Package Health Score

79 / 100

security
Security review needed
popularity
Limited
maintenance
Healthy
community
Active

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version			Vulnerabilities	License Risk
7.0.116	\|	04/2024	0 C 0 H 0 M 0 L	0 H 0 M 0 L
7.0.114	\|	04/2024	0 C 0 H 0 M 0 L	0 H 0 M 0 L
6.0.44	\|	08/2023	0 C 0 H 0 M 0 L	0 H 0 M 0 L
5.0.19	\|	01/2023	0 C 0 H 0 M 0 L	0 H 0 M 0 L
4.1.297	\|	10/2022	0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

BSD-3-Clause

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (808)

GitHub Stars: 998
Forks: 167
Contributors: 80

Direct Usage Popularity

The npm package screwdriver-api receives a total of 808 downloads a week. As such, we scored screwdriver-api popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package screwdriver-api, we found that it has been starred 998 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: Yes
Contributors: 80
Funding: No

With more than 10 contributors for the screwdriver-api repository, this is possibly a sign for a growing and inviting community.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 576
Open PR: 4
Last Release: 18 hours ago
Last Commit: 17 days ago

Further analysis of the maintenance status of screwdriver-api based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that screwdriver-api demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=18.0.0

Age: 8 years
Dependencies: 62 Direct
Versions: 2.02K
Install Size: 1.78 MB
Dist-tags: 1
# of Files: 262
Maintainers: 8
TS Typings: No

screwdriver-api has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Screwdriver API

License

API for the Screwdriver CD service

Screwdriver is a self-contained, pluggable service to help you build, test, and continuously deliver software using the latest containerization technologies.

Background

Screwdriver began as a hack for simplified interfacing with Jenkins at Yahoo in 2012. As the volume of builds increased, it became clear that Jenkins was not stable or feasible to use at the scale we were running builds. In 2016, we rebuilt Screwdriver from scratch in open source with our best coding practices and CICD goals in mind. Screwdriver is executor and SCM-agnostic, meaning you can choose whichever plugin better suits your need or build your own. It's completely free and open source, and our team is actively maintaining the code.

For more information about Screwdriver, check out our homepage.

Installation and Usage

Plugins

This API comes preloaded with 16 (sixteen) resources:

Three (3) option for datastores:

Postgres, MySQL, and Sqlite (sequelize)

Three (3) options for executor:

Kubernetes (k8s)
Docker (docker)
Nomad (nomad)

Three (3) options for SCM:

GitHub (github)
GitLab (gitlab)
Bitbucket (bitbucket)

Prerequisites

To use Screwdriver, you will need the following prerequisites:

Node v12.0.0 or higher
Kubernetes or Docker

From Source

$ git clone git@github.com:screwdriver-cd/screwdriver.git ./
$ npm install
$ vim ./config/local.yaml # See below for configuration
$ npm start
info: Server running at https://localhost:8080

From a Prebuilt Docker image

$ vim ./local.yaml # See below for configuration
$ docker run --rm -it --volume=`pwd`/local.yaml:/config/local.yaml -p 8080 screwdrivercd/screwdriver:stable
info: Server running at https://localhost:8080

Using In-A-Box

Our in-a-box script brings up an entire Screwdriver instance (ui, api, and log store) locally for you to play with. Follow instructions at https://github.com/screwdriver-cd/in-a-box#screwdriver-in-a-box.

Using Helm

This chart bootstraps the whole Screwdriver ecosystem and also nginx ingress controller.

Configuration

Screwdriver already defaults most configuration, but you can override defaults using a local.yaml or environment variables.

To continue set up, follow the instructions for cluster management.

Yaml

Example overriding local.yaml:

executor:
    plugin: k8s
    k8s:
        options:
            kubernetes:
                host: kubernetes.default
                token: this-is-a-real-token
            launchVersion: stable

scms:
    github:
        plugin: github
        config:
            oauthClientId: totally-real-client-id
            oauthClientSecret: another-real-client-secret
            secret: a-really-real-secret
            username: sd-buildbot
            email: dev-null@screwdriver.cd

Environment

Example overriding with environment variables:

$ export K8S_HOST=127.0.0.1
$ export K8S_TOKEN=this-is-a-real-token
$ export SECRET_OAUTH_CLIENT_ID=totally-real-client-id
$ export SECRET_OAUTH_CLIENT_SECRET=another-real-client-secret

All the possible environment variables are defined here.

