Comments (1)
testing:
🐻 Trusty Dependency Analysis Action Report
🔴 Failed Dependencies Summary
Name | Trusty Score | Malicious | Archived | Deprecated |
---|---|---|---|---|
bugsnagmw | 0.00 | ❌ | ✅ | ✅ |
scriptoni | 4.40 | ✅ | ❌ | ❌ |
notifyjs | 5.70 | ✅ | ❌ | ✅ |
🟢 Successful Dependencies Summary
Name | Trusty Score |
---|---|
next | 9.30 |
react | 8.00 |
Detailed Information for Failed Dependencies
bugsnagmw |
0.00 |
⚠ Malicious (This package is marked as Malicious. Proceed with extreme caution!) | ❌ |
Trusty Score: 0.00 ❌
Category | Score | Passed |
---|---|---|
Repo activity | 0.00 |
❌ |
Author activity | 0.00 |
❌ |
Provenance | 5.00 |
✅ |
Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 0 | | Number of Git Tags/Releases | 0 | | Number of versions matched to Git Tags/Releases | 0 |
scriptoni |
4.40 |
⚠ Deprecated (This package is marked as Deprecated. Proceed with caution!) | ❌ |
⚠ Archived (This package is marked as Archived. Proceed with caution!) | ❌ |
Trusty Score: 4.40 ❌
Category | Score | Passed |
---|---|---|
Repo activity | 2.70 |
❌ |
Author activity | 6.20 |
✅ |
Provenance | 8.00 |
✅ |
Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 100 | | Number of Git Tags/Releases | 96 | | Number of versions matched to Git Tags/Releases | 90 |
Alternative Packages 💡
Package | Score | Trusty Link |
---|---|---|
create-react-app |
8.00 |
create-react-app |
react-app-rewired |
7.20 |
react-app-rewired |
react-scripts |
5.00 |
react-scripts |
craco |
3.50 |
craco |
notifyjs |
5.70 |
⚠ Archived (This package is marked as Archived. Proceed with caution!) | ❌ |
Trusty Score: 5.70 ✅
Category | Score | Passed |
---|---|---|
Repo activity | 5.00 |
✅ |
Author activity | 6.50 |
✅ |
Provenance | 8.00 |
✅ |
Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 16 | | Number of Git Tags/Releases | 16 | | Number of versions matched to Git Tags/Releases | 13 |
Detailed Information for Successful Dependencies
next |
9.30 |
Trusty Score: 9.30 ✅
Category | Score | Passed |
---|---|---|
Repo activity | 10.00 |
✅ |
Author activity | 8.60 |
✅ |
Provenance | 10.00 |
✅ |
Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
Built and signed with sigstore using GitHub Actions.
Source repo | https://github.com/vercel/next.js |
Github Action Workflow | .github/workflows/build_and_deploy.yml |
Issuer | CN=sigstore-intermediate,O=sigstore.dev |
Rekor Public Ledger | https://search.sigstore.dev/?logIndex=88381843 |
Alternative Packages 💡
Package | Score | Trusty Link |
---|---|---|
http-proxy |
8.00 |
http-proxy |
react-router |
8.00 |
react-router |
vue-router |
5.00 |
vue-router |
react-router-dom |
5.00 |
react-router-dom |
react |
8.00 |
Trusty Score: 8.00 ✅
Category | Score | Passed |
---|---|---|
Repo activity | 10.00 |
✅ |
Author activity | 8.20 |
✅ |
Provenance | 8.00 |
✅ |
Typosquatting | 10.00 |
✅ |
Proof of origin (Provenance)
| | | | --- | --- | | Number of versions | 1756 | | Number of Git Tags/Releases | 136 | | Number of versions matched to Git Tags/Releases | 69 |
Alternative Packages 💡
Package | Score | Trusty Link |
---|---|---|
styled-components |
8.00 |
styled-components |
vue |
8.00 |
vue |
svelte |
8.00 |
svelte |
preact |
7.80 |
preact |
inferno |
7.50 |
inferno |
🌟 If you like this action, why not try out Minder, the secure supply chain platform. It has vastly more protections and is also free (as in 🍺) to opensource projects.
from trusty-action.
Related Issues (9)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trusty-action.