{"id":22787334,"url":"https://github.com/aserto-dev/aserto-spa-js","last_synced_at":"2026-02-05T10:07:58.619Z","repository":{"id":44947204,"uuid":"323215197","full_name":"aserto-dev/aserto-spa-js","owner":"aserto-dev","description":"Aserto single-page application javascript SDK","archived":false,"fork":false,"pushed_at":"2024-12-16T08:23:10.000Z","size":448,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-21T16:55:00.744Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aserto-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-21T02:56:16.000Z","updated_at":"2024-12-16T08:23:15.000Z","dependencies_parsed_at":"2025-01-01T16:45:04.684Z","dependency_job_id":"e3ca4116-69e6-458f-8e12-8f19ce5780e2","html_url":"https://github.com/aserto-dev/aserto-spa-js","commit_stats":{"total_commits":75,"total_committers":3,"mean_commits":25.0,"dds":0.06666666666666665,"last_synced_commit":"932af09a88b3cc4744bf0c19471e4531ac4388db"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aserto-dev/aserto-spa-js","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aserto-dev%2Faserto-spa-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aserto-dev%2Faserto-spa-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aserto-dev%2Faserto-spa-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aserto-dev%2Faserto-spa-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aserto-dev","download_url":"https://codeload.github.com/aserto-dev/aserto-spa-js/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aserto-dev%2Faserto-spa-js/sbom","scorecard":{"id":211293,"data":{"date":"2025-08-11","repo":{"name":"github.com/aserto-dev/aserto-spa-js","commit":"dbb2e00d924869f60b42c6b7fb175fe64c04065f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":1,"reason":"Found 2/19 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T00:48:43.256Z","repository_id":44947204,"created_at":"2025-08-17T00:48:43.256Z","updated_at":"2025-08-17T00:48:43.256Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29119221,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T09:40:36.738Z","status":"ssl_error","status_checked_at":"2026-02-05T09:36:49.977Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-12T00:54:05.483Z","updated_at":"2026-02-05T10:07:58.566Z","avatar_url":"https://github.com/aserto-dev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Aserto single-page application JavaScript SDK\n\nLoosely modeled after the [Auth0 SPA SDK](https://github.com/auth0/auth0-spa-js).\n\n## Installation\n\nUsing [npm](https://npmjs.org):\n\n```sh\nnpm install @aserto/aserto-spa-js\n```\n\nUsing [yarn](https://yarnpkg.com):\n\n```sh\nyarn add @aserto/aserto-spa-js\n```\n\n## Getting Started\n\n### Creating the client\n\nCreate an `AsertoClient` instance before rendering or initializing your application. You should only have one instance of the client.\n\nYou need a valid access token before you can instantiate the client. For \nthe next few examples, the `accessToken` variable is assumed to contain a \nvalid access token. \n\nTo obtain one via Auth0 (for example), use code like this:\n\n```js\n// get a valid access token, e.g. from Auth0 getTokenSilently()\nimport createAuth0Client from '@auth0/auth0-spa-js';\nconst auth0 = await createAuth0Cient(\n  domain: '\u003cAUTH0_DOMAIN\u003e',\n  client_id: '\u003cAUTH0_CLIENT_ID\u003e',\n  redirect_uri: '\u003cMY_CALLBACK_URL\u003e'\n);\nconst accessToken = await auth0.getTokenSilently();\n```\n\nCreate an `AsertoClient` in the following way:\n\n```js\nimport createAsertoClient from '@aserto/aserto-spa-js';\n\nconst aserto = await createAsertoClient({\n  accessToken: accessToken,  // valid access token\n  serviceUrl: 'https://service-url', // defaults to window.location.origin\n  policyRoot: 'policyRoot',        // policy root specified in the policy manifest\n  endpoint: '/__displaystatemap'   // access map endpoint, defaults to /__displaystatemap\n});\n\n// or you can just instantiate the client on its own\nimport { AsertoClient } from '@aserto/aserto-spa-js';\n\nconst aserto = new AsertoClient({\n  accessToken: accessToken,\n  serviceUrl: 'https://service-url', // defaults to window.location.origin\n  policyRoot: 'policyRoot',        // policy root specified in the policy manifest\n  endpoint: '/__displaystatemap' // access map endpoint, defaults to  /__displaystatemap\n});\n\n// explicitly load \nawait aserto.reload();\n```\n\n## Usage \n\n### createAsertoClient(options, body) \n\nCreate an `AsertoClient` with the `options` provided, and pass the optional `body` \nto the `reload(body)` call that initializes the client.\n\n### displayStateMap() \n\nRetrieves a JavaScript object that holds the display state map\n\n```js\nconsole.log(aserto.displayStateMap());\n```\n\n### getDisplayState('method', 'path', 'policyRoot')\n\nRetrieves the display state associated with a specific resource.\n\nBy convention, the `method` argument is an HTTP method (GET, POST, PUT, DELETE), and the `path` argument is in the form `/path/to/resource`. It may contain a `__id` component to indicate an parameter - for example, `/mycars/__id`.\n\nWhen both `method` and `path` are provided, the key into the `displayStateMap` is \nconstructed as `\u003cpolicyRoot\u003e/\u003cMETHOD\u003e/\u003cpath\u003e`. If the optional `policyRoot` argument is \nprovided, it overrides the `policyRoot` argument passed to `init()`.\n\nFinally, if only the `method` argument is passed in, it is assumed to be a key into the `displayStateMap` (typically in the form of `\u003cpolicyRoot\u003e/\u003cMETHOD\u003e/\u003cpath/to/resource\u003e`).\n\nThe returned map will be in the following format: \n```js\n{\n  visible: true,\n  enabled: false,\n}\n```\n\nCheck whether a verb / path combination is visible and enabled:\n```js\nconst method = 'GET';\nconst path = '/api/path';\nconst displayState = aserto.getDisplayState(method, path));\nconst isVisible = displayState.visible;\nconst isEnabled = displayState.enabled;\n```\n\nLog the display state values for each verb for the path:\n```js\nconst path = '/api/path';\nfor (const verb of ['GET', 'POST', 'PUT', 'DELETE']) {\n  const resource = aserto.getDisplayState(verb, path));\n  for (const value of ['visible', 'enabled']) {\n    console.log(`${verb} ${path} ${value} is ${resource[verb][value]}`);\n  }\n}\n```\n\n### reload(body, headers)\n\nIf the `body` parameter is supplied, it is passed as the body of the POST call to \nthe `__displaystatemap` API.\n\nIf the `headers` parameter is supplied, these are provided as headers to the POST call to \nthe `__displaystatemap` API.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faserto-dev%2Faserto-spa-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faserto-dev%2Faserto-spa-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faserto-dev%2Faserto-spa-js/lists"}