{"id":19999696,"url":"https://github.com/novicell/frontend-packages","last_synced_at":"2025-10-09T10:38:44.854Z","repository":{"id":37452333,"uuid":"220945293","full_name":"Novicell/frontend-packages","owner":"Novicell","description":null,"archived":false,"fork":false,"pushed_at":"2023-01-09T04:27:54.000Z","size":9333,"stargazers_count":0,"open_issues_count":58,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-10-08T18:55:21.932Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Novicell.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-11T09:27:16.000Z","updated_at":"2022-06-22T09:17:20.000Z","dependencies_parsed_at":"2023-02-08T08:46:37.877Z","dependency_job_id":null,"html_url":"https://github.com/Novicell/frontend-packages","commit_stats":null,"previous_names":[],"tags_count":107,"template":false,"template_full_name":null,"purl":"pkg:github/Novicell/frontend-packages","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Novicell%2Ffrontend-packages","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Novicell%2Ffrontend-packages/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Novicell%2Ffrontend-packages/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Novicell%2Ffrontend-packages/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Novicell","download_url":"https://codeload.github.com/Novicell/frontend-packages/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Novicell%2Ffrontend-packages/sbom","scorecard":{"id":102913,"data":{"date":"2025-08-11","repo":{"name":"github.com/Novicell/frontend-packages","commit":"62aacd2c6cd1394133a91e87ea2bb01c7fe848b6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.2,"checks":[{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/azure-static-web-apps-delightful-river-070d8ba03.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/azure-static-web-apps-delightful-river-070d8ba03.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Novicell/frontend-packages/azure-static-web-apps-delightful-river-070d8ba03.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-static-web-apps-delightful-river-070d8ba03.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Novicell/frontend-packages/azure-static-web-apps-delightful-river-070d8ba03.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/azure-static-web-apps-delightful-river-070d8ba03.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/Novicell/frontend-packages/azure-static-web-apps-delightful-river-070d8ba03.yml/master?enable=pin","Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"179 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-j5g3-5c8r-7qfx","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2","Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p","Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-8jmw-wjr8-2x66","Warn: Project is vulnerable to: GHSA-m744-2jj8-vpfv","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h","Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr","Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9","Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4","Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj","Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2","Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-v39p-96qg-c8rf","Warn: Project is vulnerable to: GHSA-8v63-cqqc-6r2c","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-8g77-54rh-46hx","Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4","Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653","Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj","Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67","Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w","Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2","Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3","Warn: Project is vulnerable to: GHSA-gj77-59wh-66hg","Warn: Project is vulnerable to: GHSA-hqhp-5p83-hx96","Warn: Project is vulnerable to: GHSA-3949-f494-cm99","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-p493-635q-r6gr","Warn: Project is vulnerable to: GHSA-3965-hpx2-q597","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx","Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq","Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548","Warn: Project is vulnerable to: GHSA-p3hc-fv2j-rp68","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7","Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc","Warn: Project is vulnerable to: GHSA-rqff-837h-mm52","Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2","Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j","Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872","Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx","Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp","Warn: