@agoric/access-token

v0.4.22-u11wf.0

Persistent credentials for Agoric users, backed by a simple JSON file For more information about how to use this package see README

Latest version published 7 months ago

License: Apache-2.0

NPM

GitHub

Package Health Score

77 / 100

security
No known security issues
popularity
Small
maintenance
Sustainable
community
Active

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
0.4.22-u11wf.0	\|	09/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

Apache-2.0

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Small

Weekly Downloads (5,805)

GitHub Stars: 295
Forks: 188
Contributors: 80

Direct Usage Popularity

The npm package @agoric/access-token receives a total of 5,805 downloads a week. As such, we scored @agoric/access-token popularity level to be Small.

Based on project statistics from the GitHub repository for the npm package @agoric/access-token, we found that it has been starred 295 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 80
Funding: No

With more than 10 contributors for the @agoric/access-token repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like @agoric/access-token is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Sustainable

Commit Frequency

Open Issues: 1.24K
Open PR: 194
Last Release: 7 months ago
Last Commit: 13 days ago

Further analysis of the maintenance status of @agoric/access-token based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

We found that @agoric/access-token demonstrates a positive version release cadence with at least one new version released in the past 12 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 3 years
Dependencies: 3 Direct
Versions: 1.91K
Install Size: 36.9 kB
Dist-tags: 14
# of Files: 8
Maintainers: 9
TS Typings: No

@agoric/access-token has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

banner-1500x500

Agoric Platform SDK

This repository contains most of the packages that make up the upper layers of the Agoric platform, with the endo repository providing the lower layers. If you want to build on top of this platform, you don't need these repositories: instead you should follow our instructions for getting started with the Agoric SDK.

But if you are improving the platform itself, these are the repositories to use.

Prerequisites

Git
Node.js LTS (version 16.13.0 or higher)
- we generally support the latest LTS release: use nvm to keep your local system up-to-date
Yarn (npm install -g yarn)
gcc-10 or newer, or a compiler with __has_builtin()

Any version of Yarn will do: the .yarnrc file should ensure that all commands use the specific checked-in version of Yarn (stored in .yarn/releases/), which we can update later with PRs in conjunction with any necessary compatibility fixes to our package.json files.

Building on Apple Silicon and Newer Architectures

Some dependencies may not be prebuilt for Apple Silicon and other newer architectures, so it may be necessary to build these dependencies from source and install that package’s native dependencies with your package manager (e.g. Homebrew).

Currently these dependencies are:

Canvas

Additionally, if your package manager utilizes a non-standard include path, you may also need to export the following environment variable before running the commands in the Build section.

export CPLUS_INCLUDE_PATH=/opt/homebrew/include

Finally, you will need the native build toolchain installed to build these items from source.

xcode-select --install

Build

From a new checkout of this repository, run:

yarn install
yarn build

When the yarn install is done, the top-level node_modules/ will contain all the shared dependencies, and each subproject's node_modules/ should contain only the dependencies that are unique to that subproject (e.g. when the version installed at the top level does not meet the subproject's constraints). Our goal is to remove all the unique-to-a-subproject deps.

When one subproject depends upon another, node_modules/ will contain a symlink to the subproject (e.g. ERTP depends upon marshal, so node_modules/@endo/marshal is a symlink to packages/marshal).

Run yarn workspaces info to get a report on which subprojects (aka "workspaces") depend upon which others. The mismatchedWorkspaceDependencies section tells us when symlinks could not be used (generally because e.g. ERTP wants marshal@0.1.0, but packages/marshal/package.json says it's actually 0.2.0). We want to get rid of all mismatched dependencies.

The yarn build step generates kernel bundles.

Test

To run all unit tests (in all packages):

yarn test (from the top-level)

To run the unit tests of just a single package (e.g. eventual-send):

cd packages/eventual-send
yarn test

Run the larger demo

Visit https://docs.agoric.com for getting started instructions.

TL;DR:

yarn link-cli ~/bin/agoric
cd ~
agoric init foo
cd foo
agoric install
agoric start

Then browse to https://localhost:8000

Edit Loop

modify something in e.g. zoe/
run yarn build (at the top level or in zoe/)
re-run tests or agoric start --reset
repeat

Doing a yarn build in zoe creates the "contract facet bundle", a single file that rolls up all the Zoe contract vat sources. This bundle file is needed by all zoe contracts before they can invoke zoe~.install(...). If you don't run yarn build, then changes to the Zoe contract facet will be ignored.

Development Standards

All work should happen on branches. Single-commit branches can land on trunk without a separate merge, but multi-commit branches should have a separate merge commit. The merge commit subject should mention which packages were modified (e.g. (SwingSet,cosmic-swingset) merge 123-fix-persistence)
Keep the history tidy. Avoid overlapping branches. Rebase when necessary.
All work should have an Issue. All branches names should include the issue number as a prefix (e.g. 123-description). Use "Labels" on the Issues to mark which packages are affected.
Add user-visible changes to a new file in the changelogs/ directory, named after the Issue number. See the README in those directories for instructions.
Unless the issue spans multiple packages, each branch should only modify a single package.
Releases should be made as according to MAINTAINERS.md.

@agoric/access-token dependencies

@agoric/assert n-readlines tmp

@agoric/access-token development dependencies

ava c8

FAQs

What is @agoric/access-token?

Persistent credentials for Agoric users, backed by a simple JSON file. Visit Snyk Advisor to see a full health score report for @agoric/access-token, including popularity, security, maintenance & community analysis.

Is @agoric/access-token popular?

The npm package @agoric/access-token receives a total of 5,805 weekly downloads. As such, @agoric/access-token popularity was classified as small. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is @agoric/access-token well maintained?

We found indications that @agoric/access-token maintenance is sustainable demonstrating some project activity. We saw a total of 80 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is @agoric/access-token safe to use?

The npm package @agoric/access-token was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 24 April-2024, at 18:36 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP