📦 Workbox: JavaScript libraries for Progressive Web Apps
Installations
npm install workbox-broadcast-updateDeveloper Guide
Typescript
Yes
Module System
CommonJS
Node Version
22.9.0
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Score
98.3
Supply Chain
68.6
Quality
84.4
Maintenance
100
Vulnerability
86.6
License
Releases
Contributors
Languages
JavaScript (67.27%)
TypeScript (30.12%)
HTML (1.1%)
Handlebars (0.81%)
Nunjucks (0.62%)
CSS (0.07%)
Shell (0.02%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
941,821,397
Last Day
770,119
Last Week
4,123,235
Last Month
20,737,928
Last Year
209,518,259
GitHub Statistics
MIT License
12,523 Stars
1,359 Commits
832 Forks
207 Watchers
53 Branches
115 Contributors
Updated on Feb 20, 2025
Maintainers
Package Meta Information
Latest Version
7.3.0
Package Id
workbox-broadcast-update@7.3.0
Unpacked Size
110.44 kB
Size
24.87 kB
File Count
33
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Node Version
22.9.0
Published on
Oct 29, 2024
Total Downloads
Cumulative downloads
Total Downloads
941,821,397
Last Day
0.2%
770,119
Compared to previous day
Last Week
-24.6%
4,123,235
Compared to previous week
Last Month
51.9%
20,737,928
Compared to previous month
Last Year
-5.2%
209,518,259
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
This module's documentation can be found at https://developers.google.com/web/tools/workbox/modules/workbox-broadcast-update
No vulnerabilities found.
Reason
no vulnerabilities detected
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: : LICENSE:1
Reason
no binaries found in the repo
Reason
9 commit(s) out of 30 and 2 issue activity out of 30 found in the last 90 days -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
GitHub code reviews found for 22 commits out of the last 30 -- score normalized to 7
Details
- Warn: no reviews found for commit: 95f97a207fd51efb3f8a653f6e3e58224183a778
- Warn: no reviews found for commit: 5e69c3f6a74ea0e6b1a0d3261a6cde11d8075859
- Warn: no reviews found for commit: d461f1294d512e82dc65fb122dca47bac58365d3
- Warn: no reviews found for commit: 85bdecd24ded38c215b4e8943ee9b3eb0e2c3ee9
- Warn: no reviews found for commit: 7c095b4f981976d11a29ac934a16c6a0fbd0c0c1
- Warn: no reviews found for commit: 9732274bf4be9857e326f399b8c09670c0f56c51
- Warn: no reviews found for commit: d796009eadcba556b2795e0fea7d71a241f535e0
- Warn: no reviews found for commit: 10859de1bd982ed9aef9e74f458d5f57dd9e9888
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/pull-request.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=permissions
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards-analysis.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
Reason
0 out of 5 artifacts are signed or have provenance
Details
- Warn: release artifact v5.1.4 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v5.1.4 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v6.0.0-alpha.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.1 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v6.0.0-alpha.1 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v5.1.3 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.3 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
- Warn: release artifact v5.1.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
Reason
no update tool detected
Details
- Warn: dependabot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
- Warn: renovatebot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
Reason
project is not fuzzed
Reason
branch protection not enabled on development/release branches
Details
- Warn: 'force pushes' enabled on branch 'v6'
- Info: 'allow deletion' disabled on branch 'v6'
- Warn: no status checks found to merge onto branch 'v6'
- Warn: number of required reviewers is only 1 on branch 'v6'
- Warn: branch protection not enabled for branch 'main'
Reason
security policy file not detected
Score
4.9
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More