Project is vulnerable to: GHSA-mpwj-fcr6-x34c","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-vp56-6g26-6827","Warn: Project is vulnerable to: GHSA-vf6r-87q4-2vjf","Warn: Project is vulnerable to: GHSA-3cvr-822r-rqcc","Warn: Project is vulnerable to: GHSA-q768-x9m6-m9qp","Warn: Project is vulnerable to: GHSA-8qr4-xgw6-wmr3","Warn: Project is vulnerable to: GHSA-f772-66g8-q5h3","Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff","Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w","Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-mv48-hcvh-8jj8","Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67","Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw","Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g","Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3","Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx","Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6","Warn: Project is vulnerable to: GHSA-x574-m823-4x7w","Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8","Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x","Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4","Warn: Project is vulnerable to: GHSA-859w-5945-r5v3","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T10:33:03.513Z","repository_id":37452333,"created_at":"2025-08-15T10:33:03.513Z","updated_at":"2025-08-15T10:33:03.513Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001273,"owners_count":26083040,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T05:12:31.330Z","updated_at":"2025-10-09T10:38:44.826Z","avatar_url":"https://github.com/Novicell.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Novicell Frontend Packages\nThe official lerna docs can be found [here](https://github.com/lerna/lerna \"lerna Github\") for an overview over the different commands. If you don't like reading, we have a few quickstart videos that cover the most essential parts of this README:\n1. [Overview](https://web.microsoftstream.com/video/ae174148-66d5-4761-95c7-1cdaeac2537b)\n2. [Creating packages \u0026 adding dependencies](https://web.microsoftstream.com/video/54a2ce35-a60c-4765-9edf-2f9abcf613a1)\n3. [Commands and troubleshooting](https://web.microsoftstream.com/video/c09c6486-1542-4b82-861c-a6ced847335d)\n4. [Committing, versioning, \u0026 publishing](https://web.microsoftstream.com/video/535ee892-2045-4f92-963f-e6192e2755f7)\n\n## Creating a package\nCreate a new package with:\n```bash\n\u003e lerna create\n```\nor more commonly by copying another package and appropriating the package.json.\n\n## package.json\nAll package's `package.json` should have at least the following props:\n```json\n\"name\"\n\"files\"\n\"main\"\n\"private\"\n```\n### name\nShould be scoped with the prefix `@novicell/`, e.g.: `@novicell/css-utils`. This is the name of the package on NPM and the name used to install and import the package. The first part of the package's name should also reflect what type of package this is followed by a hyphen: `@novicell/{type}-{name}`. For example:\n\nVue components\n```json\n\"name\": \"@novicell/vue-breadcrumb\"\n```\n\nCss packages\n```json\n\"name\": \"@novicell/css-utils\"\n```\n\nNon-distributed styling for components\n```json\n\"private\": true,\n\"name\": \"@novicell/styles-breadcrumb\"\n```\n\n### files\nShould be set to an array specifying the directories and/or files to distribute with your package (without this specified, all of the source code will be packaged). Use the `dist` folder for this. If you need to package source code for the user to compile themselves, you can optionally put it in the `dist/src` folder, if you want to separate the built files and source files.\n\n### main\nThis is the entrypoint to your package, i.e. the file that is fetched when the package is imported. This file will be located somewhere in your `dist` folder, e.g.: `\"main\": \"dist/all.css\"`.\n### private\nDefaults to `false`. Set this property to `true` if you only have internal dependencies of this package, and it does not need to be published to NPM.\n\n## Checking a package\nTo make sure that the `package.json` is formatted correctly and that the recommended / required setup is present, you can run `/repoScripts/check-package`. This script will distinguish between obligatory and optional properties on the package.json etc, e.g. is `\"name\"` prefixed with the `@novicell/` scope (obligatory) and does the package have stories / tests (optional, but recommended).