Gathering detailed insights and metrics for types-registry
Gathering detailed insights and metrics for types-registry
Installations
npm install types-registryScore
98.8
Supply Chain
34.7
Quality
98.6
Maintenance
100
Vulnerability
100
License
Releases
592
@definitelytyped/typescript-versions@0.1.6
@definitelytyped/typescript-versions@0.1.6
Published on 25 Nov 2024
@definitelytyped/typescript-packages@0.1.6
@definitelytyped/typescript-packages@0.1.6
Published on 25 Nov 2024
@definitelytyped/header-parser@0.2.16
@definitelytyped/header-parser@0.2.16
Published on 25 Nov 2024
@definitelytyped/eslint-plugin@0.1.22
@definitelytyped/eslint-plugin@0.1.22
Published on 25 Nov 2024
@definitelytyped/dtslint-runner@0.1.31
@definitelytyped/dtslint-runner@0.1.31
Published on 25 Nov 2024
@definitelytyped/dtslint@0.2.28
@definitelytyped/dtslint@0.2.28
Published on 25 Nov 2024
Developer
microsoft
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
No
Node Version
NPM Version
Statistics
366 Stars
2,973 Commits
213 Forks
11 Watching
26 Branches
10,000 Contributors
Updated on 27 Nov 2024
Bundle Size
2.77 MB
Minified
377.23 kB
Minified + Gzipped
Languages
TypeScript (92.37%)
JavaScript (7.63%)
Total Downloads
Cumulative downloads
Total Downloads
1,403,349,482
Last day
-11.2%
553,125
Compared to previous day
Last week
-2.3%
5,654,815
Compared to previous week
Last month
3%
24,108,827
Compared to previous month
Last year
-45.6%
176,333,748
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Versions
DefinitelyTyped-tools
A monorepo for formerly disparate DefinitelyTyped-related tools:
- definitions-parser: the part of microsoft/types-publisher that reads DefinitelyTyped repository data
- dtslint: microsoft/dtslint, make sure a package is correct for DT
- dtslint-runner: DefinitelyTyped/dtslint-runner, test all packages, or all changed packages, on DT with dtslint
- eslint-plugin: provides DT-specific lint rules
- dts-critic: DefinitelyTyped/dts-critic, issue errors when a types packages mismatches its original Javascript package.
- header-parser: microsoft/definitelytyped-header-parser, check and extract DT-related info from package.json
- publisher: the rest of microsoft/types-publisher
- retag: DefinitelyTyped/dt-retag, script to add ATA tags to
@typespackages. Run weekly. - typescript-versions: the part of definitelytyped-header-parser that tracked which TypeScript versions are published to npm and supported on DefinitelyTyped
- utils: shared utilities, mostly extracted from microsoft/types-publisher
Disclaimer
These tools are not intended for public consumption, so we may break the API whenever convenient for us.
Development
This is a monorepo managed with pnpm workspaces and published with changesets. After cloning, run pnpm install to install dependencies for each package and link them to each other.
Testing
All packages use jest, with a single configuration set up to be run from the monorepo root. pnpm test is an alias for jest, so you can run tests with any of jest’s CLI options. For example, to run tests for a single package:
1pnpm test packages/utils
Publishing/deploying
types-publisher runs in GitHub Actions using all monorepo packages built from source on master.
The public packages are published to npm using changesets. When making changes to any publishable package, run pnpm changeset (ideally as part of the related feature PR) to mark the changed packages for eventual version bumping and release. When that PR is merged, another PR will be automatically opened (or updated) updating package versions and CHANGELOGs. What that PR is merged, a workflow will publish the changed packages to npm.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/DefinitelyTyped-tools/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/DefinitelyTyped-tools/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/DefinitelyTyped-tools/codeql.yml/main?enable=pin
- Info: 31 out of 34 GitHub-owned GitHubAction dependencies pinned
- Info: 12 out of 12 third-party GitHubAction dependencies pinned
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 26 commits out of 27 are checked with a SAST tool
Reason
Found 22/29 approved changesets -- score normalized to 7
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-pqhp-25j4-6hq9
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:37
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:40
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:41
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/daily.yml:30
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/deploy.yml:61
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/keepalive.yml:11
- Warn: no topLevel permission defined: .github/workflows/check-parse-results.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/daily.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/keepalive.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-packages.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-registry.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-ts-version-tags.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Score
6.1
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More