{"id":13554976,"url":"https://github.com/ahmadassaf/code-notes","last_synced_at":"2025-08-18T21:14:05.716Z","repository":{"id":57202146,"uuid":"82815038","full_name":"ahmadassaf/code-notes","owner":"ahmadassaf","description":"Tool to summarise all code annotation like TODO or FIXME","archived":false,"fork":false,"pushed_at":"2017-04-03T12:28:55.000Z","size":105,"stargazers_count":191,"open_issues_count":5,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-01T15:13:45.314Z","etag":null,"topics":["fixme","javascript","nodejs","notes","todo","utility"],"latest_commit_sha":null,"homepage":"http://code-notes.ahmadassaf.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ahmadassaf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-22T14:40:40.000Z","updated_at":"2024-08-14T16:14:30.000Z","dependencies_parsed_at":"2022-09-17T12:01:29.663Z","dependency_job_id":null,"html_url":"https://github.com/ahmadassaf/code-notes","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/ahmadassaf/code-notes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadassaf%2Fcode-notes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadassaf%2Fcode-notes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadassaf%2Fcode-notes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadassaf%2Fcode-notes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ahmadassaf","download_url":"https://codeload.github.com/ahmadassaf/code-notes/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmadassaf%2Fcode-notes/sbom","scorecard":{"id":171901,"data":{"date":"2025-08-11","repo":{"name":"github.com/ahmadassaf/code-notes","commit":"fd95ae2e02db60a8442aee6ad8233d53b130b055"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-832h-xg76-4gv6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T16:45:57.220Z","repository_id":57202146,"created_at":"2025-08-16T16:45:57.220Z","updated_at":"2025-08-16T16:45:57.220Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271061319,"owners_count":24692508,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-18T02:00:08.743Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fixme","javascript","nodejs","notes","todo","utility"],"created_at":"2024-08-01T12:02:58.963Z","updated_at":"2025-08-18T21:14:05.656Z","avatar_url":"https://github.com/ahmadassaf.png","language":"JavaScript","readme":"# code-notes\n\ncode-notes is a node.js version of Rails' \"rake notes\" functionality. It allows you to put comments in your code and then have them annotated across your whole project.\n\ncode-notes is based on two npm modules, mainly forked from [fixme](https://github.com/JohnPostlethwait/fixme) but also inspired by [node-notes](https://github.com/stephenb/node-notes). The main differences in this module is:\n\n - Flexibility in defining the source scanning directory\n - The ability to pass exclude patterns that are compatible with [multimatch](https://github.com/sindresorhus/multimatch)\n - The ability to read exclusion list from a `.gitignore` file\n - The ability to include **only** certain path patterns to be scanned\n\nIt ends up giving you an output like this:\n\n![](http://i.imgur.com/OXsTtCZ.png)\n\ncode-notes also exits with proper error codes in case you want to use that in an integration workflow. It will terminate with an error code if any annotations are found.\n\n### Installation:\n\n    npm install code-notes -g\n\n### CLI Usage ###\n\n```sh\nnotes --help\n```\n\n### Options:\n\n```\n Usage: notes [options]\n\n  Tool to summarise all code annotation like TODO or FIXME\n\n  Options:\n\n    -h, --help               output usage information\n    -V, --version            output the version number\n    -s, --source [dir]       root directory to be included only for checks (default: current working directory)\n    -x, --patterns [dir]     Path patterns to exclude (default: include all files and directories)\n    -e, --encoding [type]    file encoding to be scanned (default: utf8)\n    -i, --include [dir]      Path patterns to include only (default: include all files and directories). Note that include patterns will overwrite any exclude patterns\n    -l, --line-length \u003cn\u003e    number of max characters a line (default: 1000)\n    -h, --ignore-hidden \u003cn\u003e  ignore hidden files (default: false)\n    -g, --git-ignore \u003cn\u003e     ignore patterns from your .gitignore file. This paramter accepts the path for the .gitIgnore file (default: false | no .gitignore is read\n```\n\n### Configure Options (In More Detail)\n\n  * **source:** The path to scan through for notes, defaults to process.cwd()\n  * **patterns:** Glob patterns for files directories to ignore. Passes these straight to [multimatch](https://github.com/sindresorhus/multimatch) so check there for more information on proper syntax.\n  * **include** Glob patterns for files or directories to be inlucded **ONLY** in the scan process. Note that any include files will overwrite any exclude patterns\n  * **ignoreHidden:** Define if you want to ignore hidden files and directories. Defaults to true as all paths will be scanned.\n  * **encoding:** The encoding the files scanned will be opened as.\n  * **lineLength:** The number of max characters a line can be before Fixme gives up and doen not scan it for matches. If a line is too long, the regular expression will take an extremely long time to finish. *You have been warned!