\n\nThe script is called with `node` (from anywhere) or `npm run check-package` (from the repo root scope), and the path to the package as the only argument. Example:\n\n`/`\n```bash\n\u003e node repoScripts/check-package packages/vue/breadcrumb\n```\nor from anywhere outside of a sub-package's scope:\n\n`/`\n```bash\n\u003e npm run check-package -- packages/vue/breadcrumb\n```\n\nThis script should be updated to reflect our standards for different types of packages whenever we add new types of content to this monorepo.\n\n## Scripts\nTo make sure we can run commands on all packages at the same time with `lerna run \u003cscript\u003e` we have a convention for naming important scripts inside `package.json`.\n\n```json\n\"wipe\"\n\"build\"\n\"lint\"\n\"test\"\n\"prepublishOnly\"\n```\n\n### wipe\nDeletes the `dist` folder. Should not be confused with `lerna clean` which deletes `node_modules`.\n\n### build\nShould call whichever commands are required to generate publish-ready code in the `dist` folder. The exception to this rule is if the package is a storybook, which should only be rebuilt on publish.\n\n### lint\nShould be the script to lint and/or fix code errors.\n\n### test\nShould be used to run the packages' tests.\n\n### prepublishOnly\nShould run your `build` command (`npm run build`). This command is run automatically when publishing packages with lerna, removing the necessity for building every package manually before publishing.\n\n### Shared scripts\nTo be able to run shared scripts **you are required to have bash installed on your system and available in your `PATH` variable.**\n\nWhen the same script is used in several places, we migrate them to a `scripts` folder as a bash script (or node etc.). A local package's script then point towards the common script and specifies how to run it (bash or node etc.) like this:\n\n`./flexbox-grid/package.json`\n```json\n{\n \"wipe\": \"bash ../../../scripts/wipe\",\n \"build:dist\": \"bash ../scripts/build/dist src/grid.css\",\n \"build\": \"bash ../scripts/build/index\",\n}\n```\n\n`./scripts/build/dist`\n```bash\n#!/usr/bin/env bash\n\n# Called from inside packages, will compile PostCSS into css\nprintf \"šŸ§± Building Compiled CSS: %s šŸ§±\" \"${PWD##*/}\"\n\n# Default to build every css file in src/, otherwise use first command line arg\nINFILE=\"src/*.css\"\nif [[ \"$1\" != \"\" ]]; then\n INFILE=\"$1\"\nfi\n\nnpm run lint:fix \u0026\u0026 cross-env NODE_ENV=compile parcel build $INFILE --no-content-hash --no-source-maps --no-cache\n```\n\nYou can add *global* scripts to `/scripts/`.\n\nYou can add *scoped* scripts to a package's parent dir, e.g. `/packages/css/scripts/`.\n\nYou can add *unique* scripts in the package's `package.json` or in a `scripts/` directory inside the package.\n\nScripts should be located and named in accordance with the `npm run` script that calls it. E.g. if your scripts inside `package.json` are the same as above, the directory structure would look like this:\n\n`/`\n```\nā”œā”€ā”€ packages\n| ā”œā”€ā”€ css-utils\n| | ā””ā”€ā”€ package.json\n| ā””ā”€ā”€ scripts\n| ā””ā”€ā”€ build\n| ā”œā”€ā”€ index\n| ā””ā”€ā”€ dist\nā””ā”€ā”€ scripts\n ā””ā”€ā”€ wipe\n```\n**Note:** With a script that does not share a prefix with another script, you do not have to create a subfolder for the script inside the scripts directory, you can just name the file the same as the script. In the above case where there are several `build` scripts, you will use the `:` to denote a filepath, where the base `build` script will then be the `index` file inside the `build` directory (much alike how `pages` work for Nuxt).\n\n### Global scripts\nScripts that are usually used for manipulating the whole repo at the same time and scripts that does not necessarily have anything to do with any specific packages are available in the repo's root scope (`/package.json`) through `npm run`. The scripts here reflect the correct way to use the interfaces lerna provides us, such as publishing with conventional changelogs and bootstrapping with hoisting, so we do not forget to do these things the correct way. There are also interfaces for common operations such as rebuilding everything.\n\nThese scripts live inside `/repoScripts` to distinguish them from the scripts that you would run from inside a specific package. **When in doubt**, use these scripts instead of using the provided `lerna \u003ccommand\u003e`.