chore: add openapi-ts and hey-api/client-fetch #47
Conversation
Minder Vulnerability Report ✅Minder analyzed this PR and found it does not add any new vulnerable dependencies.
|
ghost
left a comment
ghost
left a comment
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: @hey-api/client-fetch
Trusty Score: 0
Alternatives
| Package | Score | Description |
|---|---|---|
| axios | 0 | |
| isomorphic-fetch | 0 |
📦 Dependency: @hey-api/json-schema-ref-parser
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.2 |
| Repository activity | 0.2 |
| User activity | 8.3 |
| Provenance | unknown |
📦 Dependency: @hey-api/openapi-ts
Trusty Score: 0
📦 Dependency: @jsdevtools/ono
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 4.6 |
| Repository activity | 2.8 |
| User activity | 6.3 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 7 |
| Number of git tags or releases | 59 |
| Versions matched to tags or releases | 6 |
📦 Dependency: c12
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 1.9 |
| Repository activity | 3.9 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 45 |
| Number of git tags or releases | 42 |
| Versions matched to tags or releases | 41 |
📦 Dependency: chokidar
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.2 |
| Repository activity | 6.5 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 110 |
| Number of git tags or releases | 103 |
| Versions matched to tags or releases | 96 |
📦 Dependency: chownr
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5 |
| Repository activity | 2.2 |
| User activity | 7.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 10 |
| Number of git tags or releases | 10 |
| Versions matched to tags or releases | 9 |
📦 Dependency: citty
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.5 |
| Repository activity | 4.4 |
| User activity | 8.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 10 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 7 |
📦 Dependency: commander
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.6 |
| Repository activity | 7.2 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 117 |
| Number of git tags or releases | 125 |
| Versions matched to tags or releases | 91 |
📦 Dependency: confbox
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.1 |
| Repository activity | 2.6 |
| User activity | 7.5 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 10 |
| Number of git tags or releases | 7 |
| Versions matched to tags or releases | 6 |
📦 Dependency: consola
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.8 |
| Repository activity | 5.9 |
| User activity | 9.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 90 |
| Number of git tags or releases | 90 |
| Versions matched to tags or releases | 83 |
Alternatives
| Package | Score | Description |
|---|---|---|
| chalk | 0 | |
| log-symbols | 0 |
📦 Dependency: defu
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.4 |
| Repository activity | 3.8 |
| User activity | 8.9 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 28 |
| Number of git tags or releases | 26 |
| Versions matched to tags or releases | 25 |
📦 Dependency: destr
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.1 |
| Repository activity | 3.6 |
| User activity | 8.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 22 |
| Number of git tags or releases | 20 |
| Versions matched to tags or releases | 20 |
Alternatives
| Package | Score | Description |
|---|---|---|
| flatted | 0 |
📦 Dependency: dotenv
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.8 |
| Repository activity | 6.4 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 88 |
| Number of git tags or releases | 80 |
| Versions matched to tags or releases | 77 |
Alternatives
| Package | Score | Description |
|---|---|---|
| dotenv-flow | 0 | |
| dotenv-safe | 0 |
📦 Dependency: fs-minipass
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.6 |
| Repository activity | 2.5 |
| User activity | 8.7 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 15 |
| Number of git tags or releases | 15 |
| Versions matched to tags or releases | 14 |
This package has been digitally signed using sigtore.
| Source repository | https://github.com/npm/fs-minipass |
| Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev |
| GitHub action workflow | .github/workflows/release.yml |
| Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=31256097 |
📦 Dependency: giget
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.6 |
| Repository activity | 4.2 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 22 |
| Number of git tags or releases | 20 |
| Versions matched to tags or releases | 20 |
📦 Dependency: handlebars
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.6 |
| Repository activity | 8 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 81 |
| Number of git tags or releases | 89 |
| Versions matched to tags or releases | 75 |
📦 Dependency: jiti
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.2 |
| Repository activity | 4.5 |
| User activity | 9.9 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 99 |
| Number of git tags or releases | 97 |
| Versions matched to tags or releases | 95 |
Alternatives
| Package | Score | Description |
|---|---|---|
| ts-node | 0 |
📦 Dependency: minimist
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 1.9 |
| Repository activity | 3.8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 30 |
| Number of git tags or releases | 30 |
| Versions matched to tags or releases | 29 |
Alternatives
| Package | Score | Description |
|---|---|---|
| argparse | 0 |
📦 Dependency: minipass
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.1 |
| Repository activity | 3 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 68 |
| Number of git tags or releases | 68 |
| Versions matched to tags or releases | 68 |
Alternatives
| Package | Score | Description |
|---|---|---|
| readable-stream | 0 | |
| through2 | 0 | |
| stream | 0 |
📦 Dependency: minizlib
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.2 |
| Repository activity | 2.4 |
| User activity | 8 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 20 |
