Pkg
Stats

npm package discovery and stats viewer.

Discover Tips

General search
[free text search, go nuts!]
Package details
pkg:[package-name]
User packages
@[username]

Sponsor

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Twitter
@PkgStats
GitHub
pkgstats
Twitter
@ryanhefner
GitHub
ryanhefner
Site
ryanhefner.com

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

Framework
react / react-dom
Server
next / express / next-routes
Data Store
redux / react-redux / next-redux-wrapper / redux-thunk / redux-logger
Caching
lru-cache
CSS / Styling
next-page-transitions / styled-components
Typeface
@ibm/plex
Avatars
gravatar
Data Viz
chart.js / react-sparklines
Date formatting
dayjs
Infinite scrolling
react-scroll-trigger
Markdown rendering
react-markdown
Repository url parsing
hosted-git-info
User data
npm-user
Compiling
babel-plugin-module-resolver / babel-plugin-styled-components
Types
prop-types
Odds & Ends
es6-promise / isomorphic-fetch

© 2024 – Pkg Stats / Ryan Hefner

@taktikorg/minus-nam

v6.6.85

Published

10 days ago

[![NPM version](https://img.shields.io/npm/v/@taktikorg/minus-nam.svg?style=flat)](https://npmjs.org/package/@taktikorg/minus-nam)

Downloads

1,655

0High
0Medium
0Low

es2015 getintrinsic express js String.prototype.trim file system https typesafe optimist moment flat elm runtime match aws workflow ES ECMAScript 3 URL predictable ES2015 environments Function.prototype.name yup bootstrap css callbind encryption fastclone linux node ECMAScript 6 styled-components from less compiler es-shims Float32Array includes columns every expression function process set rgb command-line directory byte events helper fps tslib contains flag idle nested css fastify redirect replay persistent styling find nope Array.prototype.contains callback status datastructure dynamodb gitignore writable libphonenumber Array.prototype.flatten column readablestream color fp password collection.es6 qs quote mobile reuse bdd iterator service group argv art symlink validator Symbol.toStringTag matchAll fullwidth touch property ec2 toolkit StyleSheet define cloudsearch flags vars extra cloudfront curl preprocessor Uint16Array lesscss browserlist regexp is pretty chinese findLast Int16Array modules ECMAScript 7 fast-copy gradients css3 es7 a11y multi-package RegExp.prototype.flags buffers spawn extend elasticache args signed syntaxerror dom espree has performant iteration deep-copy signal mkdirs defineProperty dir typedarrays last config which json-schema-validation http performance zero immer Int32Array private data utils forms windows util.inspect hookform isConcatSpreadable streams getPrototypeOf ES8 bcrypt toStringTag text functional safe dependency manager pyyaml core-js gradients css style mocking Object.fromEntries Underscore queue ArrayBuffer let term deep validation serialization vpc ECMAScript 2018 chai in dotenv transpile TypedArray fork live spinners key authentication react-component ebs client ArrayBuffer.prototype.slice Int8Array ReactiveExtensions installer structuredClone mock Streams symlinks RegExp#flags progress circular exec console toobject bundler typeerror ascii iam crypt colour clone Observable WeakSet error wget lockfile ecmascript drop setPrototypeOf argument listeners arraybuffer dom-testing-library lint equality less mixins simpledb dataview curried glacier xterm hardlinks findLastIndex trimRight irq recursive yaml l10n Object.getPrototypeOf autoscaling glob japanese react acorn HyBi css variable apollo Object.defineProperty type serializer file styles command es6 shared value typed array east-asian-width valid ECMAScript 2017 sigterm array preserve-symlinks warning tc39 RxJS symbols Push ECMAScript 5 scheme-validation regular css-in-js byteLength workspace:*arktype korean package manager Object.keys beanstalk input compile less Object.is symbol AsyncIterator sqs react pose settings efficient [[Prototype]]pose colors trimEnd TypeScript ie ts get typeof less ES2019 operating-system shebang tools flatMap browser interrupts option remove es2016 write environment scheme hasOwn delete starter Object.assign transpiler es2018 effect-ts terminal javascript ECMAScript 2021 ES2020 obj ECMAScript 2020 ECMAScript 2019 negative negative zero wait ender _.extend @@toStringTag string read protocol-buffers form tty fetch log variables in css joi -0 front-end fast-clone shim generics jsonschema drag getter minimal stable logger elb YAML upload has-own codes es-shim API Object.values computed-types deterministic kinesis Uint32Array query json endpoint coercible es8 binaries __proto__types asterisks robust figlet route globals logging .gitignore uninstall eslint-plugin const typed module cjk json-schema weakset ES2021 Observables forEach assertion global object flatten walk telephone spec groupBy toArray ECMAScript 2016 indicator data json-schema-validator deepclone tester bundling Iterator polyfill take ES5 invariant es-abstract setImmediate stateless subprocess ReactiveX TypeBox setter utility three consume getopt ES2016 mapreduce validate promise flux form-validation graphql Reflect.getPrototypeOf keys awesomesauce resolve state collection mru self popmotion regular expression request toSorted chrome internal Object full unicode concat crypto callbound concatMap waapi pino hasOwnProperty BigInt64Array byteOffset babel swf loadbalancing stringifier ESnext rangeerror shrinkwrap move output ramda openssl visual 6to5 native formatting electron shell emit superagent ECMAScript 2022 var inspect make hooks stringify omit global this value full-width error-handling async postcss css nesting react-testing-library proto RFC-6455 npm styleguide back-end configurable fastcopy patch descriptor autoprefixer 3d certificates ES7 less css io-ts URLSearchParams fnmatch Array.prototype.flat stream amazon deep-clone i18n functions location object transport jwt Array.prototype.findLast env fixed-width ses sham css less pipe System.global redux-toolkit names worker macos fantasy-land handler storagegateway higher-order class-validator escape values slice syntax buffer agent pnpm9 tostringtag mkdir descriptors Symbol call Array.prototype.filter Microsoft ast utilities matches ajax JSON import cloudformation ES2022 css intrinsic exit-code globalThis private queueMicrotask WeakMap sequence BigUint64Array enumerable spring querystring side s3 once jQuery parser arrays require number real-time ES3 diff mkdirp ES2023 copy package.json Rx handlers commander xhr superstruct react-hooks airbnb reduce cloudwatch time CSSStyleDeclaration internal slot accessor lazy channel 256 create typanion bootstrap less typescript helpers sorted react animation function.length description picomatch plugin hot signals es link es5 bind rules point-free classnames traverse

