Gathering detailed insights and metrics for utf-8-validate
Gathering detailed insights and metrics for utf-8-validate
Installations
npm install utf-8-validateDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=6.14.2
Node Version
22.10.0
NPM Version
10.9.0
Releases
24
Languages
3
JavaScript
Python
C++
JavaScript (63.66%)
Python (18.3%)
C++ (18.04%)
Developer
websockets
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
NOASSERTION License
120 Stars
225 Commits
34 Forks
11 Watchers
2 Branches
12 Contributors
Updated on Jun 06, 2025
Maintainers
4
Package Meta Information
Latest Version
6.0.5
Package Id
utf-8-validate@6.0.5
Unpacked Size
700.69 kB
Size
230.80 kB
File Count
15
NPM Version
10.9.0
Node Version
22.10.0
Published on
Nov 01, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
4
utf-8-validate
Check if a buffer contains valid UTF-8 encoded text.
Installation
npm install utf-8-validate --save-optional
The --save-optional flag tells npm to save the package in your package.json
under the
optionalDependencies
key.
API
The module exports a single function that takes one argument. To maximize performance, the argument is not validated. It is the caller's responsibility to ensure that it is correct.
isValidUTF8(buffer)
Checks whether a buffer contains valid UTF-8.
Arguments
buffer- The buffer to check.
Return value
true if the buffer contains only correct UTF-8, else false.
Example
1'use strict'; 2 3const isValidUTF8 = require('utf-8-validate'); 4 5const buf = Buffer.from([0xf0, 0x90, 0x80, 0x80]); 6 7console.log(isValidUTF8(buf)); 8// => true
License
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:80
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/websockets/utf-8-validate/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:38
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:64
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v6.0.5 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/183141456
- Warn: release artifact v6.0.4 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/155288713
- Warn: release artifact v6.0.3 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/93603658
- Warn: release artifact v6.0.2 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/90349436
- Warn: release artifact v6.0.1 not signed: https://api.github.com/repos/websockets/utf-8-validate/releases/89812423
- Warn: release artifact v6.0.5 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/183141456
- Warn: release artifact v6.0.4 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/155288713
- Warn: release artifact v6.0.3 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/93603658
- Warn: release artifact v6.0.2 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/90349436
- Warn: release artifact v6.0.1 does not have provenance: https://api.github.com/repos/websockets/utf-8-validate/releases/89812423
Score
4.1
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More