GitHub / domdfcoding / domdf_wxpython_tools
Tools and widgets for wxPython.
JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/domdfcoding%2Fdomdf_wxpython_tools
PURL: pkg:github/domdfcoding/domdf_wxpython_tools
Stars: 4
Forks: 2
Open issues: 0
License: lgpl-3.0
Language: Python
Size: 604 KB
Dependencies parsed at: Pending
Created at: over 6 years ago
Updated at: 6 months ago
Pushed at: 6 months ago
Last synced at: 6 months ago
Commit Stats
Commits: 206
Authors: 5
Mean commits per author: 41.2
Development Distribution Score: 0.044
More commit stats: https://commits.ecosyste.ms/hosts/GitHub/repositories/domdfcoding/domdf_wxpython_tools
Topics: python, python3, utility, wxpython
Funding Links https://github.com/sponsors/domdfcoding
OpenSSF Scorecard report
3.3
Overall Score
10/10 Critical Risk
14/60 High Risk
10/50 Medium Risk
10/20 Low Risk
Generated on August 11, 2025
| Scorecard vv5.2.1-40-gf6ed084d
Security Checks
no binaries found in the repo
Determines if the project has generated executable (binary) artifacts in the source repository.
no dangerous workflow patterns detected
Determines if the project's GitHub Action workflows avoid dangerous patterns.
license file detected
Determines if the project has defined a license.
Show details
ℹ️
Info: project has a license file: LICENSE:0
ℹ️
Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: LICENSE:0
packaging workflow detected
Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.
Show details
ℹ️
Info: Project packages its releases by way of GitHub Actions.: .github/workflows/python_ci_linux.yml:75
5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Determines if the project is "actively maintained".
no effort to earn an OpenSSF best practices badge detected
Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
Found 0/21 approved changesets -- score normalized to 0
Determines if the project requires human code review before pull requests (aka merge requests) are merged.
project is not fuzzed
Determines if the project uses fuzzing.
Show details
⚠️
Warn: no fuzzer integrations found
dependency not pinned by hash detected -- score normalized to 0
Determines if the project has declared and pinned the dependencies of its build process.
Show details
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_test_action.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/docs_test_action.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_test_action.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/docs_test_action.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flake8.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/flake8.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/flake8.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/flake8.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flake8.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/flake8.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mypy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/mypy.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/mypy.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/mypy.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mypy.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/mypy.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/octocheese.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/octocheese.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/python_ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci_linux.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_linux.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/python_ci_linux.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_linux.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci_linux.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_linux.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci_linux.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_linux.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci_linux.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_linux.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/python_ci_linux.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_linux.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci_macos.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_macos.yml/master?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/python_ci_macos.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_macos.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_ci_macos.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/domdfcoding/domdf_wxpython_tools/python_ci_macos.yml/master?enable=pin
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/flake8.yml:45
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/flake8.yml:46
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/mypy.yml:52
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/mypy.yml:53
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/mypy.yml:60
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/mypy.yml:61
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/python_ci_linux.yml:66
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/python_ci_linux.yml:67
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/python_ci_linux.yml:93
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/python_ci_linux.yml:94
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/python_ci_linux.yml:113
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/python_ci_macos.yml:63
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/python_ci_macos.yml:64
ℹ️
Info: 0 out of 13 GitHub-owned GitHubAction dependencies pinned
ℹ️
Info: 0 out of 8 third-party GitHubAction dependencies pinned
ℹ️
Info: 0 out of 13 pipCommand dependencies pinned
SAST tool is not run on all commits -- score normalized to 0
Determines if the project uses static code analysis.
Show details
⚠️
Warn: 0 commits out of 9 are checked with a SAST tool
security policy file not detected
Determines if the project has published a security policy.
Show details
⚠️
Warn: no security policy file detected
⚠️
Warn: no security file to analyze
⚠️
Warn: no security file to analyze
⚠️
Warn: no security file to analyze
Project has not signed or included provenance with any releases.
Determines if the project cryptographically signs release artifacts.
Show details
⚠️
Warn: release artifact v0.3.0.post1 not signed: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/107500061
⚠️
Warn: release artifact v0.2.5 not signed: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606306
⚠️
Warn: release artifact v0.2.4 not signed: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606307
⚠️
Warn: release artifact v0.2.3 not signed: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606308
⚠️
Warn: release artifact v0.2.2 not signed: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606309
⚠️
Warn: release artifact v0.3.0.post1 does not have provenance: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/107500061
⚠️
Warn: release artifact v0.2.5 does not have provenance: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606306
⚠️
Warn: release artifact v0.2.4 does not have provenance: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606307
⚠️
Warn: release artifact v0.2.3 does not have provenance: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606308
⚠️
Warn: release artifact v0.2.2 does not have provenance: https://api.github.com/repos/domdfcoding/domdf_wxpython_tools/releases/26606309
detected GitHub workflow tokens with excessive permissions
Determines if the project's workflows follow the principle of least privilege.
