Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

elixirscript

Converts Elixir to JavaScript

OpenSSF Scorecard report

2.5

Overall Score

12/60 High Risk
10/30 Medium Risk
10/20 Low Risk
Generated on August 11, 2025 | Scorecard vv5.2.1-40-gf6ed084d
Security Checks
10/10
Binary-Artifacts
High Risk

no binaries found in the repo

Determines if the project has generated executable (binary) artifacts in the source repository.

10/10
Fuzzing
Medium Risk

project is fuzzed

Determines if the project uses fuzzing.

Show details
ℹ️ Info: ElixirPropertyBasedTesting integration found: test/passes/translate/form_test.exs:6
ℹ️ Info: ElixirPropertyBasedTesting integration found: test/passes/translate/forms/map_test.exs:5
10/10
License
Low Risk

license file detected

Determines if the project has defined a license.

Show details
ℹ️ Info: project has a license file: LICENSE:0
ℹ️ Info: FSF or OSI recognized license: MIT License: LICENSE:0
2/10
Code-Review
High Risk

Found 2/7 approved changesets -- score normalized to 2

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0/10
Branch-Protection
High Risk

branch protection not enabled on development/release branches

Determines if the default and release branches are protected with GitHub's branch protection settings.

Show details
⚠️ Warn: branch protection not enabled for branch 'master'
0/10
CII-Best-Practices
Low Risk

no effort to earn an OpenSSF best practices badge detected

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0/10
Maintained
High Risk

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Determines if the project is "actively maintained".

0/10
SAST
Medium Risk

SAST tool is not run on all commits -- score normalized to 0

Determines if the project uses static code analysis.

Show details
⚠️ Warn: 0 commits out of 27 are checked with a SAST tool
0/10
Security-Policy
Medium Risk

security policy file not detected

Determines if the project has published a security policy.

Show details
⚠️ Warn: no security policy file detected
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
0/10
Signed-Releases
High Risk

Project has not signed or included provenance with any releases.

Determines if the project cryptographically signs release artifacts.

Show details
⚠️ Warn: release artifact v0.27.0 not signed: https://api.github.com/repos/elixirscript/elixirscript/releases/5789141
⚠️ Warn: release artifact v0.26.1 not signed: https://api.github.com/repos/elixirscript/elixirscript/releases/5589223
⚠️ Warn: release artifact v0.26.0 not signed: https://api.github.com/repos/elixirscript/elixirscript/releases/5581455
⚠️ Warn: release artifact v0.27.0 does not have provenance: https://api.github.com/repos/elixirscript/elixirscript/releases/5789141
⚠️ Warn: release artifact v0.26.1 does not have provenance: https://api.github.com/repos/elixirscript/elixirscript/releases/5589223
⚠️ Warn: release artifact v0.26.0 does not have provenance: https://api.github.com/repos/elixirscript/elixirscript/releases/5581455
0/10
Vulnerabilities
High Risk

43 existing vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

Show details
⚠️ Warn: Project is vulnerable to: GHSA-vq52-99r9-h5pw
⚠️ Warn: Project is vulnerable to: GHSA-9fm9-hp7p-53mf
⚠️ Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
⚠️ Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
⚠️ Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
⚠️ Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
⚠️ Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
⚠️ Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
⚠️ Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
⚠️ Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
⚠️ Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
⚠️ Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
⚠️ Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
⚠️ Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
⚠️ Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
⚠️ Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
⚠️ Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
⚠️ Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
⚠️ Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
⚠️ Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
⚠️ Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
⚠️ Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
⚠️ Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
⚠️ Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
⚠️ Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
⚠️ Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
⚠️ Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
⚠️ Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
⚠️ Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
⚠️ Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
⚠️ Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
⚠️ Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
⚠️ Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
⚠️ Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
⚠️ Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
⚠️ Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
⚠️ Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
⚠️ Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
⚠️ Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6
⚠️ Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
⚠️ Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
⚠️ Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
⚠️ Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
N/A
Dangerous-Workflow
Not Applicable

no workflows found

Determines if the project's GitHub Action workflows avoid dangerous patterns.

N/A
Packaging
Not Applicable

packaging workflow not detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub/GitLab publishing workflow detected.
N/A
Pinned-Dependencies
Not Applicable

no dependencies found

Determines if the project has declared and pinned the dependencies of its build process.

N/A
Token-Permissions
Not Applicable

No tokens found

Determines if the project's workflows follow the principle of least privilege.

Links
Repository Details
  • Stars 1,567
  • Forks 68
  • Open issues 19
  • License mit
  • Language Elixir
  • Size 3.62 MB
  • Created at about 11 years ago
  • Updated at 4 months ago
  • Pushed at over 6 years ago
  • Last synced at 3 months ago
  • Dependencies parsed at Pending
Topics
compiler, elixir, javascript, transpiler