{"id":9698625,"name":"@stencila/plugin","ecosystem":"npm","description":"Build Stencila Plugins using Node.js","homepage":"https://github.com/stencila/stencila/tree/main/node/stencila-plugin#readme","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/stencila/stencila","keywords_array":["node","plugin","programmable","executable","reproducible","interactive","documents"],"namespace":"stencila","versions_count":1,"first_release_published_at":"2024-04-09T08:21:18.807Z","latest_release_published_at":"2024-04-09T08:21:18.807Z","latest_release_number":"2.0.0-alpha.1","last_synced_at":"2026-03-28T15:21:41.931Z","created_at":"2024-04-10T02:55:01.893Z","updated_at":"2026-03-28T15:21:41.931Z","registry_url":"https://www.npmjs.com/package/@stencila/plugin","install_command":"npm install @stencila/plugin","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"2.0.0-alpha.1"}},"repo_metadata":{"id":3449786,"uuid":"4503128","full_name":"stencila/stencila","owner":"stencila","description":"Documents with Scientific Intelligence","archived":false,"fork":false,"pushed_at":"2025-10-28T11:14:42.000Z","size":292826,"stargazers_count":844,"open_issues_count":120,"forks_count":52,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-10-28T13:14:27.311Z","etag":null,"topics":["document","executable","programmable"],"latest_commit_sha":null,"homepage":"https://stencila.io","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stencila.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2012-05-31T02:43:31.000Z","updated_at":"2025-10-27T09:49:13.000Z","dependencies_parsed_at":"2023-11-12T01:31:57.763Z","dependency_job_id":"e855c78d-1816-4a5b-9840-a75df117dbbd","html_url":"https://github.com/stencila/stencila","commit_stats":{"total_commits":13728,"total_committers":47,"mean_commits":292.0851063829787,"dds":"0.32918123543123545","last_synced_commit":"b793e86b2a41b10754e52a6ed9bf613cc3ab9b86"},"previous_names":[],"tags_count":333,"template":false,"template_full_name":null,"purl":"pkg:github/stencila/stencila","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stencila%2Fstencila","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stencila%2Fstencila/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stencila%2Fstencila/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stencila%2Fstencila/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stencila","download_url":"https://codeload.github.com/stencila/stencila/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stencila%2Fstencila/sbom","scorecard":{"id":851100,"data":{"date":"2025-08-11","repo":{"name":"github.com/stencila/stencila","commit":"6f15ef04a2efa7e6ff9fc79631a4191445c7d1c3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-cli.yml:182","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/release-cli.yml:183","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-cli.yml:43","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-cli.yml:91","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-cli.yml:135","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-npm.yml:92","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-npm.yml:127","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/release-npm.yml:186","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/release-python.yml:211","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/version.yml:14","Warn: no topLevel permission defined: .github/workflows/deploy-ghost-theme.yml:1","Warn: no topLevel permission defined: .github/workflows/install-cli.yml:1","Warn: no topLevel permission defined: .github/workflows/install-npm.yml:1","Warn: no topLevel permission defined: .github/workflows/install-python.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-workspace.yml:1","Warn: no topLevel permission defined: .github/workflows/release-cli.yml:1","Warn: no topLevel permission defined: .github/workflows/release-npm.yml:1","Warn: no topLevel permission defined: .github/workflows/release-python.yml:1","Warn: no topLevel permission defined: .github/workflows/release-vsix.yml:1","Warn: no topLevel permission defined: .github/workflows/release-web.yml:1","Warn: no topLevel permission defined: .github/workflows/test-rust.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Warn: no topLevel permission defined: .github/workflows/version.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.5.1 not signed: https://api.github.com/repos/stencila/stencila/releases/235488896","Warn: release artifact v2.5.0 not signed: https://api.github.com/repos/stencila/stencila/releases/233797328","Warn: release artifact v2.4.1 not signed: https://api.github.com/repos/stencila/stencila/releases/228230197","Warn: release artifact v2.4.0 not signed: https://api.github.com/repos/stencila/stencila/releases/227919111","Warn: release artifact v2.3.0 not signed: https://api.github.com/repos/stencila/stencila/releases/226923515","Warn: release artifact v2.5.1 does not have provenance: https://api.github.com/repos/stencila/stencila/releases/235488896","Warn: release artifact v2.5.0 does not have provenance: https://api.github.com/repos/stencila/stencila/releases/233797328","Warn: release artifact v2.4.1 does not have provenance: https://api.github.com/repos/stencila/stencila/releases/228230197","Warn: release artifact v2.4.0 does not have provenance: https://api.github.com/repos/stencila/stencila/releases/227919111","Warn: release artifact v2.3.0 does not have provenance: https://api.github.com/repos/stencila/stencila/releases/226923515"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-cli.yml:130"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-ghost-theme.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/deploy-ghost-theme.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-ghost-theme.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/deploy-ghost-theme.