Gathering detailed insights and metrics for tiny-invariant
Gathering detailed insights and metrics for tiny-invariant
Installations
npm install tiny-invariantDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
21.6.2
NPM Version
10.2.4
Score
99.6
Supply Chain
99.5
Quality
76.1
Maintenance
100
Vulnerability
100
License
Releases
13
Languages
2
TypeScript
JavaScript
TypeScript (69.66%)
JavaScript (30.34%)
Developer
alexreardon
Download Statistics
Total Downloads
2,165,504,233
Last Day
1,025,873
Last Week
18,886,284
Last Month
81,255,092
Last Year
713,792,081
GitHub Statistics
MIT License
1,838 Stars
178 Commits
47 Forks
8 Watchers
90 Branches
12 Contributors
Updated on Jul 01, 2025
Bundle Size
368.00 B
Minified
254.00 B
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.3.3
Package Id
tiny-invariant@1.3.3
Unpacked Size
14.46 kB
Size
4.60 kB
File Count
13
NPM Version
10.2.4
Node Version
21.6.2
Published on
Feb 23, 2024
Total Downloads
Cumulative downloads
Total Downloads
2,165,504,233
tiny-invariant 🔬💥
A tiny invariant alternative.
What is invariant?
An invariant function takes a value, and if the value is falsy then the invariant function will throw. If the value is truthy, then the function will not throw.
1import invariant from 'tiny-invariant'; 2 3invariant(truthyValue, 'This should not throw!'); 4 5invariant(falsyValue, 'This will throw!'); 6// Error('Invariant violation: This will throw!');
You can also provide a function to generate your message, for when your message is expensive to create
1import invariant from 'tiny-invariant'; 2 3invariant(value, () => getExpensiveMessage());
Why tiny-invariant?
The library: invariant supports passing in arguments to the invariant function in a sprintf style (condition, format, a, b, c, d, e, f). It has internal logic to execute the sprintf substitutions. The sprintf logic is not removed in production builds. tiny-invariant has dropped all of the sprintf logic. tiny-invariant allows you to pass a single string message. With template literals there is really no need for a custom message formatter to be built into the library. If you need a multi part message you can just do this:
1invariant(condition, `Hello, ${name} - how are you today?`);
Type narrowing
tiny-invariant is useful for correctly narrowing types for flow and typescript
1const value: Person | null = { name: 'Alex' }; // type of value == 'Person | null' 2invariant(value, 'Expected value to be a person'); 3// type of value has been narrowed to 'Person'
API: (condition: any, message?: string | (() => string)) => void
conditionis required and can be anythingmessageoptionalstringor a function that returns astring(() => string)
Installation
1# yarn 2yarn add tiny-invariant 3 4# npm 5npm install tiny-invariant --save
Dropping your message for kb savings!
Big idea: you will want your compiler to convert this code:
1invariant(condition, 'My cool message that takes up a lot of kbs');
Into this:
1if (!condition) { 2 if ('production' !== process.env.NODE_ENV) { 3 invariant(false, 'My cool message that takes up a lot of kbs'); 4 } else { 5 invariant(false); 6 } 7}
- Babel: recommend
babel-plugin-dev-expression - TypeScript: recommend
tsdx(or you can runbabel-plugin-dev-expressionafter TypeScript compiling)
Your bundler can then drop the code in the "production" !== process.env.NODE_ENV block for your production builds to end up with this:
1if (!condition) { 2 invariant(false); 3}
- rollup: use rollup-plugin-replace and set
NODE_ENVtoproductionand thenrollupwill treeshake out the unused code - Webpack: instructions
Builds
- We have a
es(EcmaScript module) build - We have a
cjs(CommonJS) build - We have a
umd(Universal module definition) build in case you needed it
We expect process.env.NODE_ENV to be available at module compilation. We cache this value
That's it!
🤘
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 4/15 approved changesets -- score normalized to 2
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/bundle-size-check.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/bundle-size-check.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bundle-size-check.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/bundle-size-check.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/validate.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/alexreardon/tiny-invariant/validate.yml/master?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/bundle-size-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/validate.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 24 are checked with a SAST tool
Score
3.2
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More