{"id":13847141,"url":"https://github.com/pkgjs/detect-node-support","last_synced_at":"2026-02-26T21:51:12.975Z","repository":{"id":40307939,"uuid":"229775350","full_name":"pkgjs/detect-node-support","owner":"pkgjs","description":"List the Node.js versions supported by the package/repository","archived":false,"fork":false,"pushed_at":"2025-09-18T22:30:52.000Z","size":383,"stargazers_count":12,"open_issues_count":19,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-10-11T19:58:48.141Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pkgjs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-12-23T15:12:36.000Z","updated_at":"2023-07-12T19:04:39.000Z","dependencies_parsed_at":"2024-02-25T23:32:57.737Z","dependency_job_id":"16342a18-51bb-4d63-9f39-3f3c62c38e08","html_url":"https://github.com/pkgjs/detect-node-support","commit_stats":{"total_commits":142,"total_committers":2,"mean_commits":71.0,"dds":"0.19718309859154926","last_synced_commit":"e8c518bcf77e0967b77e14b311436d1e91da887f"},"previous_names":["pkgjs/node-support"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/pkgjs/detect-node-support","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgjs%2Fdetect-node-support","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgjs%2Fdetect-node-support/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgjs%2Fdetect-node-support/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgjs%2Fdetect-node-support/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pkgjs","download_url":"https://codeload.github.com/pkgjs/detect-node-support/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgjs%2Fdetect-node-support/sbom","scorecard":{"id":736433,"data":{"date":"2025-08-11","repo":{"name":"github.com/pkgjs/detect-node-support","commit":"e8c518bcf77e0967b77e14b311436d1e91da887f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/3 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgjs/detect-node-support/ci.yaml/main?enable=pin","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/pkgjs/.github/SECURITY.md:1","Info: Found linked content: github.com/pkgjs/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/pkgjs/.github/SECURITY.md:1","Info: Found text in security policy: github.com/pkgjs/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T16:00:10.236Z","repository_id":40307939,"created_at":"2025-08-22T16:00:10.237Z","updated_at":"2025-08-22T16:00:10.237Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29873858,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-26T21:05:00.265Z","status":"ssl_error","status_checked_at":"2026-02-26T20:57:13.669Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T18:00:55.705Z","updated_at":"2026-02-26T21:51:12.950Z","avatar_url":"https://github.com/pkgjs.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# detect-node-support\n\nList the Node.js versions supported by the package/repository\n\nThis repository is managed by the [Package Maintenance Working Group](https://github.com/nodejs/package-maintenance), see [Governance](https://github.com/nodejs/package-maintenance/blob/master/Governance.md).\n\n## Setup\n\nNo setup is required, however if you do not have a `GH_TOKEN` environment limit, you will likely hit a request rate limit on Github API, which may result in very long wait times for retries.\n\n## Usage (command line)\n\n```\n$ npx detect-node-support [options] \u003cpath\u003e\n```\n\nPrints the supported Node.js versions for the package at the specified path. When the path is not a git repository - tries to read the git repository from `package.json` and tries to detect the versions listed in the repository as well.\n\nWhen `path` is omitted, tries to detect the versions for `cwd`. \n\n```\n$ npx detect-node-support [options] \u003cpackage name\u003e\n```\n\nPrints supported Node.js versions for the package from the registry.\n\n```\n$ npx detect-node-support [options] \u003crepository git URL\u003e\n```\n\nPrints supported Node.js versions for the package at the git URL.\n\n### Options\n\n* `--deep` - when used with --deps, include indirect dependencies\n* `--deps` - include the support information of direct production dependencies\n* `--dev` - when used with --deps, include dev dependencies\n\n## Usage (library)\n\n```\nconst result = await require('detect-node-support').detect({ path }, options);\n```\n\n`path` should be a folder in the local file system. When the path is not a git repository - tries to read the git repository from `package.json` and tries to detect the versions listed in the repository as well. \n\n```\nconst result = await require('detect-node-support').detect({ packageName }, options);\n```\n\n`packageName` is a string name for the package in the registry. \n\n```\nconst result = await require('detect-node-support').detect({ repository }, options);\n```\n\n`repository` is a URL for a git repository.\n\n```\nconst result = await require('detect-node-support').detect(what, options);\n```\n\n`what` is a string containing either a package name, or a local path, or a reference to a git repository.\n\n### Options\n\n- `deep: false` - when `true` and used `deps: true`, include indirect dependencies\n- `deps: false` - when `true`, include the support information of all dependencies.\n- `dev: false` - when `true` and used with `deps: true`, include dev dependencies\n\n### Result\n\n- Throws if the `path` / `repository` does not have a `package.json`\n- Throws if `packageName` does not exist in the registry\n- Throws when unable to detect a git repository for the package\n\nOtherwise returns an object with:\n\n```javascript\nconst result = {\n\n    // the `name` field of the `package.json`\n    \"name\": \"package-name\",    \n    \n    // the `version` field of the `package.json` when used with `path` / `repository`,\n    // the `latest` dist-tag version when used with `package`\n    \"version\": \"0.0.0\",\n\n    // the current time when the result is returned\n    \"timestamp\": 1577115956099,\n\n    // git commit hash of the repository HEAD at the time of scanning\n    \"commit\": \"2de28c8c4ab8ac998d403509123736929131908c\",\n\n    // will be left out when not present in the `package.json`\n    // a copy of the `engines.node` field from the `package.json` if present\n    \"engines\": \"\u003e=x.y.z\", \n\n    // will be left out when `.travis.yml` file is not present\n    \"travis\": {\n        // the list of versions as detected by inspecting `node_js` / `matrix` configuration\n        // will be an empty array when no versions are detected or the project is not a Node.js project\n        // will contain \"latest\" when `language: node_js` specified, but no explicit versions detected\n        \"raw\": [\"8\", \"10\", \"lts/*\", \"invalid-specifier\"],\n\n        // raw version specifiers and keywords (as keys) resolved to exact Node.js versions (as values)\n        // the value will be `false` when the specifier/keyword is unrecognized\n        // will be an empty object when the `raw` array is empty\n        \"resolved\": {\n            \"8\": \"8.17.0\", \n            \"10\": \"10.18.0\", \n            \"lts/*\": \"12.14.0\",\n            \"invalid-specifier\": false\n        }       \n    },\n\n    // only present when explicitly requested\n    \"dependencies\": {\n\n        // will contain a support object for every unique dependency in the tree\n        // note that the `version` will be the _latest_ version available in the registry\n        // see below for the actual versions installed   \n        \"support\": [\n            { \n                \"name\": \"dependency-A\" \n                /*... other fields ...*/ \n            },\n            { \n                \"name\": \"dependency-B\" \n                /*... other fields ...*/ \n            }           \n        ],\n    \n        // will contain a list of unique versions for each dependency found in the dependency tree\n        \"versions\": {\n            \"dependency-A\": [\"0.0.10\", \"1.2.5\"],\n            \"dependency-B\": [\"0.5.3\", \"1.0.0\"],\n            \"dependency-C\": [\"7.8.9\"]\n        },\n        \n        // will contain a list of errors that were encountered while resolving dependency support information\n        \"errors\": {\n            \"dependency-C\": {\n                // the `message` will always be either a string or `null`\n                \"message\": \"Failed to download some information or something\"\n            }       \n        }       \n    }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpkgjs%2Fdetect-node-support","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpkgjs%2Fdetect-node-support","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpkgjs%2Fdetect-node-support/lists"}