📦 Workbox: JavaScript libraries for Progressive Web Apps
Installations
npm install workbox-coreDeveloper Guide
Typescript
Yes
Module System
CommonJS
Node Version
22.9.0
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Score
99
Supply Chain
71.4
Quality
84.3
Maintenance
100
Vulnerability
72.7
License
Releases
Contributors
Languages
JavaScript (67.27%)
TypeScript (30.12%)
HTML (1.1%)
Handlebars (0.81%)
Nunjucks (0.62%)
CSS (0.07%)
Shell (0.02%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
1,066,530,882
Last Day
868,137
Last Week
5,763,635
Last Month
23,190,157
Last Year
229,310,731
GitHub Statistics
MIT License
12,515 Stars
1,357 Commits
831 Forks
208 Watchers
53 Branches
115 Contributors
Updated on Feb 12, 2025
Bundle Size
3.76 kB
Minified
1.56 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
7.3.0
Package Id
workbox-core@7.3.0
Unpacked Size
287.64 kB
Size
74.13 kB
File Count
129
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Node Version
22.9.0
Published on
Oct 29, 2024
Total Downloads
Cumulative downloads
Total Downloads
1,066,530,882
Last Day
-24.1%
868,137
Compared to previous day
Last Week
-11.9%
5,763,635
Compared to previous week
Last Month
51.4%
23,190,157
Compared to previous month
Last Year
-4.1%
229,310,731
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
This module's documentation can be found at https://developers.google.com/web/tools/workbox/modules/workbox-core
No vulnerabilities found.
Reason
no vulnerabilities detected
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: : LICENSE:1
Reason
no binaries found in the repo
Reason
9 commit(s) out of 30 and 2 issue activity out of 30 found in the last 90 days -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
GitHub code reviews found for 22 commits out of the last 30 -- score normalized to 7
Details
- Warn: no reviews found for commit: 95f97a207fd51efb3f8a653f6e3e58224183a778
- Warn: no reviews found for commit: 5e69c3f6a74ea0e6b1a0d3261a6cde11d8075859
- Warn: no reviews found for commit: d461f1294d512e82dc65fb122dca47bac58365d3
- Warn: no reviews found for commit: 85bdecd24ded38c215b4e8943ee9b3eb0e2c3ee9
- Warn: no reviews found for commit: 7c095b4f981976d11a29ac934a16c6a0fbd0c0c1
- Warn: no reviews found for commit: 9732274bf4be9857e326f399b8c09670c0f56c51
- Warn: no reviews found for commit: d796009eadcba556b2795e0fea7d71a241f535e0
- Warn: no reviews found for commit: 10859de1bd982ed9aef9e74f458d5f57dd9e9888
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/pull-request.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=permissions
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards-analysis.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
Reason
0 out of 5 artifacts are signed or have provenance
Details
- Warn: release artifact v5.1.4 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v5.1.4 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v6.0.0-alpha.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.1 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v6.0.0-alpha.1 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v5.1.3 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.3 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
- Warn: release artifact v5.1.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
Reason
no update tool detected
Details
- Warn: dependabot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
- Warn: renovatebot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
Reason
project is not fuzzed
Reason
branch protection not enabled on development/release branches
Details
- Warn: 'force pushes' enabled on branch 'v6'
- Info: 'allow deletion' disabled on branch 'v6'
- Warn: no status checks found to merge onto branch 'v6'
- Warn: number of required reviewers is only 1 on branch 'v6'
- Warn: branch protection not enabled for branch 'main'
Reason
security policy file not detected
Score
4.9
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More