\n\n## Config files\nTo avoid duplications and to make sure that our environments are as alike as possible we should also hoist configuration files to as big a scope as possible. For example: we use stylelint for every CSS package inside `/packages/css/`. For this case we have created the `config` directory `/packages/css/config/` that contains base-configurations for every CSS-package. E.g.:\n\n`/packages/css/`\n```\nā”œā”€ā”€ css-utils\n| ā””ā”€ā”€ .stylelintrc.json \u003c- package-specific config\nā””ā”€ā”€ config\n ā””ā”€ā”€ .stylelintrc.json \u003c- extendable base-config\n```\n\nThe configurations inside `*/config/` are implemented by either importing them and weaving them into the local configuration (for `*.js`) or by using the module-specific 'extends'-syntax.\n\n## Adding dependencies\n```bash\n\u003e lerna add \u003cpackage\u003e --scope \u003cscope\u003e --no-bootstrap\n```\n\nWhen adding a dependency to a package only use `npm i \u003cpackage\u003e` if the package is external to the monorepo. This is to make sure symlinks are created when a dependency is internal to the monorepo. The catch-all way to add packages with lerna is to use `lerna add \u003cpackage\u003e[@version]`. The default behaviour is to add the package to all packages - to add it only to a single package use the `--scope=\u003cpackage\u003e` flag. Doing so will look for local packages first and add a symlinked folder in `node_modules`, but if the package is a third party module it will install it normally as with `npm i`. You can also write the dependency in your `package.json` and use [bootstrapping](#bootstrapping \"Bootstrapping\") to create the symlinks manually.\n\n`lerna add` does not hoist dependencies when bootstrapping after getting the dependency, which is why we skip that step with `--no-bootstrap`. To make sure that everything behaves as expected, we manually run the following afterwards:\n\n```bash\n\u003e lerna clean \u0026\u0026 lerna bootstrap --hoist\n```\n\nIf you are adding dependencies to the repo as a whole, you will just use `npm` or `yarn` as you normally would from the root scope.\n\n**Note:** `lerna add` can only add one package at a time.\n\n### Examples:\n```bash\n# Adds the module-1 package to the packages in the 'prefix-' prefixed folders\nlerna add module-1 packages/prefix-*\n\n# Install module-1 to module-2\nlerna add module-1 --scope=module-2\n\n# Install module-1 to module-2 in devDependencies\nlerna add module-1 --scope=module-2 --dev\n\n# Install module-1 to module-2 in peerDependencies\nlerna add module-1 --scope=module-2 --peer\n\n# Install module-1 in all modules except module-1\nlerna add module-1\n\n# Install babel-core in all modules\nlerna add babel-core\n```\n\n### Hoisting quirk\nWhen installing dependencies with `lerna bootstrap --hoist` ([reference](#bootstrapping)), binaries used to run any and all dependencies in a local package will still be kept inside the local package's `node_modules/.bin` directory, so an `npm run` command can still find the module. This, however, is dependent on the direct dependency being in the local `package.json`. Thus, a dependency's (or devDependecy's) dependency binary **will not** by default be present inside the local package's `node_modules/.bin`, as it would normally if your dependency depends on it.\n\n**This means:** You will have to be explicit with which packages you package uses. If (for example) `stylelint-config-standard` (which depends on `stylelint`) is installed and you want to use a command like `stylelint \"src/**/*.css\"` **you will have to** specify `stylelint` as a dependency or devDependency in your package as well.\n\n## Bootstrapping\n```bash\n\u003e lerna bootstrap --hoist\n```\nis the equivalent of `npm i` in that it installs all dependencies with the added benefit of checking if any dependencies are present in the monorepo first and creating symlinks where possible while also making sure the dependencies are hoisted to reduce duplicate files. Hoisting makes sure we have a central `node_modules` for common libraries. Refrain from using `npm i` to install all dependencies for a package since this will neither hoist dependencies or create symlinks. To make sure we bootstrap and hoist the correct way, you can from the root repo scope (everywhere that is not inside another package) run:\n```bash\n\u003e npm run bootstrap\n```\nWhich will execute the script `/repoScripts/bootstrap`.\n\n**Note:**\n\nBootstrapping by itself should also creat internal dependency symlinks, but this can be buggy with private packages. If this is an issue, we just manually link interdependencies first.\n\n### Symlinks\n```bash\n\u003e lerna link\n```\ndoes the same as bootstrapping, except it only symlinks internal dependencies and does not install third party packages.\n\n**Note:**\nSymlinked packages are mirrors of the linked package, which means that an update to the files in one package does not necessitate re-linking during development, the update is instant. The link allows access to the whole package, although **only `dist/` will be available when the package is published and distributed.