Gathering detailed insights and metrics for tiny-invariant
Gathering detailed insights and metrics for tiny-invariant
Installations
npm install tiny-invariantDeveloper
alexreardon
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
21.6.2
NPM Version
10.2.4
Statistics
1,717 Stars
178 Commits
48 Forks
9 Watching
90 Branches
12 Contributors
Updated on 27 Nov 2024
Bundle Size
368.00 B
Minified
254.00 B
Minified + Gzipped
Languages
TypeScript (69.66%)
JavaScript (30.34%)
Total Downloads
Cumulative downloads
Total Downloads
1,758,559,979
Last day
-1.3%
2,623,256
Compared to previous day
Last week
3.6%
13,538,894
Compared to previous week
Last month
11.4%
56,681,766
Compared to previous month
Last year
38.1%
574,538,986
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
tiny-invariant 🔬💥
tiny-invariant is a tiny, widely-supported, zero-dependency alternative to invariant.
tiny-invariant - when every byte counts!
What is invariant?
An invariant function takes a value, and if the value is falsy then the invariant function will throw. If the value is truthy, then the function will not throw.
1import invariant from 'tiny-invariant'; 2 3invariant(truthyValue, 'This should not throw!'); 4 5invariant(falsyValue, 'This will throw!'); 6// Error('Invariant violation: This will throw!');
Why tiny-invariant?
The library: invariant supports passing in arguments to the invariant function in a sprintf style (condition, format, a, b, c, d, e, f). It has internal logic to execute the sprintf substitutions. The sprintf logic is not removed in production builds. tiny-invariant has dropped all of the code for sprintf logic and instead encourages consumers to leverage template literals for message formatting.
1invariant(condition, `Hello, ${name} - how are you today?`);
Error Messages
tiny-invariant allows you to pass a string message, or a function that returns a string message. Using a function that returns a message is helpful when your message is expensive to create.
1import invariant from 'tiny-invariant'; 2 3invariant(condition, `Hello, ${name} - how are you today?`); 4 5// Using a function is helpful when your message is expensive 6invariant(value, () => getExpensiveMessage());
When process.env.NODE_ENV is set to production, the message will be replaced with the generic message Invariant failed.
Type narrowing
tiny-invariant is useful for correctly narrowing types for flow and typescript
1const value: Person | null = { name: 'Alex' }; // type of value == 'Person | null' 2invariant(value, 'Expected value to be a person'); 3// type of value has been narrowed to 'Person'
API: (condition: any, message?: string | (() => string)) => void
conditionis required and can be anythingmessageoptionalstringor a function that returns astring(() => string)
Installation
1# yarn 2yarn add tiny-invariant 3 4# npm 5npm install tiny-invariant --save
Dropping your message for kb savings!
Big idea: you will want your compiler to convert this code:
1invariant(condition, 'My cool message that takes up a lot of kbs');
Into this:
1if (!condition) { 2 if ('production' !== process.env.NODE_ENV) { 3 invariant(false, 'My cool message that takes up a lot of kbs'); 4 } else { 5 invariant(false); 6 } 7}
- Babel: recommend
babel-plugin-dev-expression - TypeScript: recommend
tsdx(or you can runbabel-plugin-dev-expressionafter TypeScript compiling)
Your bundler can then drop the code in the "production" !== process.env.NODE_ENV block for your production builds to end up with this:
1if (!condition) { 2 invariant(false); 3}
- rollup: use rollup-plugin-replace and set
NODE_ENVtoproductionand thenrollupwill treeshake out the unused code - Webpack: instructions
Builds
- We have a
es(EcmaScript module) build - We have a
cjs(CommonJS) build - We have a
umd(Universal module definition) build in case you needed it
We expect process.env.NODE_ENV to be available at module compilation. We cache this value
That's it!
🤘
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Reason
Found 4/15 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/bundle-size-check.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/bundle-size-check.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/bundle-size-check.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/validate.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/validate.yml/master?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/bundle-size-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/validate.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 24 are checked with a SAST tool
Score
3.6
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More