*\n  * **gitIgnore**: Path to your `.gitignore` file. The exclusion patterns will be automatically read from there and merged with your defined patterns if found.\n\n### Deep dive into patterns\n\n#### Globbing patterns\n\n- `*` matches any number of characters, but not `/`\n- `?` matches a single character, but not `/`\n- `**` matches any number of characters, including `/`, as long as it's the only thing in a path part\n- `{}` allows for a comma-separated list of \"or\" expressions\n\nNote that you are defining exclusion patterns, no need to add the negation operator `!` in front of each pattern as it will be added automatically.\n\n#### Directories exclusion\n\nAn important thing to take into consideration when defining exclusion patterns for directories is that you need to make sure to append a trailing backslash `/` to the directory path. For example:\n\n```bash\n# Exclude node_modules\nnotes -x node_modules/\n\n# Exclude folder `src/lib`\nnotes -x src/lib/\n```\n\n\u003e This pattern should also be followed inside of your `.gitignore` file, so make sure you edit that accordingly\n\n### What It Does:\n\nFor example, if a file contained these lines somewhere in it:\n\n```\n// NOTE: This is the sample output for a note!\n// OPTIMIZE (Mr Author): This is the sample output for an optimize with an author!\n// TODO: This is the sample output for a todo!\n// HACK: This is the sample output for a hack! Don't commit hacks!\n// XXX: This is the sample output for a XXX! XXX's need attention too!\n// FIXME (Mr Author): This is the sample output for a fixme! Seriously fix this...\n// BUG: This is the sample output for a bug! Who checked in a bug?!\n```\n\nThose comments would be annotated as:\n\n```\n• path/to/your/directory/file.js [7 messages]:\n  [Line   1]  ✐ NOTE: This is here because sometimes an intermittent issue appears.\n  [Line   7]  ↻ OPTIMIZE: This could be reworked to not do a O(N2) lookup.\n  [Line   9]  ✓ TODO from Mr Author: Add a check here to ensure these are always strings.\n  [Line  24]  ✄ HACK: I am doing something here that is horrible, but it works for now...\n  [Line  89]  ✗ XXX: Let's do this better next time? It's bad.\n  [Line 136]  ☠ FIXME: We sometimes get an undefined index in this array.\n  [Line 211]  ☢ BUG: If the user inputs \"Easter\" we always output \"Egg\", even if they wanted a \"Bunny\".\n```\n\n### Example Usage\n\n```bash\n\n# Exclude any pattern inside of .gitignore file in the same path as the script is run and ignore any hidden files and folders\nnotes -g .gitignore -h true\n# Exclude any file under the src directory and node_modules and any file with .md extension\nnotes -x src/ -x -x node_modules/ -x *.md\n# Only scan .md files\nnotes -i \"*.md\"\n```\n\n\u003e **Important**: For some reason that i still cant figure out, some extensions like `.md` `.html` have to be wrapped with `\"`. So if your pattern does not seem to work at first, try to wrap it with quotes\n\n### Extending code-notes\n\ncode-notes scan for NOTE, OPTIMIZE, TODO, HACK, XXX, FIXME, and BUG comments within your source, and print them to stdout so you can deal with them. However, if you wish to define more annotations to be extracted, this can be easily done by extending the definitions in `lib/messageChecks.js`. An example for an annotation:\n\n```javascript\ntodo: {\n\tregex: /[\\/\\/][\\/\\*]\\s*TODO\\s*(?:\\(([^:]*)\\))*\\s*:?\\s*(.*)/i,\n\tlabel: ' ✓ TODO',\n\tcolorer: chalk.magenta\n}\n```\n\n#### Ignoring files\n\nCertain file extensions and directories are skipped from being scanned. They are defined in `lib/notes.js`\n\n```javascript\nconst BAD_EXTENSIONS = [\"!*.jpg\", \"!*.jpeg\", \"!*.mov\", \"!*.mp3\", \"!*.gif\", \"!*.png\", \"!*.log\", \"!*.bin\", \"!*.psd\", \"!*.swf\", \"!*.fla\", \"!*.ico\", \"!*.jar\", \"!*.war\", \"!*.ear\", \"!*.zip\", \"!*.tar.gz\", \"!*.rar\"];\nconst BAD_DIRECTORIES= [\"!.git/**\", \"!.sass-cache/**\", \"!coverage/**\"]\n```\n\nThe object should contain the following fields:\n\n - `regex`: this is used to extract the line containing the annotation\n - `label`: this defines what will be printed in the console\n - `colorer`: this controls the visual display of the message and can be customised with any valid [chalk](https://www.npmjs.com/package/chalk) option\n\n\n### Writing Comments for Use With Fixme ###\n\nA code annotation needs to follow these rules to be picked up by Fixme:\n\n  * Can be preceeded by 0 to n number of characters, this includes the comment characters // and /*\n  * Must have one of the words: NOTE, OPTIMIZE, TODO, HACK, XXX, FIXME, or BUG\n  * Can have 0 to n space characters\n  * Can have an author in parenthesis after the above word, and before a colon (:)\n  * Can have 0 to n space characters\n  * Must be followed by a colon (:)\n  * Can have 0 to n space characters\n  * Should have a message of 0 to n characters for the note\n\n#### Displaying Authors ####\n\nYou can have an author of a comment displayed via Fixme:\n\n```javascript\n// NOTE(Mr Author): This comment will be shown as a note, and have an author!\n```\n\n```shell\n  [Line 1]  ✐ NOTE from Mr Author: This comment will be shown as a note, and have an author!\n```\n","funding_links":[],"categories":["JavaScript","nodejs"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmadassaf%2Fcode-notes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fahmadassaf%2Fcode-notes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmadassaf%2Fcode-notes/lists"}