\n\n## Cleaning up\nIf the dependencies are acting wonky, using:\n```bash\n\u003e lerna clean\n```\nwill delete all `node_modules` in all packages, but not the root `node_modules` (use `rm -rf` to remove this dir if necessary). `--scope=\u003cpackage\u003e` can be used to select individual packages.\nLikewise:\n```bash\n\u003e lerna run wipe\n```\nor, from the root scope:\n```bash\n\u003e npm run wipe-all\n```\nwill clean out all `dist` folders. Scoping also applies when using `lerna run wipe`.\n\nTo quickly clean out all `node_modules` and `dist/` folders as well as re-bootstrap and rebuild all dependencies and packages, you can from the root scope run:\n```bash\n\u003e npm run reset \u003coptional-scope\u003e\n```\nwhich will execute `/repoScripts/reset`. Adding a scope here does not require using `--scope`.\n\n## Running arbitrary commands\n```bash\n\u003e lerna run \u003cscript\u003e\n```\ncan be used to run any script in all packages (with optional scoping) as [seen previously](#cleaning-up \"Cleaning up\"), which is also why it is important to always [name the scripts the same thing in every package](#scripts \"Scripts\").\n```bash\n\u003e lerna run build\n```\nwill automatically figure out the order in which to build packages on the basis of a package's dependencies.\n\nAdding the `--stream` flag will stream the output of all of the run scripts to your terminal. To add parameters to the run scripts you will need to add `--`. E.g.:\n```bash\n\u003e lerna run lint --stream --scope=@novicell/flexbox-grid -- --fix\n```\nIn the above example both `--stream` and `--scope` are passed to `lerna run`, but `--fix` is passed on to the `lint` script.\n\n## Versioning, changelogs \u0026 publishing\nVersioning can only take place on `master` / `main` or feature branches (`feat/*` / `feature/*`) to make sure that we don't bump version number for every little change.\n\nFrom the root scope:\n```bash\n\u003e npm run publish\n```\nor from anywhere:\n```bash\n\u003e lerna publish --conventional-commits\n```\nwill automatically include a versioning step, and as such it is not a requirement to use `lerna version`. It will also automatically run the `\"prepublishOnly\"` script in packages, which should build the packages before publishing. You will also need to login to NPM with the command `npm login`.\n\nPublishing/versioning packages this way also creates [changelogs automatically](#conventional-commits), which is why it is important to publish packages in this fashion. Scoping is not (usually) applicable when publishing, since this would break interdependency versioning.\n\nIt is not necessary to publish changes when refactoring (when no bugs are fixed or no features are added) or just fixing small bugs, that can be bundled together in a bigger release at a later point. This also means that if you run `npm run publish` you may see unpublished changes to other packages than the one you have worked on. If changes are specifically not meant to be published yet they should be put on a separate branch so the next publish will not catch them as well.\n\nIt is worth mentioning, that every change should at least bump a patch version, even though it did not change any functionality or fix any bugs (even if it is only in the development environment). This is to respect if a consumer of the package absolutely does not want any changes to their packages, since everything carries a risk of breaking something.\n\n### Conventional commits\nWhen making changes to the packages, we use [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/ \"Conventional Commits Spec\") to help us with automatic versioning and changelogs. This means that we do not have to think about versioning and updating the changelog when publishing, as long as we format our commit messages correctly. See [the rules](https://www.npmjs.com/package/@commitlint/config-conventional/v/9.0.0 \"NPM @commitlint/config-conventional\") for more details.\n\n#### Message formatting\nYou will have to include an empty line between the summary, description, and footer when writing a multiline message. When committing a breaking change you MUST add the `BREAKING CHANGE` footer, and optionally (recommended) use a bang (`!