Testing

Unit Tests

npm test

Note: You might run into memory issues running all the unit tests. You can update your ~/.bashrc file with the line below to ensure there's enough memory for tests to run:

export NODE_OPTIONS=--max_old_space_size=4096

Functional tests

Fork functional-* repositories to your organization from screwdriver-cd-test

With `.func_config`

Add .func_config to the root of the Screwdriver API folder with your username, github token, access key, host, and organization for test:

GIT_TOKEN=YOUR-GITHUB-TOKEN
SD_API_TOKEN=YOUR-SD-API-TOKEN
SD_API_HOST=YOUR-SD-API-HOST
SD_API_PROTOCOL=PROTOCOL-FOR-SD-API // e.g.PROTOCOL=http; by default it is https
TEST_ORG=YOUR-TEST-ORGANIZATION
TEST_USERNAME=YOUR-GITHUB-USERNAME
TEST_SCM_HOSTNAME=YOUR-TEST-SCM-HOSTNAME // e.g. TEST_SCM_HOSTNAME=mygithub.com; by default it is github.com
TEST_SCM_CONTEXT=YOUR-TEST-SCM-CONTEXT // e.g.TEST_SCM_CONTEXT=bitbucket; by default it is github

With environment variables

Set the environment variables:

$ export GIT_TOKEN=YOUR-GITHUB-TOKEN
$ export SD_API_TOKEN=YOUR-SD-API-TOKEN
$ export SD_API_HOST=YOUR-SD-API-HOST
$ export SD_API_PROTOCOL=PROTOCOL-FOR-SD-API
$ export TEST_ORG=YOUR-TEST-ORGANIZATION
$ export TEST_USERNAME=YOUR-GITHUB-USERNAME
$ export TEST_SCM_HOSTNAME=YOUR-TEST-SCM-HOSTNAME
$ export TEST_SCM_CONTEXT=YOUR-TEST-SCM-CONTEXT

Then run the cucumber tests:

npm run functional

Contribute

To start contributing to Screwdriver, have a look at our guidelines, as well as pointers on where to start making changes, in our contributing guide.

License

Code licensed under the BSD 3-Clause license. See LICENSE file for terms.

screwdriver-api dependencies

@hapi/bell @hapi/boom @hapi/cookie @hapi/crumb @hapi/good @hapi/good-console @hapi/good-squeeze @hapi/hapi @hapi/hoek @hapi/inert @hapi/vision @promster/hapi async badge-maker config dayjs hapi-auth-bearer-token hapi-auth-jwt2 hapi-rate-limit hapi-swagger ioredis joi js-yaml jsonwebtoken license-checker lodash.mergewith ndjson node-env-file prom-client redlock screwdriver-artifact-bookend screwdriver-build-bookend screwdriver-cache-bookend screwdriver-command-validator screwdriver-config-parser screwdriver-coverage-bookend screwdriver-coverage-sonar screwdriver-data-schema screwdriver-datastore-sequelize screwdriver-executor-base screwdriver-executor-docker screwdriver-executor-k8s screwdriver-executor-k8s-vm screwdriver-executor-queue screwdriver-executor-router screwdriver-logger screwdriver-models screwdriver-notifications-email screwdriver-notifications-slack screwdriver-request screwdriver-scm-base screwdriver-scm-bitbucket screwdriver-scm-github screwdriver-scm-gitlab screwdriver-scm-router screwdriver-template-validator screwdriver-workflow-parser sqlite3 stream tinytim uuid verror

screwdriver-api development dependencies

FAQs

What is screwdriver-api?

API server for the Screwdriver.cd service. Visit Snyk Advisor to see a full health score report for screwdriver-api, including popularity, security, maintenance & community analysis.

Is screwdriver-api popular?

The npm package screwdriver-api receives a total of 808 weekly downloads. As such, screwdriver-api popularity was classified as limited. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is screwdriver-api well maintained?

We found that screwdriver-api demonstrated a healthy version release cadence and project activity. It has a community of 80 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is screwdriver-api safe to use?

While scanning the latest version of screwdriver-api, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 25 April-2024, at 20:28 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (808)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Readme

Screwdriver API

Table of Contents

Background

Installation and Usage

Plugins

Prerequisites

From Source

From a Prebuilt Docker image

Using In-A-Box

Using Helm

Configuration

Yaml

Environment

Testing

Unit Tests

Functional tests

With .func_config

With environment variables

Contribute

License

screwdriver-api dependencies

screwdriver-api development dependencies

FAQs

What is screwdriver-api?

Is screwdriver-api popular?

Is screwdriver-api well maintained?

Is screwdriver-api safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues

With `.func_config`