Embedded Language Services] 28 direction LR 29 TS_SERVICE 30 SVELTE_SERVICE 31 HTML_SERVICE 32 CSS_SERVICE 33 end 34 VSC -- Language Server Protocol --> SVELTE_LANGUAGE_SERVER 35 CLI -- Only using diagnostics feature --> SVELTE_LANGUAGE_SERVER 36 VSC -- includes --> VSC_TS 37 VSC_TS -- loads --> VSC_TSSP 38 VSC_TSSP -- uses --> SVELTE_COMPILER_SERVICE 39 TS_SERVICE -- uses --> SVELTE_COMPILER_SERVICE 40 SVELTE_LANGUAGE_SERVER -- bundles --> EMBEDDED_SERVICES
More information about the internals can be found HERE.
Setup
Pull requests are encouraged and always welcome. Pick an issue and help us out!
To install and work on these tools locally:
Make sure to uninstall the extension from the marketplace to not have it clash with the local one.
1git clone https://github.com/sveltejs/language-tools.git svelte-language-tools 2cd svelte-language-tools 3pnpm install 4pnpm bootstrap
Do not use npm to install the dependencies, as the specific package versions in
pnpm-lock.yamlare used to build and test Svelte.
To build all of the tools, run:
1pnpm build
The tools are written in TypeScript, but don't let that put you off — it's basically just JavaScript with type annotations. You'll pick it up in no time. If you're using an editor other than Visual Studio Code you may need to install a plugin in order to get syntax highlighting and code hints etc.
Making Changes
There are two ways to work on this project: either by working against an existing project or entirely through tests.
Running the Dev Language Server Against Your App
To run the developer version of both the language server and the VSCode extension:
- open the root of this repo in VSCode
- Go to the debugging panel
- Make sure "Run VSCode Extension" is selected, and hit run
This launches a new VSCode window and a watcher for your changes. In this dev window you can choose an existing Svelte project to work against. If you don't use pure Javascript and CSS, but languages like Typescript or SCSS, your project will need a Svelte preprocessor setup. When you make changes to the extension or language server you can use the command "Reload Window" in the VSCode command palette to see your changes. When you make changes to svelte2tsx, you first need to run pnpm build within its folder.
Running Tests
You might think that as a language server, you'd need to handle a lot of back and forth between APIs, but actually it's mostly high-level JavaScript objects which are passed to the npm module vscode-languageserver.
This means it's easy to write tests for your changes:
1pnpm test
For tricker issues, you can run the tests with a debugger in VSCode by setting a breakpoint (or adding debugger in the code) and launching the task: "Run tests with debugger".
Supporting Svelte
Svelte is an MIT-licensed open source project with its ongoing development made possible entirely by the support of awesome volunteers. If you'd like to support their efforts, please consider:
Funds donated via Open Collective will be used for compensating expenses related to Svelte's development such as hosting costs. If sufficient donations are received, funds may also be used to support Svelte's development more directly.
License
Credits
- James Birtles for creating the foundation which this language server, and the extensions are built on
- Vue's Vetur language server which heavily inspires this project
- halfnelson for creating
svelte2tsx - jasonlyu123 for his ongoing work in all areas of the language-tools
No vulnerabilities found.
Reason
30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/DeploySvelte2tsxProd.yml:9
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
Found 6/30 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/CI.yml:1
- Warn: no topLevel permission defined: .github/workflows/DeployExtensionsProd.yml:1
- Warn: no topLevel permission defined: .github/workflows/DeploySvelte2tsxProd.yml:1
- Warn: no topLevel permission defined: .github/workflows/DeploySvelteCheckProd.yml:1
- Warn: no topLevel permission defined: .github/workflows/DeploySvelteLanguageServerProd.yml:1
- Warn: no topLevel permission defined: .github/workflows/DeployTypescriptPluginProd.yaml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/CI.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeployExtensionsProd.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeployExtensionsProd.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/DeployExtensionsProd.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeployExtensionsProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeployExtensionsProd.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeployExtensionsProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeploySvelte2tsxProd.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelte2tsxProd.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/DeploySvelte2tsxProd.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelte2tsxProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeploySvelte2tsxProd.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelte2tsxProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeploySvelteCheckProd.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelteCheckProd.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/DeploySvelteCheckProd.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelteCheckProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeploySvelteCheckProd.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelteCheckProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeploySvelteLanguageServerProd.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelteLanguageServerProd.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/DeploySvelteLanguageServerProd.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelteLanguageServerProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeploySvelteLanguageServerProd.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeploySvelteLanguageServerProd.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeployTypescriptPluginProd.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeployTypescriptPluginProd.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/DeployTypescriptPluginProd.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeployTypescriptPluginProd.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/DeployTypescriptPluginProd.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/language-tools/DeployTypescriptPluginProd.yaml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/CI.yml:39
- Warn: npmCommand not pinned by hash: .github/workflows/DeployExtensionsProd.yml:28
- Warn: npmCommand not pinned by hash: .github/workflows/DeployExtensionsProd.yml:42
- Warn: npmCommand not pinned by hash: .github/workflows/DeploySvelte2tsxProd.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/DeploySvelteCheckProd.yml:31
- Warn: npmCommand not pinned by hash: .github/workflows/DeploySvelteLanguageServerProd.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/DeployTypescriptPluginProd.yaml:30
- Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 8 third-party GitHubAction dependencies pinned
- Info: 0 out of 7 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 19 are checked with a SAST tool
Score
4.4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More