@taktikorg/minus-nam

ESLint rules for Node Security

This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.

Installation

npm install --save-dev @taktikorg/minus-nam

or

yarn add --dev @taktikorg/minus-nam

Usage

Flat config (requires eslint >= v8.23.0)

Add the following to your eslint.config.js file:

const pluginSecurity = require('@taktikorg/minus-nam');

module.exports = [pluginSecurity.configs.recommended];

eslintrc config (deprecated)

Add the following to your .eslintrc file:

module.exports = {
  extends: ['plugin:security/recommended-legacy'],
};

Developer guide

Use GitHub pull requests.
Conventions:
We use our custom ESLint setup.
Please implement a test for each new rule and use this command to be sure the new code respects the style guide and the tests keep passing:

npm run-script cont-int

Tests

npm test

Rules

⚠️ Configurations set to warn in.
✅ Set in the recommended configuration.

| Name | Description | ⚠️ | | :------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------- | :-- | | detect-bidi-characters | Detects trojan source attacks that employ unicode bidi attacks to inject malicious code. | ✅ | | detect-buffer-noassert | Detects calls to "buffer" with "noAssert" flag set. | ✅ | | detect-child-process | Detects instances of "child_process" & non-literal "exec()" calls. | ✅ | | detect-disable-mustache-escape | Detects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities. | ✅ | | detect-eval-with-expression | Detects "eval(variable)" which can allow an attacker to run arbitrary code inside your process. | ✅ | | detect-new-buffer | Detects instances of new Buffer(argument) where argument is any non-literal value. | ✅ | | detect-no-csrf-before-method-override | Detects Express "csrf" middleware setup before "method-override" middleware. | ✅ | | detect-non-literal-fs-filename | Detects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system. | ✅ | | detect-non-literal-regexp | Detects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression. | ✅ | | detect-non-literal-require | Detects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk. | ✅ | | detect-object-injection | Detects "variable[key]" as a left- or right-hand assignment operand. | ✅ | | detect-possible-timing-attacks | Detects insecure comparisons (==, !=, !== and ===), which check input sequentially. | ✅ | | detect-pseudoRandomBytes | Detects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect. | ✅ | | detect-unsafe-regex | Detects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop. | ✅ |

TypeScript support

Type definitions for this package are managed by DefinitelyTyped. Use @types/@taktikorg/minus-nam for type checking.

npm install --save-dev @types/@taktikorg/minus-nam

# OR

yarn add --dev @types/@taktikorg/minus-nam