Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

PowerBI-JavaScript

JavaScript library for embedding Power BI into your apps. Check out the docs website and wiki for more information.

OpenSSF Scorecard report

7.4

Overall Score

10/10 Critical Risk
51/70 High Risk
20/30 Medium Risk
10/20 Low Risk
Generated on August 15, 2022 | Scorecard vv4.5.0-26-g10b6052
Security Checks
10/10
Binary-Artifacts
High Risk

no binaries found in the repo

Determines if the project has generated executable (binary) artifacts in the source repository.

10/10
Code-Review
High Risk

all last 30 commits are reviewed through GitHub

Determines if the project requires code review before pull requests (aka merge requests) are merged.

10/10
Dangerous-Workflow
Critical Risk

no dangerous workflow patterns detected

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10/10
License
Low Risk

license file detected

Determines if the project has defined a license.

Show details
ℹ️ Info: : LICENSE.txt:1
10/10
Pinned-Dependencies
Medium Risk

all dependencies are pinned

Determines if the project has declared and pinned its dependencies.

Show details
ℹ️ Info: GitHub-owned GitHubActions are pinned
ℹ️ Info: Third-party GitHubActions are pinned
ℹ️ Info: Dockerfile dependencies are pinned
ℹ️ Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
ℹ️ Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
10/10
Security-Policy
Medium Risk

security policy file detected

Determines if the project has published a security policy.

Show details
ℹ️ Info: security policy detected in current repo: SECURITY.md:1
10/10
Token-Permissions
High Risk

tokens are read-only in GitHub workflows

Determines if the project's workflows follow the principle of least privilege.

10/10
Vulnerabilities
High Risk

no vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

6/10
Branch-Protection
High Risk

branch protection is not maximal on development and all release branches

Determines if the default and release branches are protected with GitHub's branch protection settings.

Show details
ℹ️ Info: 'force pushes' disabled on branch 'master'
ℹ️ Info: 'allow deletion' disabled on branch 'master'
⚠️ Warn: no status checks found to merge onto branch 'master'
⚠️ Warn: number of required reviewers is only 1 on branch 'master'
5/10
Maintained
High Risk

6 commit(s) out of 30 and 0 issue activity out of 0 found in the last 90 days -- score normalized to 5

Determines if the project is "actively maintained".

0/10
CII-Best-Practices
Low Risk

no badge detected

Determines if the project has a CII Best Practices Badge.

0/10
Dependency-Update-Tool
High Risk

no update tool detected

Determines if the project uses a dependency update tool.

Show details
⚠️ Warn: dependabot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
⚠️ Warn: renovatebot config file not detected in source location. We recommend setting this configuration in code so it can be easily verified by others.
0/10
Fuzzing
Medium Risk

project is not fuzzed

Determines if the project uses fuzzing.

N/A
Packaging
Not Applicable

no published package detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub publishing workflow detected
N/A
Signed-Releases
Not Applicable

no releases found

Determines if the project cryptographically signs release artifacts.

Show details
⚠️ Warn: no GitHub releases found
Links
Repository Details
  • Stars 1,131
  • Forks 478
  • Open issues 74
  • License other
  • Language TypeScript
  • Size 34.7 MB
  • Created at over 10 years ago
  • Updated at about 1 month ago
  • Pushed at about 1 year ago
  • Last synced at 10 days ago
  • Dependencies parsed at Pending
Commit Stats