{"id":46174065,"url":"https://github.com/scheduleonce/ng-strictify","last_synced_at":"2026-04-13T08:01:22.241Z","repository":{"id":39751546,"uuid":"340362663","full_name":"scheduleonce/ng-strictify","owner":"scheduleonce","description":"Incrementally update your Angular project to use the Typescript strict flag","archived":false,"fork":false,"pushed_at":"2026-04-10T10:46:58.000Z","size":2074,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":9,"default_branch":"master","last_synced_at":"2026-04-10T12:35:58.414Z","etag":null,"topics":["angular","typescript"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scheduleonce.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-02-19T12:28:22.000Z","updated_at":"2026-04-10T10:46:10.000Z","dependencies_parsed_at":"2024-02-29T06:30:52.521Z","dependency_job_id":"90401dd7-d370-49bd-9c05-7cb681c20862","html_url":"https://github.com/scheduleonce/ng-strictify","commit_stats":{"total_commits":55,"total_committers":12,"mean_commits":4.583333333333333,"dds":0.7272727272727273,"last_synced_commit":"2eba52a13598d08e71fd1b27e8b7563614724cc0"},"previous_names":[],"tags_count":93,"template":false,"template_full_name":null,"purl":"pkg:github/scheduleonce/ng-strictify","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scheduleonce%2Fng-strictify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scheduleonce%2Fng-strictify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scheduleonce%2Fng-strictify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scheduleonce%2Fng-strictify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scheduleonce","download_url":"https://codeload.github.com/scheduleonce/ng-strictify/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scheduleonce%2Fng-strictify/sbom","scorecard":{"id":803776,"data":{"date":"2025-08-11","repo":{"name":"github.com/scheduleonce/ng-strictify","commit":"490ca79c80811f2fad4c25591904cca2e982e3d8"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.3,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":6,"reason":"8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/npm-publish.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/scheduleonce/ng-strictify/npm-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/scheduleonce/ng-strictify/npm-publish.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/npm-publish.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":1,"reason":"branch protection is not maximal on development and all release branches","details":["Warn: branch protection not enabled for branch 'pythons/ONCEHUB-92716'","Warn: branch protection not enabled for branch 'pythons/ONCEHUB-82384'","Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T11:14:09.813Z","repository_id":39751546,"created_at":"2025-08-23T11:14:09.813Z","updated_at":"2025-08-23T11:14:09.813Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31744404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T06:26:45.479Z","status":"ssl_error","status_checked_at":"2026-04-13T06:26:44.645Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angular","typescript"],"created_at":"2026-03-02T17:33:52.224Z","updated_at":"2026-04-13T08:01:22.187Z","avatar_url":"https://github.com/scheduleonce.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ng-strictify\n\n\u003e Incrementally update your Angular project to use the Typescript strict flag\n\nFor a summary of the most recent changes to the project, please see [CHANGELOG](https://github.com/scheduleonce/ng-strictify/blob/master/CHANGELOG.md)\n\n## Builder\n\nThis is a custom Angular CLI builder, which can be used to check Angular projects with a different tsconfig file and can help in enabling some tsconfig rules incrementally.\n\nThis repository contains an example of the Angular CLI Architect API.\nYou can find the Architect builder in the `builder` directory.\n\n## What can you use this for ?\n\nHaving a project set to use Typescript's `strict` flag on is considered a [good practice](https://angular.io/guide/strict-mode). However, what if you have a large project that currently doesn't use the `strict` flag and you want to start using it ? For a lot of projects, just turning it on is not always feasible, as you would have to fix a lot of issues in one go. Having an _incremental_ migration plan is necessary then.\n\nThis builder fulfills these two main requirements:\n\n1. Strictness should be enforced on already strict files.\n2. New files should have strict flag enforced by default.\n\nThis will make sure you do not introduce new code that is not \"strict\" and will let you slowly update the existing non-strict files to be strict.\n\n## Installation\n\n```sh\n$ npm install @oncehub/ng-strictify\n```\n\n## Adding to the project architect\n\n```jsonc\n// angular.json\n{\n  // ...\n  \"app-name\": {\n    // ...\n    \"architect\": {\n      \"build\": {\n        // ...\n      },\n      \"serve\": {\n        // ...\n      },\n      // ...\n      \"strictify\": {\n        \"builder\": \"@oncehub/ng-strictify:strictify\",\n        \"options\": {\n          \"command\": \"strictify\",\n          \"buildScript\": \"build\",\n          \"listFilesOnly\": true // Optional\n        }\n      }\n    }\n  }\n}\n```\n\n### Architect configuration explained\n\n- **Build command:** strictify: To use with ng cli.\n- **Builder:** \"@oncehub/ng-strictify:strictify\": Name of the CLI builder and its command to execute.\n- **Options:**\n  1. `command`: name of the command - Same as mentioned in builder.\n  2. `buildScript`: Specify the build script mentioned in your package file. This script will be executed from within the ng-strictify builder.\n  3. `listFilesOnly`: (_optional_) If true, ng-strictify will print the list of files with errors. You can use this to find out all the files that need to be excluded when you start the incremental migration.\n\n## Add npm custom script in package.json\n\n```jsonc\n// package.json\n{\n  // ...\n  \"scripts\": {\n    // ...\n    \"strictify\": \"ng run app-name:strictify\"\n  }\n}\n```\n\nYou need to pass the app-name and the build command for ng-strictify that you specified in the `angular.json` file.\n\n## Adding a `tsconfig.strict.json` file\n\nYou must have a `tsconfig.strict.json` file present in your project folder to use ng-strictify. This file will be used as the base configuration in ng-strictify.\n\n\\* Note: In the test-app example in this repo we have only added strict rules, but you can also specify any rule which you want to enable in an incremental migration.\n\n---\n\n## Sample application\n\nThe sample application which uses the Architect builder is available under the `test-app` directory.\n\nThis sample application can be used to test the custom builder. We have added all the required configuration to run ng-strictify in that test app along with the `tsconfig.strict.json` file which has some strict rules enabled that are not enabled in the main tsconfig.\n\n### Local development\n\n#### Build the cli builder and generate the package\n\nGo to the builder directory and execute the following commands\n\n```sh\n$ npm run build\n$ npm link\n```\n\n#### Use the cli builder package from local\n\nGo to the test-app directory and execute the following command\n\n```sh\n$ npm link @oncehub/ng-strictify\n$ npm run strictify\n```\n\n### Observing the result\n\nYou can see the following result in the console after the command execution:\n\n```\nFix these issues: src/app/app.component.ts:9:3 - error TS7008: Member 'title' implicitly has an 'any' type.\n\n9   title;\n    ~~~~~\n\n```\n\nAs we can see that in `app.component.ts` file we have added a variable `title` without any type and later assigning a string to it. Since the default type of this variable is _any_ which is not allowed in the strict configuration our ng-strictify showing it as error.\n\nChange the declaration of title variable as:\n\n```\ntitle: string = '';\n```\n\nAnd now re-run the `npm run strictify` command again. You will see that no error has been reproduced at this step.\n\n## Development\n\nPackage is automatically pushed to npm when [creating a new release](.github/workflows/npm-publish.yml) on Github. Check out the release section in the repo. Read more about releases [here](https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository).\n\n### License\n\nThis module is licensed under the MIT License. See the LICENSE file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscheduleonce%2Fng-strictify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscheduleonce%2Fng-strictify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscheduleonce%2Fng-strictify/lists"}