Gathering detailed insights and metrics for tsconfck
Gathering detailed insights and metrics for tsconfck
A utility to find and parse tsconfig files without depending on typescript
Installations
npm install tsconfckScore
94.5
Supply Chain
100
Quality
83.7
Maintenance
100
Vulnerability
99.6
License
Releases
18
tsconfck@3.1.4
tsconfck@3.1.4
Published on 10 Oct 2024
tsconfck@3.1.3
tsconfck@3.1.3
Published on 31 Aug 2024
tsconfck@3.1.2
tsconfck@3.1.2
Published on 31 Aug 2024
tsconfck@3.1.1
tsconfck@3.1.1
Published on 27 Jun 2024
tsconfck@3.1.0
tsconfck@3.1.0
Published on 29 May 2024
tsconfck@3.0.3
tsconfck@3.0.3
Published on 08 Mar 2024
Developer
dominikg
Developer Guide
BETA
Module System
ESM
Min. Node Version
^18 || >=20
Typescript Support
Yes
Node Version
20.17.0
NPM Version
10.8.2
Statistics
295 Stars
248 Commits
14 Forks
3 Watching
8 Branches
10 Contributors
Updated on 27 Nov 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
136,327,179
Last day
0.7%
576,341
Compared to previous day
Last week
3.9%
2,954,805
Compared to previous week
Last month
15.1%
12,184,250
Compared to previous month
Last year
252.4%
105,732,356
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Versions
tsconfck
A utility to find and parse tsconfig files without depending on typescript
Why
Because no simple official api exists and tsconfig isn't actual json.
Features
- find closest tsconfig (tsconfig.json or jsconfig.json)
- convert tsconfig to actual json and parse it
- resolve "extends"
- resolve "references" of solution-style tsconfig
- resolve "${configDir}" variable
- optional caching for improved performance
- optional findNative and parseNative to use official typescript api
- zero dependencies (typescript optional)
- extensive testsuite
- completely async and optimized (it's fast)
- tiny 4.7KB gzip
- unbundled esm js, no sourcemaps needed
- types generated with dts-buddy
Users
Used by vite*, vite-tsconfig-paths, astro and many more
(*) vite bundles tsconfck so it is listed as a devDependency
Install
1npm install --save-dev tsconfck # or pnpm, yarn
Usage
1import { parse } from 'tsconfck'; 2const { 3 tsconfigFile, // full path to found tsconfig 4 tsconfig, // tsconfig object including merged values from extended configs 5 extended, // separate unmerged results of all tsconfig files that contributed to tsconfig 6 solution, // solution result if tsconfig is part of a solution 7 referenced // referenced tsconfig results if tsconfig is a solution 8} = await parse('foo/bar.ts');
Links
Develop
This repo uses
In every PR you have to add a changeset by running pnpm changeset and following the prompts
PRs are going to be squash-merged
1# install dependencies 2pnpm install 3# run tests 4pnpm test
License
No vulnerabilities found.
Reason
12 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Reason
Found 4/12 approved changesets -- score normalized to 3
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:13
- Info: found token with 'none' permissions: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/dominikg/tsconfck/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:38
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:29
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:83
- Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
3.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More