| Number of git tags or releases | 20 |
| Versions matched to tags or releases | 19 |
📦 Dependency: mkdirp
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6 |
| Repository activity | 2.6 |
| User activity | 9.4 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 30 |
| Number of git tags or releases | 25 |
| Versions matched to tags or releases | 24 |
Alternatives
| Package | Score | Description |
|---|---|---|
| make-dir | 0 | |
| mkdirp-then | 0 |
📦 Dependency: mlly
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.8 |
| Repository activity | 4.2 |
| User activity | 9.3 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 78 |
| Number of git tags or releases | 75 |
| Versions matched to tags or releases | 75 |
📦 Dependency: neo-async
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.9 |
| Repository activity | 3.8 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 77 |
| Number of git tags or releases | 88 |
| Versions matched to tags or releases | 83 |
📦 Dependency: node-fetch-native
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.2 |
| Repository activity | 3.1 |
| User activity | 9.3 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 29 |
| Number of git tags or releases | 26 |
| Versions matched to tags or releases | 26 |
📦 Dependency: nypm
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 2 |
| Repository activity | 3.9 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 19 |
| Number of git tags or releases | 16 |
| Versions matched to tags or releases | 16 |
📦 Dependency: ohash
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 1.7 |
| Repository activity | 3.4 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 12 |
| Number of git tags or releases | 10 |
| Versions matched to tags or releases | 7 |
Alternatives
| Package | Score | Description |
|---|---|---|
| murmurhash-js | 0 | |
| murmurhash | 0 |
📦 Dependency: perfect-debounce
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.9 |
| Repository activity | 3.1 |
| User activity | 8.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 7 |
| Number of git tags or releases | 5 |
| Versions matched to tags or releases | 5 |
Alternatives
| Package | Score | Description |
|---|---|---|
| debounce | 0 | |
| throttle-debounce | 0 | |
| lodash.debounce | 0 |
📦 Dependency: pkg-types
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6 |
| Repository activity | 3.5 |
| User activity | 8.6 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 28 |
| Number of git tags or releases | 26 |
| Versions matched to tags or releases | 26 |
Alternatives
| Package | Score | Description |
|---|---|---|
| tsconfig-paths | 0 | |
| tsconfig-paths-webpack-plugin | 0 | |
| tsconfig | 0 |
📦 Dependency: rc9
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.7 |
| Repository activity | 3.2 |
| User activity | 8.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 20 |
| Number of git tags or releases | 18 |
| Versions matched to tags or releases | 10 |
Alternatives
| Package | Score | Description |
|---|---|---|
| config | 0 |
📦 Dependency: readdirp
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.5 |
| Repository activity | 3.9 |
| User activity | 9.1 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 43 |
| Number of git tags or releases | 42 |
| Versions matched to tags or releases | 38 |
This package has been digitally signed using sigtore.
| Source repository | https://github.com/paulmillr/readdirp |
| Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev |
| GitHub action workflow | .github/workflows/publish-npm.yml |
| Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=136506020 |
📦 Dependency: source-map
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.2 |
| Repository activity | 6.3 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 62 |
| Number of git tags or releases | 43 |
| Versions matched to tags or releases | 43 |
📦 Dependency: tar
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.2 |
| Repository activity | 5.1 |
| User activity | 9.3 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 121 |
| Number of git tags or releases | 101 |
| Versions matched to tags or releases | 100 |
📦 Dependency: typescript
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 10 |
| Repository activity | 10 |
| User activity | 10 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 3256 |
| Number of git tags or releases | 238 |
| Versions matched to tags or releases | 75 |
📦 Dependency: ufo
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 6.8 |
| Repository activity | 4.3 |
| User activity | 9.2 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 57 |
| Number of git tags or releases | 67 |
| Versions matched to tags or releases | 49 |
📦 Dependency: uglify-js
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 8.3 |
| Repository activity | 7.3 |
| User activity | 9.4 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 288 |
| Number of git tags or releases | 105 |
| Versions matched to tags or releases | 99 |
📦 Dependency: wordwrap
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Provenance | unknown |
📦 Dependency: yallist
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.1 |
| Repository activity | 2.5 |
| User activity | 7.7 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 16 |
| Number of git tags or releases | 16 |
| Versions matched to tags or releases | 16 |
Alternatives
| Package | Score | Description |
|---|---|---|
| linked-list | 0 |
Pull Request Test Coverage Report for Build 12715085689Details
💛 - Coveralls |
aponcedeleonch
left a comment
aponcedeleonch
left a comment
There was a problem hiding this comment.
I think it makes sense.
As a second step I think we should modify the GH action in codegate repo to also post a PR when the openapi.json changes. Either that or make this repo to always take as reference the one in codegate repo (I don't know if that's possible). But basically, have a single source of truth. I'm assuming that right now you copy-pasted from the one generated in codegate.
Autogenerate types from codegate openapi.json with
openapi-ts.Create fetch client wrapper with
hey-api/client-fetch