`) after the type (and scope if there is any) to give attention to the breaking change:\n\nšŸ‘æ:\n```bash\n\u003e git commit -m \"feat!: something is not backwards compatible\"\n```\n\nšŸ‘æ:\n```bash\n\u003e git commit -m \"BREAKING CHANGE: something is not backwards compatible\"\n```\n\nšŸ˜:\n```bash\n\u003e git commit\nfeat!: something is not backwards compatible\n\ndescription goes here\n\nBREAKING CHANGE: the thing that broke compatibility\n```\n\nScopes specified in the parentheses are the package's name (not folder name), but with `@novicell/` omitted. Several scopes can be specified with commas: `feat(vue-breadcrumb,css-utils):` (no spaces between), and a repository-scale scope can be specified by omitting the scope entirely: `feat:`.\n\n#### commitlint\nToo see if your commit message is formatted correctly, test it with commitlint:\n\nThis will pass:\n```bash\n\u003e echo 'feat(vue-breadcrumb): added more features' | npx commitlint\n```\nor for multiline commit messages - just omit the last `'` on the first line:\n```bash\n\u003e echo 'feat(vue-breadcrumb)!: added more features\n\u003e\n\u003e this is an in-depth description of the features added\n\u003e\n\u003e BREAKING CHANGE: this one feature needs to bump the major version of the package' | npx commitlint\n```\n**Note:**\n\nWhen using `!` to call attention to a breaking change with `commitlint`, you will have to `echo` with single ticks, e.g.: `echo 'feat(vue-breadcrumb)!: something is not backwards compatible'`.\n\n### Test publishing\nIf you want to test your published package without it going on NPM, you can use Verdaccio to create a local package registry:\n\n```bash\n\u003e npm i -g verdaccio\n```\n\nFollow these steps to publish, test, unpublish, and reset packages to a local registry, leaving you exactly where you left off:\n\n#### Publish package to local registry\nThe easiest way to only publish select packages (although it does not matter if you publish everything since it is a local registry):\n\n1. Commit everything (don't push it) - this will act as a starting point that is easy to return to if anything goes wrong.\n\n2. Go to the `package.json` of the packages you wish to test publish and bump the version number in any way.\nThis makes lerna (when using `from-package`) pick up on the fact that a package has been changed so it can be published. Otherwise lerna will not publish the packages.\n\n3. Commit everything again with a message such as \"chore: test publish\" - you should only have changes in the `package.json` of the packages you wish to publish. Lerna will not let you publish packages with uncommitted changes.\n\n4. Run verdaccio, and copy the URL:\n```bash\n\u003e verdaccio # E.g.: http://localhost:4873\n```\nVerdaccio will run and show you a URL you will need to tell NPM / lerna where to publish the packages. Opening the URL in your browser will show the packages published to your local registry.\n\n5. Publish packages:\n```bash\n\u003e lerna publish from-package --registry \u003cverdaccio url\u003e\n\n# For example:\n\u003e lerna publish from-package --registry http://localhost:4873\n```\nThis will look at which packages have changed (from the version number in `package.json`) since last publish. Don't worry if there are other unpublished changed packages.\n\n**Note:**\n\nDon't worry if you get an error from lerna because of uncommitted changes. This happens because lerna itself changes `gitHead` while publishing but does not clean up after itself (which seems to be a bug). The packages are still published to Verdaccio and the change will be reset afterwards anyway.\n\n#### Testing package from local registry\nAs long as you keep verdaccio running, you can install your package on your computer (for example in a playground environment) by using the `--registry` flag as you did when publishing:\n```bash\n\u003e npm i \u003cpackage\u003e --registry \u003cverdaccio url\u003e\n\n# For example:\n\u003e npm i @novicell/vue-breadcrumb --registry http://localhost:4873\n```\n\n#### Unpublishing package from local registry\nIf you want to get rid of the clutter, or if you want to change the tested packages without changing the version numbers once again, you can unpublish from the local registry with the following command, as long as Verdaccio is running:\n\n```bash\n\u003e npm unpublish \u003cpackage\u003e --registry \u003cverdaccio url\u003e --force\n\n# For example:\n\u003e npm unpublish @novicell/vue-breadcrumb --registry http://localhost:4873 --force\n```\n\n#### Resetting changes\nTo return to the exact state before bumping version numbers, use the command:\n\n```bash\n\u003e git reset --hard HEAD~1\n```\n\nThis will change files and git log back one commit, leaving you exactly in the state you were before publishing to Verdaccio.\n\n## Testing packages\nIt is recommended to add a `\"test\"` script to your package.json that calls the shared testing script for that type of package - [read more](#shared-scripts). Tests can of course be run regularly with `npm run test` (single package) or `lerna run test` (all packages), but testing is also done automatically before every commit.