Gathering detailed insights and metrics for typescript
Gathering detailed insights and metrics for typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
Installations
npm install typescriptScore
95.3
Supply Chain
88.5
Quality
99.6
Maintenance
100
Vulnerability
99.6
License
Developer
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
>=14.17
Typescript Support
No
Node Version
18.20.5
NPM Version
10.8.2
Statistics
101,257 Stars
36,362 Commits
12,521 Forks
2,125 Watching
320 Branches
795 Contributors
Updated on 28 Nov 2024
Bundle Size
3.33 MB
Minified
942.85 kB
Minified + Gzipped
Languages
TypeScript (99.86%)
JavaScript (0.14%)
Total Downloads
Cumulative downloads
Total Downloads
8,598,451,731
Last day
-5.2%
12,606,810
Compared to previous day
Last week
4.4%
73,736,905
Compared to previous week
Last month
13.6%
295,720,482
Compared to previous month
Last year
35.3%
2,790,935,935
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
44
c8mschaidiffglobknipchalkmochatslibwhichdprinteslintherebyesbuildglobalschokidarminimist@types/ms@eslint/jsplaywrighttypescript@types/chai@types/diff@types/node@types/mocha@types/whichjsonc-parser@octokit/rest@types/minimistfast-xml-parser@dprint/formatter@esfx/canceltokentypescript-eslint@dprint/typescriptsource-map-supporteslint-plugin-regexpazure-devops-node-api@typescript-eslint/utils@types/source-map-supportmonocart-coverage-reports@typescript-eslint/type-utils@typescript-eslint/rule-testermocha-fivemat-progress-reportereslint-formatter-autolinkable-stylish
Versions
TypeScript
TypeScript is a language for application-scale JavaScript. TypeScript adds optional types to JavaScript that support tools for large-scale JavaScript applications for any browser, for any host, on any OS. TypeScript compiles to readable, standards-based JavaScript. Try it out at the playground, and stay up to date via our blog and Twitter account.
Find others who are using TypeScript at our community page.
Installing
For the latest stable version:
1npm install -D typescript
For our nightly builds:
1npm install -D typescript@next
Contribute
There are many ways to contribute to TypeScript.
- Submit bugs and help us verify fixes as they are checked in.
- Review the source code changes.
- Engage with other TypeScript users and developers on StackOverflow.
- Help each other in the TypeScript Community Discord.
- Join the #typescript discussion on Twitter.
- Contribute bug fixes.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Documentation
Roadmap
For details on our planned features and future direction, please refer to our roadmap.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Reason
all changesets reviewed
Reason
project has 36 contributing companies or organizations
Details
- Info: rit-sse contributor org/company found, statelyai contributor org/company found, whatwg contributor org/company found, mozilla contributor org/company found, HearTao contributor org/company found, explore-frontend contributor org/company found, cordova contributor org/company found, microsoft contributor org/company found, babel contributor org/company found, llvm contributor org/company found, livechat contributor org/company found, redux-saga contributor org/company found, w3c contributor org/company found, fimbullinter contributor org/company found, duolingo contributor org/company found, tc39 contributor org/company found, DefinitelyTyped contributor org/company found, SwitchaBLE contributor org/company found, fumc-pensacola contributor org/company found, changesets contributor org/company found, gardening contributor org/company found, vuejs contributor org/company found, replayio contributor org/company found, mozilla-standards contributor org/company found, web-platform-tests contributor org/company found, nodejs contributor org/company found, dotnet contributor org/company found, rollup contributor org/company found, preconstruct contributor org/company found, typescript-eslint contributor org/company found, stanford university contributor org/company found, pnpm contributor org/company found, facebook contributor org/company found, emotion-js contributor org/company found, misskey-dev contributor org/company found, expert-elm contributor org/company found,
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0
Reason
30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:80
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/close-issues.yml:22
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/error-deltas-watchdog.yaml:22
- Info: topLevel 'contents' permission set to 'read': .github/workflows/accept-baselines-fix-lints.yaml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/close-issues.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:25
- Info: topLevel 'contents' permission set to 'read': .github/workflows/create-cherry-pick-pr.yml:36
- Info: topLevel 'contents' permission set to 'read': .github/workflows/error-deltas-watchdog.yaml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/insiders.yaml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lkg.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/new-release-branch.yaml:40
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly.yaml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-modified-files.yml:19
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-branch-artifact.yaml:9
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Info: topLevel 'contents' permission set to 'read': .github/workflows/set-version.yaml:40
- Info: topLevel 'contents' permission set to 'read': .github/workflows/sync-branch.yaml:32
- Info: topLevel 'contents' permission set to 'read': .github/workflows/sync-wiki.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/twoslash-repros.yaml:38
- Info: topLevel 'contents' permission set to 'read': .github/workflows/update-package-lock.yaml:11
- Info: no jobLevel write permissions found
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pqhp-25j4-6hq9
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-cherry-pick-pr.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/TypeScript/create-cherry-pick-pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/new-release-branch.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/TypeScript/new-release-branch.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/set-version.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/TypeScript/set-version.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-branch.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/TypeScript/sync-branch.yaml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:191
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:208
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:241
- Warn: npmCommand not pinned by hash: .github/workflows/insiders.yaml:30
- Warn: npmCommand not pinned by hash: .github/workflows/insiders.yaml:54
- Warn: npmCommand not pinned by hash: .github/workflows/lkg.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/new-release-branch.yaml:64
- Warn: npmCommand not pinned by hash: .github/workflows/new-release-branch.yaml:73
- Warn: npmCommand not pinned by hash: .github/workflows/nightly.yaml:31
- Warn: npmCommand not pinned by hash: .github/workflows/nightly.yaml:54
- Warn: npmCommand not pinned by hash: .github/workflows/release-branch-artifact.yaml:29
- Warn: npmCommand not pinned by hash: .github/workflows/set-version.yaml:62
- Warn: npmCommand not pinned by hash: .github/workflows/set-version.yaml:77
- Warn: npmCommand not pinned by hash: .github/workflows/update-package-lock.yaml:34
- Warn: npmCommand not pinned by hash: .github/workflows/update-package-lock.yaml:40
- Info: 64 out of 64 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 7 third-party GitHubAction dependencies pinned
- Info: 23 out of 38 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v5.7.2 not signed: https://api.github.com/repos/microsoft/TypeScript/releases/187001977
- Warn: release artifact v5.7-rc not signed: https://api.github.com/repos/microsoft/TypeScript/releases/184427388
- Warn: release artifact v5.6.3 not signed: https://api.github.com/repos/microsoft/TypeScript/releases/178994879
- Warn: release artifact v5.7-beta not signed: https://api.github.com/repos/microsoft/TypeScript/releases/179177872
- Warn: release artifact v5.6.2 not signed: https://api.github.com/repos/microsoft/TypeScript/releases/174167636
- Warn: release artifact v5.7.2 does not have provenance: https://api.github.com/repos/microsoft/TypeScript/releases/187001977
- Warn: release artifact v5.7-rc does not have provenance: https://api.github.com/repos/microsoft/TypeScript/releases/184427388
- Warn: release artifact v5.6.3 does not have provenance: https://api.github.com/repos/microsoft/TypeScript/releases/178994879
- Warn: release artifact v5.7-beta does not have provenance: https://api.github.com/repos/microsoft/TypeScript/releases/179177872
- Warn: release artifact v5.6.2 does not have provenance: https://api.github.com/repos/microsoft/TypeScript/releases/174167636
Score
8.5
/10
Last Scanned on 2024-11-28T15:28:14Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More