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-ghost-theme.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/deploy-ghost-theme.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-npm.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/install-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-npm.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/install-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-npm.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/install-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-python.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/install-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-workspace.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/publish-workspace.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-workspace.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/publish-workspace.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-npm.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-npm.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-npm.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-python.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-python.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vsix.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-vsix.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-web.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-web.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-web.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-web.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-web.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/release-web.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-rust.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test-rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-rust.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test-rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-rust.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test-rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-rust.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test-rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-rust.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test-rust.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:239: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/stencila/stencila/version.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:3","Warn: containerImage not pinned by hash: Dockerfile:17","Warn: containerImage not pinned by hash: Dockerfile:33: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: vscode/Dockerfile:4: pin your Docker image by updating gitpod/openvscode-server:latest to gitpod/openvscode-server:latest@sha256:ac58b38d433e73d102886a574543cbba9409119b180448b54b3cf5b90fc5e56d","Warn: containerImage not pinned by hash: web/Dockerfile:1: pin your Docker image by updating node:latest to node:latest@sha256:d2b6b5aedb5b729f68ee1129e0f5a5d4713d93f82448249e82241876d8e8d86e","Warn: containerImage not pinned by hash: workspace/Dockerfile:1: pin your Docker image by updating gitpod/openvscode-server:1.97.2 to gitpod/openvscode-server:1.97.2@sha256:24fc57f57707be7c46f6d8b0c2769ce5e0ac2844bb2d1b2e587cb7fccddbc47c","Warn: npmCommand not pinned by hash: web/Dockerfile:20","Warn: downloadThenRun not pinned by hash: workspace/Dockerfile:49","Warn: downloadThenRun not pinned by hash: workspace/Dockerfile:52","Warn: npmCommand not pinned by hash: scripts/bump-npm-versions.sh:57","Warn: npmCommand not pinned by hash: scripts/bump-vscode-version.sh:23","Warn: downloadThenRun not pinned by hash: .github/workflows/install-cli.yml:38","Warn: npmCommand not pinned by hash: .github/workflows/install-npm.yml:34","Warn: npmCommand not pinned by hash: .github/workflows/install-npm.yml:55","Warn: npmCommand not pinned by hash: .github/workflows/install-npm.yml:82","Warn: pipCommand not pinned by hash: .github/workflows/install-python.yml:47","Warn: npmCommand not pinned by hash: .github/workflows/release-npm.yml:151","Warn: chocoCommand not pinned by hash: .github/workflows/test-rust.yml:69","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:103","Info:   0 out of  54 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  32 third-party GitHubAction dependencies pinned","Info:   0 out of   6 containerImage dependencies pinned","Info:   2 out of   9 npmCommand dependencies pinned","Info:   0 out of   3 downloadThenRun dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned","Info:   0 out of   1 chocoCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"33 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2025-0012","Warn: Project is vulnerable to: GHSA-pg9f-39pc-qf8g","Warn: Project is vulnerable to: RUSTSEC-2025-0024","Warn: Project is vulnerable to: RUSTSEC-2024-0388","Warn: Project is vulnerable to: GHSA-8655-xgh5-5vvq","Warn: Project is vulnerable to: GHSA-x8jh-xj3x-gx3c","Warn: Project is vulnerable to: RUSTSEC-2024-0379","Warn: Project is vulnerable to: RUSTSEC-2025-0003","Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2020-0140 / GHSA-mxv6-q98x-h958","Warn: Project is vulnerable to: RUSTSEC-2025-0004 / GHSA-rpmj-rpgj-qmpm","Warn: Project is vulnerable to: GHSA-4fcv-w3qc-ppgg","Warn: Project is vulnerable to: RUSTSEC-2025-0022","Warn: Project is vulnerable to: RUSTSEC-2024-0436","Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6","Warn: Project is vulnerable to: RUSTSEC-2025-0009","Warn: Project is vulnerable to: GHSA-c86p-w88r-qvqr","Warn: Project is vulnerable to: