RESULTS ------- Aggregate score: 6.3 / 10 Check scores: |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | SCORE | NAME | REASON | DETAILS | DOCUMENTATION/REMEDIATION | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Binary-Artifacts | no binaries found in the repo | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#binary-artifacts | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Branch-Protection | branch protection is fully | Warn: branch protection not | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#branch-protection | | | | enabled on development and all | enabled for branch 'master' | | | | | release branches | | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | ? | CI-Tests | internal error: cannot list | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#ci-tests | | | | check runs by ref | | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | CII-Best-Practices | no badge detected | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#cii-best-practices | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 1 / 10 | Code-Review | GitHub code reviews found for | Info: Gerrit code reviews | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#code-review | | | | 5 commits out of the last 30 | found for 0 commits out of | | | | | -- score normalized to 1 | the last 30 Info: Prow code | | | | | | reviews found for 0 commits | | | | | | out of the last 30 | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Contributors | 57 different companies found | Info: contributors work for: vuese,vue-mini,neucn,Hedgehog-Computing,University-of-Bread,znckco,HcySunYang-bot,GitCodeTree,ninja-squad,x2y2dotcom,LemonVM,bread-os,AimonaStudio,hypermob,onyxjs,hexojs,actions-cool,octopus-network,undefined,vuejs-fr,pingcap,libevent,originjs,grammarly,home,project-incubator,prettier,cnAbp,ProgramLeague,viteland,HMUniversity,simple-uploader,vuepress,bytedance,freelance,nodejs,china | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#contributors | | | | -- score normalized to 10 | electric vehicle association,codeIt-today,antvis,hopejs,tencent,DimensionDev,rainbow alliance,tenbot,tc39,xjtuana,hcwg,vuejs,BejDev,darukjs,JSCIG,LGBT-CN,trend-fed-sharing,Ninja-Squad,poc-playground,picpay,line fukuoka | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Dependency-Update-Tool | update tool detected | Info: dependabot detected: | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#dependency-update-tool | | | | | .github/dependabot.yml:1 | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Fuzzing | project is not fuzzed | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#fuzzing | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Maintained | 30 commit(s) out of 30 and 30 | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#maintained | | | | issue activity out of 30 found | | | | | | in the last 90 days -- score | | | | | | normalized to 10 | | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | ? | Packaging | no published package detected | Warn: no GitHub publishing | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#packaging | | | | | workflow detected | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 6 / 10 | Pinned-Dependencies | dependency not pinned by hash | Warn: no lock files detected for | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#pinned-dependencies | | | | detected -- score normalized | a package manager Warn: dependency | | | | | to 6 | not pinned by hash (job 'test'): | | | | | | .github/workflows/ci.yml:13 | | | | | | Warn: dependency not pinned | | | | | | by hash (job 'test'): | | | | | | .github/workflows/ci.yml:16 Warn: | | | | | | dependency not pinned by hash (job | | | | | | 'test'): .github/workflows/ci.yml:21 | | | | | | Warn: dependency not pinned | | | | | | by hash (job 'test-dts'): | | | | | | .github/workflows/ci.yml:34 | | | | | | Warn: dependency not pinned | | | | | | by hash (job 'test-dts'): | | | | | | .github/workflows/ci.yml:37 | | | | | | Warn: dependency not pinned | | | | | | by hash (job 'test-dts'): | | | | | | .github/workflows/ci.yml:42 Warn: | | | | | | dependency not pinned by hash (job | | | | | | 'size'): .github/workflows/ci.yml:57 | | | | | | Warn: dependency not pinned | | | | | | by hash (job 'size'): | | | | | | .github/workflows/ci.yml:60 Warn: | | | | | | dependency not pinned by hash (job | | | | | | 'size'): .github/workflows/ci.yml:65 | | | | | | Warn: dependency not pinned by | | | | | | hash (job 'Create Release'): | | | | | | .github/workflows/release-tag.yml:14 | | | | | | Warn: dependency not pinned by | | | | | | hash (job 'Create Release'): | | | | | | .github/workflows/release-tag.yml:17 | | | | | | Info: Dockerfile dependencies are | | | | | | pinned Info: no insecure (not pinned | | | | | | by hash) dependency downloads found | | | | | | in Dockerfiles Info: no insecure | | | | | | (not pinned by hash) dependency | | | | | | downloads found in shell scripts | | | | | | Info: no insecure (not pinned by | | | | | | hash) dependency downloads found in | | | | | | GitHub workflows | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | SAST | no SAST tool detected | Warn: no pull requests merged | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#sast | | | | | into dev branch Warn: CodeQL | | | | | | tool not detected | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Security-Policy | security policy file detected | Info: security policy | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#security-policy | | | | | detected: SECURITY.md:1 | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | ? | Signed-Releases | no releases found | Warn: no GitHub releases found | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#signed-releases | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Token-Permissions | non read-only tokens detected | Warn: no permission defined: | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#token-permissions | | | | in GitHub workflows | .github/workflows/ci.yml:1 | | | | | | Warn: no permission defined: | | | | | | .github/workflows/release-tag.yml:1 | | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Vulnerabilities | no vulnerabilities detected | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#vulnerabilities | |---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|