Comments (1)
yrobla
commented on June 17, 2024
testing:
🐻 Trusty Dependency Analysis Action Report
🔴 Failed Dependencies Summary
| Name | Trusty Score | Malicious | Archived | Deprecated |
|---|---|---|---|---|
| bugsnagmw | 0.00 | ❌ | ✅ | ✅ |
| scriptoni | 4.40 | ✅ | ❌ | ❌ |
| notifyjs | 5.70 | ✅ | ❌ | ✅ |
🟢 Successful Dependencies Summary
| Name | Trusty Score |
|---|---|
| next | 9.30 |
| react | 8.00 |
Detailed Information for Failed Dependencies
bugsnagmw |
0.00 |
| ⚠ Malicious (This package is marked as Malicious. Proceed with extreme caution!) | ❌ |
Trusty Score: 0.00 ❌
| Category | Score | Passed |
|---|---|---|
| Repo activity | 0.00 |
❌ |
| Author activity | 0.00 |
❌ |
| Provenance | 5.00 |
✅ |
| Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 0 | | Number of Git Tags/Releases | 0 | | Number of versions matched to Git Tags/Releases | 0 |
scriptoni |
4.40 |
| ⚠ Deprecated (This package is marked as Deprecated. Proceed with caution!) | ❌ |
| ⚠ Archived (This package is marked as Archived. Proceed with caution!) | ❌ |
Trusty Score: 4.40 ❌
| Category | Score | Passed |
|---|---|---|
| Repo activity | 2.70 |
❌ |
| Author activity | 6.20 |
✅ |
| Provenance | 8.00 |
✅ |
| Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 100 | | Number of Git Tags/Releases | 96 | | Number of versions matched to Git Tags/Releases | 90 |
Alternative Packages 💡
| Package | Score | Trusty Link |
|---|---|---|
create-react-app |
8.00 |
create-react-app |
react-app-rewired |
7.20 |
react-app-rewired |
react-scripts |
5.00 |
react-scripts |
craco |
3.50 |
craco |
notifyjs |
5.70 |
| ⚠ Archived (This package is marked as Archived. Proceed with caution!) | ❌ |
Trusty Score: 5.70 ✅
| Category | Score | Passed |
|---|---|---|
| Repo activity | 5.00 |
✅ |
| Author activity | 6.50 |
✅ |
| Provenance | 8.00 |
✅ |
| Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 16 | | Number of Git Tags/Releases | 16 | | Number of versions matched to Git Tags/Releases | 13 |
Detailed Information for Successful Dependencies
next |
9.30 |  |
Trusty Score: 9.30 ✅
| Category | Score | Passed |
|---|---|---|
| Repo activity | 10.00 |
✅ |
| Author activity | 8.60 |
✅ |
| Provenance | 10.00 |
✅ |
| Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
Built and signed with sigstore using GitHub Actions.
| Source repo | https://github.com/vercel/next.js |
| Github Action Workflow | .github/workflows/build_and_deploy.yml |
| Issuer | CN=sigstore-intermediate,O=sigstore.dev |
| Rekor Public Ledger | https://search.sigstore.dev/?logIndex=88381843 |
Alternative Packages 💡
| Package | Score | Trusty Link |
|---|---|---|
http-proxy |
8.00 |
http-proxy |
react-router |
8.00 |
react-router |
vue-router |
5.00 |
vue-router |
react-router-dom |
5.00 |
react-router-dom |
react |
8.00 |
Trusty Score: 8.00 ✅
| Category | Score | Passed |
|---|---|---|
| Repo activity | 10.00 |
✅ |
| Author activity | 8.20 |
✅ |
| Provenance | 8.00 |
✅ |
| Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 1756 | | Number of Git Tags/Releases | 136 | | Number of versions matched to Git Tags/Releases | 69 |
Alternative Packages 💡
| Package | Score | Trusty Link |
|---|---|---|
styled-components |
8.00 |
styled-components |
vue |
8.00 |
vue |
svelte |
8.00 |
svelte |
preact |
7.80 |
preact |
inferno |
7.50 |
inferno |
🌟 If you like this action, why not try out Minder, the secure supply chain platform. It has vastly more protections and is also free (as in 🍺) to opensource projects.
from trusty-action.
Related Issues (9)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trusty-action.