Gathering detailed insights and metrics for undici-types
Gathering detailed insights and metrics for undici-types
An HTTP/1.1 client, written from scratch for Node.js
Installations
npm install undici-typesDeveloper Guide
BETA
Typescript
Yes
Module System
N/A
Node Version
20.19.2
NPM Version
11.4.2
Releases
198
Languages
3
JavaScript
TypeScript
Shell
JavaScript (96.63%)
TypeScript (3.36%)
Shell (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
6,927 Stars
3,426 Commits
648 Forks
50 Watchers
76 Branches
325 Contributors
Updated on Jul 10, 2025
Maintainers
2
Package Meta Information
Latest Version
7.11.0
Package Id
undici-types@7.11.0
Unpacked Size
103.01 kB
Size
25.64 kB
File Count
44
NPM Version
11.4.2
Node Version
20.19.2
Published on
Jun 26, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
undici-types
This package is a dual-publish of the undici library types. The undici package still contains types. This package is for users who only need undici types (such as for @types/node). It is published alongside every release of undici, so you can always use the same version.
No vulnerabilities found.
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
all changesets reviewed
Reason
30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
project is fuzzed
Details
- Info: JavaScriptPropertyBasedTesting integration found: test/fuzzing/fuzzing.test.js:4
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:40
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 85 contributing companies or organizations
Details
- Info: found contributions from: Azure, BoostIO, CasparCG, ES-Community, EpicGames, GonzagaAccess, Level, LyraSearch, Pseudo-Corp, Puella-Care, Somerset-SIDeR-Programme, TrainingPlay, Trendyol, WebAssembly, WebKit, WinterTC55, ada-url, adonisjs, auth0, aws, awslabs, babel, busterjs, cheminfo, cheminfo-js, cloudflare, cloudflare-whatwg, cowtech, danger, dymonaz, elastic, expressjs, fastify, flarelabs-net, freeCodeCamp, fvgdev, h3js, h5o, hackwitus, harperdb, image-js, insidewarehouse, jshttp, lexplano, malijs, mbi health, microsoft, minibuf, mljs, mochajs, mqttjs, nearform, nock, nodejs, nodejs-private, nodesource, nxtedition, oauth-wg, okta, openid, openjs-foundation, ossf, pasokonistan, passionfruit-earth, pillarjs, pinojs, piscinajs, pkgjs, platformatic, pnpm, pouchdb, prettier, puella care, relevantfruit, sagemath, simdutf, tech-conferences, trendyol, ubie-oss, upringjs, w3c, wasm-signatures, web-platform-tests, zakodium, zakodium-oss
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 28 commits out of 30 are checked with a SAST tool
Reason
binaries present in source code
Details
- Warn: binary detected: lib/llhttp/llhttp.wasm:1
- Warn: binary detected: lib/llhttp/llhttp_simd.wasm:1
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/autobahn.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/autobahn.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/backport.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/backport.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-create-pr.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release-create-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-create-pr.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release-create-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-create-pr.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release-create-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/nodejs/undici/release.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: test/fixtures/wpt/resources/webidl2/build.sh:7
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:89
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:91
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:111
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:113
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:132
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:134
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:25
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:46
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:48
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:68
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:70
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs-shared.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:49
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:95
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:159
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:180
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:201
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:58
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:59
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:41
- Info: 42 out of 50 GitHub-owned GitHubAction dependencies pinned
- Info: 9 out of 11 third-party GitHubAction dependencies pinned
- Info: 0 out of 22 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/nodejs.yml:217
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-create-pr.yml:26
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:46
- Info: topLevel 'contents' permission set to 'read': .github/workflows/autobahn.yml:16
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/backport.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/bench.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nodejs-shared.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nodejs.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-create-pr.yml:4
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:11
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/triggered-autobahn.yml:9
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/update-cache-tests.yml:9
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/update-wpt.yml:9
Reason
no effort to earn an OpenSSF best practices badge detected
Score
8.2
/10
Last Scanned on 2025-07-10T07:53:07Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More