Gathering detailed insights and metrics for workbox-core
Gathering detailed insights and metrics for workbox-core
📦 Workbox: JavaScript libraries for Progressive Web Apps
Installations
npm install workbox-coreDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
22.9.0
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Score
99
Supply Chain
71.4
Quality
83.6
Maintenance
100
Vulnerability
100
License
Releases
85
Languages
7
JavaScript
TypeScript
HTML
Handlebars
Nunjucks
CSS
Shell
JavaScript (67.01%)
TypeScript (30.36%)
HTML (1.11%)
Handlebars (0.81%)
Nunjucks (0.62%)
CSS (0.07%)
Shell (0.02%)
Developer
Download Statistics
Total Downloads
1,137,569,789
Last Day
292,684
Last Week
4,740,398
Last Month
20,441,684
Last Year
231,259,457
GitHub Statistics
MIT License
12,659 Stars
1,411 Commits
840 Forks
204 Watchers
56 Branches
112 Contributors
Updated on Jun 09, 2025
Bundle Size
3.76 kB
Minified
1.56 kB
Minified + Gzipped
Maintainers
6
Package Meta Information
Latest Version
7.3.0
Package Id
workbox-core@7.3.0
Unpacked Size
287.64 kB
Size
74.13 kB
File Count
129
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Node Version
22.9.0
Published on
Oct 29, 2024
Total Downloads
Cumulative downloads
Total Downloads
1,137,569,789
Last Day
-12.4%
292,684
Compared to previous day
Last Week
-10.3%
4,740,398
Compared to previous week
Last Month
4.2%
20,441,684
Compared to previous month
Last Year
-1.4%
231,259,457
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
This module's documentation can be found at https://developers.google.com/web/tools/workbox/modules/workbox-core
No vulnerabilities found.
Reason
no vulnerabilities detected
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: : LICENSE:1
Reason
no binaries found in the repo
Reason
9 commit(s) out of 30 and 2 issue activity out of 30 found in the last 90 days -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
GitHub code reviews found for 22 commits out of the last 30 -- score normalized to 7
Details
- Warn: no reviews found for commit: 95f97a207fd51efb3f8a653f6e3e58224183a778
- Warn: no reviews found for commit: 5e69c3f6a74ea0e6b1a0d3261a6cde11d8075859
- Warn: no reviews found for commit: d461f1294d512e82dc65fb122dca47bac58365d3
- Warn: no reviews found for commit: 85bdecd24ded38c215b4e8943ee9b3eb0e2c3ee9
- Warn: no reviews found for commit: 7c095b4f981976d11a29ac934a16c6a0fbd0c0c1
- Warn: no reviews found for commit: 9732274bf4be9857e326f399b8c09670c0f56c51
- Warn: no reviews found for commit: d796009eadcba556b2795e0fea7d71a241f535e0
- Warn: no reviews found for commit: 10859de1bd982ed9aef9e74f458d5f57dd9e9888
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/pull-request.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=permissions
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards-analysis.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
Reason
0 out of 5 artifacts are signed or have provenance
Details
- Warn: release artifact v5.1.4 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v5.1.4 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v6.0.0-alpha.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.1 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v6.0.0-alpha.1 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v5.1.3 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.3 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
- Warn: release artifact v5.1.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
Reason
no update tool detected
Details
- Warn: dependabot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
- Warn: renovatebot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
Reason
project is not fuzzed
Reason
branch protection not enabled on development/release branches
Details
- Warn: 'force pushes' enabled on branch 'v6'
- Info: 'allow deletion' disabled on branch 'v6'
- Warn: no status checks found to merge onto branch 'v6'
- Warn: number of required reviewers is only 1 on branch 'v6'
- Warn: branch protection not enabled for branch 'main'
Reason
security policy file not detected
Score
4.9
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More