Show details
ℹ️
Info: topLevel 'contents' permission set to 'read': .github/workflows/docs_test_action.yml:13
ℹ️
Info: topLevel 'contents' permission set to 'read': .github/workflows/flake8.yml:14
ℹ️
Info: topLevel 'contents' permission set to 'read': .github/workflows/mypy.yml:14
⚠️
Warn: no topLevel permission defined: .github/workflows/octocheese.yml:1
ℹ️
Info: topLevel 'contents' permission set to 'read': .github/workflows/python_ci.yml:17
⚠️
Warn: topLevel 'actions' permission set to 'write': .github/workflows/python_ci.yml:15
⚠️
Warn: topLevel 'actions' permission set to 'write': .github/workflows/python_ci_linux.yml:16
ℹ️
Info: topLevel 'contents' permission set to 'read': .github/workflows/python_ci_linux.yml:18
ℹ️
Info: topLevel 'contents' permission set to 'read': .github/workflows/python_ci_macos.yml:17
⚠️
Warn: topLevel 'actions' permission set to 'write': .github/workflows/python_ci_macos.yml:15
ℹ️
Info: no jobLevel write permissions found
41 existing vulnerabilities detected
Determines if the project has open, known unfixed vulnerabilities.
Show details
⚠️
Warn: Project is vulnerable to: PYSEC-2021-856 / GHSA-5545-2q6w-2gh6
⚠️
Warn: Project is vulnerable to: GHSA-6p56-wp2h-9hxr
⚠️
Warn: Project is vulnerable to: PYSEC-2019-108 / GHSA-9fq2-x9r6-wfmf
⚠️
Warn: Project is vulnerable to: PYSEC-2021-857 / GHSA-f7c7-j99h-c22f
⚠️
Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm
⚠️
Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq
⚠️
Warn: Project is vulnerable to: PYSEC-2021-41 / GHSA-3wvg-mj6g-m9cv
⚠️
Warn: Project is vulnerable to: PYSEC-2020-77 / GHSA-3xv8-3j54-hgrp
⚠️
Warn: Project is vulnerable to: PYSEC-2020-80 / GHSA-43fq-w8qq-v88h
⚠️
Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3
⚠️
Warn: Project is vulnerable to: GHSA-4fx9-vc88-q2xc
⚠️
Warn: Project is vulnerable to: PYSEC-2021-35 / GHSA-57h3-9rgr-c24m
⚠️
Warn: Project is vulnerable to: PYSEC-2021-331 / GHSA-7534-mm45-c74v
⚠️
Warn: Project is vulnerable to: PYSEC-2021-137 / GHSA-77gc-v2xv-rvvh
⚠️
Warn: Project is vulnerable to: PYSEC-2021-92 / GHSA-7r7m-5h27-29hp
⚠️
Warn: Project is vulnerable to: PYSEC-2020-78 / GHSA-8843-m7mw-mxqm
⚠️
Warn: Project is vulnerable to: PYSEC-2023-227 / GHSA-8ghj-p4vj-mr35
⚠️
Warn: Project is vulnerable to: PYSEC-2022-10 / GHSA-8vj2-vxx3-667w
⚠️
Warn: Project is vulnerable to: PYSEC-2021-36 / GHSA-8xjq-8fcg-g5hw
⚠️
Warn: Project is vulnerable to: PYSEC-2021-42 / GHSA-95q3-8gr9-gm8w
⚠️
Warn: Project is vulnerable to: PYSEC-2021-317 / GHSA-98vv-pw6r-q6q4
⚠️
Warn: Project is vulnerable to: PYSEC-2021-38 / GHSA-9hx2-hgq2-2g4f
⚠️
Warn: Project is vulnerable to: PYSEC-2022-168 / GHSA-9j59-75qj-795w
⚠️
Warn: Project is vulnerable to: PYSEC-2020-76 / GHSA-cqhg-xjhh-p8hf
⚠️
Warn: Project is vulnerable to: PYSEC-2021-40 / GHSA-f4w8-cv6p-x6r5
⚠️
Warn: Project is vulnerable to: PYSEC-2021-69 / GHSA-f5g8-5qq7-938w
⚠️
Warn: Project is vulnerable to: PYSEC-2021-139 / GHSA-g6rj-rv7j-xwp4
⚠️
Warn: Project is vulnerable to: PYSEC-2021-71 / GHSA-hf64-x4gq-p99h
⚠️
Warn: Project is vulnerable to: PYSEC-2021-94 / GHSA-hjfx-8p6c-g7gx
⚠️
Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr
⚠️
Warn: Project is vulnerable to: GHSA-jgpv-4h4c-xhw3
⚠️
Warn: Project is vulnerable to: PYSEC-2022-42979 / GHSA-m2vv-5vj5-2hm7
⚠️
Warn: Project is vulnerable to: PYSEC-2021-37 / GHSA-mvg9-xffr-p774
⚠️
Warn: Project is vulnerable to: PYSEC-2021-39 / GHSA-p43w-g3c5-g5mq
⚠️
Warn: Project is vulnerable to: PYSEC-2022-8 / GHSA-pw3c-h7wp-cvhx
⚠️
Warn: Project is vulnerable to: PYSEC-2021-93 / GHSA-q5hq-fp76-qmrc
⚠️
Warn: Project is vulnerable to: PYSEC-2021-138 / GHSA-rwv7-3v45-hg29
⚠️
Warn: Project is vulnerable to: PYSEC-2020-79 / GHSA-vj42-xq3r-hr3r
⚠️
Warn: Project is vulnerable to: PYSEC-2021-70 / GHSA-vqcj-wrf2-7v73
⚠️
Warn: Project is vulnerable to: PYSEC-2022-9 / GHSA-xrcv-f9gm-v42c
⚠️
Warn: Project is vulnerable to: PYSEC-2023-175