Gathering detailed insights and metrics for workbox-webpack-plugin
Gathering detailed insights and metrics for workbox-webpack-plugin
📦 Workbox: JavaScript libraries for Progressive Web Apps
Installations
npm install workbox-webpack-pluginDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=16.0.0
Node Version
22.9.0
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Score
66.7
Supply Chain
47
Quality
80.4
Maintenance
100
Vulnerability
96.4
License
Releases
85
Languages
7
JavaScript
TypeScript
HTML
Handlebars
Nunjucks
CSS
Shell
JavaScript (67.01%)
TypeScript (30.36%)
HTML (1.11%)
Handlebars (0.81%)
Nunjucks (0.62%)
CSS (0.07%)
Shell (0.02%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
12,678 Stars
1,411 Commits
847 Forks
204 Watchers
57 Branches
112 Contributors
Updated on Jun 27, 2025
Bundle Size
4.41 MB
Minified
1.02 MB
Minified + Gzipped
Maintainers
6
Package Meta Information
Latest Version
7.3.0
Package Id
workbox-webpack-plugin@7.3.0
Unpacked Size
128.21 kB
Size
35.10 kB
File Count
32
NPM Version
lerna/5.6.2/node@v22.9.0+arm64 (darwin)
Node Version
22.9.0
Published on
Oct 29, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Peer Dependencies
1
Dev Dependencies
2
This module's documentation can be found at https://developer.chrome.com/docs/workbox/modules/workbox-webpack-plugin/
No vulnerabilities found.
Reason
no vulnerabilities detected
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: : LICENSE:1
Reason
no binaries found in the repo
Reason
9 commit(s) out of 30 and 2 issue activity out of 30 found in the last 90 days -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=pin
- Info: Third-party GitHubActions are pinned
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
GitHub code reviews found for 22 commits out of the last 30 -- score normalized to 7
Details
- Warn: no reviews found for commit: 95f97a207fd51efb3f8a653f6e3e58224183a778
- Warn: no reviews found for commit: 5e69c3f6a74ea0e6b1a0d3261a6cde11d8075859
- Warn: no reviews found for commit: d461f1294d512e82dc65fb122dca47bac58365d3
- Warn: no reviews found for commit: 85bdecd24ded38c215b4e8943ee9b3eb0e2c3ee9
- Warn: no reviews found for commit: 7c095b4f981976d11a29ac934a16c6a0fbd0c0c1
- Warn: no reviews found for commit: 9732274bf4be9857e326f399b8c09670c0f56c51
- Warn: no reviews found for commit: d796009eadcba556b2795e0fea7d71a241f535e0
- Warn: no reviews found for commit: 10859de1bd982ed9aef9e74f458d5f57dd9e9888
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/pull-request.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/pull-request.yml/master?enable=permissions
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards-analysis.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bschwind/app-route/scorecards-analysis.yml/master?enable=permissions
Reason
0 out of 5 artifacts are signed or have provenance
Details
- Warn: release artifact v5.1.4 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v5.1.4 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/30991093
- Warn: release artifact v6.0.0-alpha.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/29714899
- Warn: release artifact v6.0.0-alpha.1 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v6.0.0-alpha.1 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/28876505
- Warn: release artifact v5.1.3 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.3 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/25855661
- Warn: release artifact v5.1.2 does not have provenance: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
- Warn: release artifact v5.1.2 not signed: https://api.github.com/repos/GoogleChrome/workbox/releases/24852570
Reason
no update tool detected
Details
- Warn: dependabot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
- Warn: renovatebot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
Reason
project is not fuzzed
Reason
branch protection not enabled on development/release branches
Details
- Warn: 'force pushes' enabled on branch 'v6'
- Info: 'allow deletion' disabled on branch 'v6'
- Warn: no status checks found to merge onto branch 'v6'
- Warn: number of required reviewers is only 1 on branch 'v6'
- Warn: branch protection not enabled for branch 'main'
Reason
security policy file not detected
Score
4.9
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More