RUSTSEC-2024-0320","Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr","Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T22:35:05.649Z","repository_id":3449786,"created_at":"2025-08-23T22:35:05.649Z","updated_at":"2025-08-23T22:35:05.649Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281520721,"owners_count":26515681,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-28T02:00:06.022Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"stencila","name":"Stencila","uuid":"732692","kind":"organization","description":"","email":"hello@stenci.la","website":"https://stencila.io","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/732692?v=4","repositories_count":50,"last_synced_at":"2024-04-14T06:17:13.015Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/stencila","funding_links":[],"total_stars":1295,"followers":20,"following":0,"created_at":"2022-11-03T20:20:14.984Z","updated_at":"2024-04-14T06:17:24.855Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stencila","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stencila/repositories"},"tags":[]},"repo_metadata_updated_at":"2025-10-28T22:06:40.218Z","dependent_packages_count":0,"downloads":1,"downloads_period":"last-month","dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":30.69483073865788,"dependent_packages_count":43.99031119816588,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":37.34257096841188},"purl":"pkg:npm/%40stencila/plugin","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/@stencila/plugin","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/npm/@stencila/plugin","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/@stencila/plugin/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-22T08:12:51.181Z","issues_count":346,"pull_requests_count":1224,"avg_time_to_close_issue":12225202.38034188,"avg_time_to_close_pull_request":996064.9339449541,"issues_closed_count":234,"pull_requests_closed_count":1087,"pull_request_authors_count":18,"issue_authors_count":22,"avg_comments_per_issue":0.976878612716763,"avg_comments_per_pull_request":0.45016339869281047,"merged_pull_requests_count":382,"bot_issues_count":5,"bot_pull_requests_count":789,"past_year_issues_count":100,"past_year_pull_requests_count":304,"past_year_avg_time_to_close_issue":918005.9347826086,"past_year_avg_time_to_close_pull_request":868930.6755555555,"past_year_issues_closed_count":46,"past_year_pull_requests_closed_count":223,"past_year_pull_request_authors_count":8,"past_year_issue_authors_count":9,"past_year_avg_comments_per_issue":0.91,"past_year_avg_comments_per_pull_request":0.6381578947368421,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":148,"past_year_merged_pull_requests_count":114,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/stencila%2Fstencila/issues","maintainers":[{"login":"nokome","count":309,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nokome"},{"login":"mike-parkin","count":159,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mike-parkin"},{"login":"simonwinter","count":77,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/simonwinter"},{"login":"brettc","count":42,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/brettc"},{"login":"jduckles","count":37,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jduckles"},{"login":"mduckles","count":29,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mduckles"},{"login":"kusalekanayake","count":14,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kusalekanayake"},{"login":"vijay-prema","count":12,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/vijay-prema"},{"login":"GusEllerm","count":9,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/GusEllerm"},{"login":"ignatiusm","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ignatiusm"},{"login":"timClicks","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/timClicks"},{"login":"hlm628","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/hlm628"}],"active_maintainers":[{"login":"nokome","count":91,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nokome"},{"login":"mike-parkin","count":50,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mike-parkin"},{"login":"jduckles","count":37,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jduckles"},{"login":"mduckles","count":29,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mduckles"},{"login":"GusEllerm","count":9,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/GusEllerm"},{"login":"kusalekanayake","count":8,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kusalekanayake"},{"login":"brettc","count":6,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/brettc"},{"login":"timClicks","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/timClicks"},{"login":"ignatiusm","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ignatiusm"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@stencila%2Fplugin/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@stencila%2Fplugin/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@stencila%2Fplugin/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@stencila%2Fplugin/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@stencila%2Fplugin/codemeta","maintainers":[{"uuid":"ketch","login":"ketch","name":null,"email":"alex@ketch.me","url":null,"packages_count":40,"html_url":"https://www.npmjs.com/~ketch","role":null,"created_at":"2024-04-10T04:40:07.677Z","updated_at":"2024-04-10T04:40:07.677Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/ketch/packages"},{"uuid":"stencila-ci","login":"stencila-ci","name":null,"email":"ci@stenci.la","url":null,"packages_count":33,"html_url":"https://www.npmjs.com/~stencila-ci","role":null,"created_at":"2024-04-10T04:40:07.611Z","updated_at":"2024-04-10T04:40:07.611Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/stencila-ci/packages"},{"uuid":"nokome","login":"nokome","name":null,"email":"me@noko.me","url":null,"packages_count":43,"html_url":"https://www.npmjs.com/~nokome","role":null,"created_at":"2024-04-10T04:40:07.554Z","updated_at":"2024-04-10T04:40:07.554Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/nokome/packages"}]}