Gathering detailed insights and metrics for utf-8-validate
Gathering detailed insights and metrics for utf-8-validate
Installations
npm install utf-8-validateDeveloper
websockets
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=6.14.2
Typescript Support
No
Node Version
22.10.0
NPM Version
10.9.0
Statistics
117 Stars
220 Commits
36 Forks
12 Watching
2 Branches
12 Contributors
Updated on 01 Nov 2024
Languages
JavaScript (63.66%)
Python (18.3%)
C++ (18.04%)
Total Downloads
Cumulative downloads
Total Downloads
311,200,271
Last day
5.1%
384,678
Compared to previous day
Last week
11.7%
2,100,485
Compared to previous week
Last month
10.2%
8,168,208
Compared to previous month
Last year
19.8%
89,400,706
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
4
Versions
utf-8-validate
Check if a buffer contains valid UTF-8 encoded text.
Installation
npm install utf-8-validate --save-optional
The --save-optional flag tells npm to save the package in your package.json
under the
optionalDependencies
key.
API
The module exports a single function that takes one argument. To maximize performance, the argument is not validated. It is the caller's responsibility to ensure that it is correct.
isValidUTF8(buffer)
Checks whether a buffer contains valid UTF-8.
Arguments
buffer- The buffer to check.
Return value
true if the buffer contains only correct UTF-8, else false.
Example
1'use strict'; 2 3const isValidUTF8 = require('utf-8-validate'); 4 5const buf = Buffer.from([0xf0, 0x90, 0x80, 0x80]); 6 7console.log(isValidUTF8(buf)); 8// => true
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:82
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:66
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v6.0.5 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/183141456
- Warn: release artifact v6.0.4 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/155288713
- Warn: release artifact v6.0.3 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/93603658
- Warn: release artifact v6.0.2 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/90349436
- Warn: release artifact v6.0.1 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/89812423
- Warn: release artifact v6.0.5 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/183141456
- Warn: release artifact v6.0.4 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/155288713
- Warn: release artifact v6.0.3 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/93603658
- Warn: release artifact v6.0.2 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/90349436
- Warn: release artifact v6.0.1 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/89812423
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 1 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More