\n\nTesting on every commit is done for 3 reasons:\n\n1. It is easier to fix a problem immediately instead of at a later point.\n2. The person creating the problem is in the best position to fix it.\n3. In a monorepo with interdependecies, one change can affect multiple packages. Waiting to test until pushing or merging into master might bunch together a whole lot of problems that are harder to fix than incrementally fixing small problems.\n\nIf it is necessary to commit changes where tests are failing, you can manually disable the tests (**by commenting them out or using `.skip()` in jest etc.**). Alternatively you can run `git commit` with the `--no-verify` flag, but this will also skip the hook that calls `commitlint`. This means, that if you use the `--no-verify` flag, you will have to [manually check your commit message](#commitlint) before committing your changes, e.g.:\n\n```bash\n\u003e MSG='fix(vue-breadcrumb): commitlint compliant message' \u0026\u0026 echo \"$MSG\" | npx commitlint \u0026\u0026 git commit -m \"$MSG\" --no-verify\n```\n\n**It is recommended** to just disable the tests to ensure that changelogs will be generated correctly etc, but the above example *will work for single-line commit messages*.\n\n## Storybook\nTo see all components for a framework you can (from the root scope) run the command:\n`/`\n```bash\n\u003e npm run \u003cframework\u003e-storybook\n```\nE.g.:\n`/`\n```bash\n\u003e npm run vue-storybook\n```\nThis will run the bash script `/repoScripts/storybook/vue`.\n\nStorybooks only rebuild on `prepublishOnly` to make sure that generated files will not clutter commits. If needed, the files can be rebuilt manually.\n\n### Live storybooks\nThe Vue storybook is published on Azure in the `NovicellTech` resource group. The resource is called `FrontendPackagesVueStorybook`.\n\n## New package - what do?\nTo create and publish a new package you will often have to go through the following steps:\n1. Copy an existing package and edit the `package.json` as specified in [package.json](#package.json \"package.json\") and write the code.\n2. Add dependencies with `lerna add @novicell/\u003cpackage\u003e --scope=@novicell/\u003cthis-package\u003e` followed by a hoisted bootstrap - refer to [Bootstrapping](#bootstrapping \"Bootstrapping\") and [Cleaning up](#cleaning-up \"Cleaning up\").\n3. Commit the package with [Conventional Commits](#conventional-commits \"Conventional Commits\").\n4. Login to NPM with `npm login`.\n5. Publish (and build) the package with `lerna publish --conventional-commits`\n6. Sip espresso ā˜•\n\n### Major version zero\nWhen creating a package that is not yet stable, they should have a major version 0, e.g.: `0.1.0`. According to the semver specs, every change at this stage could be breaking, so a breaking change will not bump the major version automatically to `1.0.0`. When your package is stable you can commit the changes as you normally would with a correctly formatted commit message and version / publish the other packages that need to be published. Don't worry about the fact that the major version of your desired package will not change. If your package is private at this point, go ahead and set that property to false in the `package.json`. At this point you can either manually edit the version number to a major version 1 in the `package.json` and commit with conventional commits. Or you can just commit the changes you have and version the package manually with:\n```bash\n\u003e lerna version # should only show your edited package\n```\nAfter this has been done, you will have to tell lerna to publish the package without bumping the version again, which can be done with:\n```bash\n\u003e lerna publish from-package\n```\n### Making changes\nWhen making changes to a package, it is commonly a good idea to clear out the changed package's `dist` folder and `node_modules` since bootstrapping will only add dependencies, not remove them if they have been changed in `package.json` manually instead of being removed with `npm uninstall`. After this, you can bootstrap and build the package again so that any depending packages have access to the newly created distribution-files for testing before ultimately committing the changes and potentially publishing.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnovicell%2Ffrontend-packages","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnovicell%2Ffrontend-packages","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnovicell%2Ffrontend-packages/lists"}