{"id":48301373,"url":"https://github.com/atoms-studio/commercelayer-webhooks","last_synced_at":"2026-04-04T23:47:55.910Z","repository":{"id":35190407,"uuid":"216799051","full_name":"atoms-studio/commercelayer-webhooks","owner":"atoms-studio","description":"Parse and validate Commerce Layer webhooks","archived":false,"fork":false,"pushed_at":"2023-01-05T02:35:28.000Z","size":500,"stargazers_count":3,"open_issues_count":17,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-11-17T03:25:11.905Z","etag":null,"topics":["commercelayer","lambda","lambda-functions","webhooks"],"latest_commit_sha":null,"homepage":"https://docs.commercelayer.io/api/resources/webhooks","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atoms-studio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-22T11:39:00.000Z","updated_at":"2022-09-17T09:07:05.000Z","dependencies_parsed_at":"2023-01-15T15:49:50.817Z","dependency_job_id":null,"html_url":"https://github.com/atoms-studio/commercelayer-webhooks","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/atoms-studio/commercelayer-webhooks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atoms-studio%2Fcommercelayer-webhooks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atoms-studio%2Fcommercelayer-webhooks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atoms-studio%2Fcommercelayer-webhooks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atoms-studio%2Fcommercelayer-webhooks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atoms-studio","download_url":"https://codeload.github.com/atoms-studio/commercelayer-webhooks/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atoms-studio%2Fcommercelayer-webhooks/sbom","scorecard":{"id":215378,"data":{"date":"2025-08-11","repo":{"name":"github.com/atoms-studio/commercelayer-webhooks","commit":"6967962685caab3d378386d4b4d5be4fe14cb26d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/3 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"61 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-6chw-6frg-f759","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-xw5p-hw6r-2j98","Warn: Project is vulnerable to: GHSA-jgrh-5m3h-9c5f","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3","Warn: Project is vulnerable to: MAL-2023-462","Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv","Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8","Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65","Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T01:34:02.286Z","repository_id":35190407,"created_at":"2025-08-17T01:34:02.286Z","updated_at":"2025-08-17T01:34:02.286Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31419548,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T20:09:54.854Z","status":"ssl_error","status_checked_at":"2026-04-04T20:09:44.350Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["commercelayer","lambda","lambda-functions","webhooks"],"created_at":"2026-04-04T23:47:55.162Z","updated_at":"2026-04-04T23:47:55.896Z","avatar_url":"https://github.com/atoms-studio.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Commerce Layer webhooks\nVerify and parse Commerce Layer webhooks.\n\n## Installation\n\n```bash\nnpm i commercelayer-webhooks\n```\n```bash\nyarn add commercelayer-webhooks\n```\n\n## Usage\nPass the request object along with the secret key provided by the Commerce Layer webhook interface.\n\n```js\nconst Webhook = require('commercelayer-webhooks')\n\n/**\n * AWS Lambda / Netlify function\n */\nmodule.exports = async function(event, context) {\n  const { topic, resource } = await Webhook.handle(event, 'webhook secret')\n  // ...handle topic and resource\n}\n\n/**\n * Express\n */\napp.get('/webhooks', async (req, res) =\u003e {\n  const { topic, resource } = await Webhook.handle(req, 'webhook secret')\n  // ...handle topic and resource\n})\n```\nFor more examples with different frameworks, check out the [examples folder](https://github.com/atoms-studio/commercelayer-webhooks/tree/master/examples)\n\n## Signature verification\nSignature verification is enabled by default and a `SignatureVerificationError` will be thrown if the verification process fails.\nYou can catch the error to handle the failure manually.\n```js\nconst Webhook = require('commercelayer-webhooks')\n\nmodule.exports = async function(event, context) {\n\n  try {\n    const { topic, resource } = await Webhook.handle(event, 'webhook secret')\n    // ...handle topic and resource\n  } catch ((err) =\u003e {\n    if (error instanceof Webhook.SignatureVerificationError) {\n      return {\n        status: 400,\n        body: error.message,\n      }\n    }\n\n    // Throw the error again if not a SignatureVerificationError\n    throw err\n  })\n}\n```\n\n### Skipping signature verification\nYou can skip signature verification by passing a third argument as `false` to the handler.\n\n```js\nconst Webhook = require('commercelayer-webhooks')\n\nmodule.exports = async function(event, context) {\n\n  const { topic, resource } = await Webhook.handle(event, 'webhook secret', false)\n  // ...handle topic and resource\n}\n```\n\n## API\n\n#### Webhook.handle(request, secret, verify = true)\n\n| Argument | Type    | Description                                                                                                                                                                                                                   |   |   |\n|----------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---|---|\n| request  | Object  | The request object that contains the webhook information. It needs to have a `headers` property containing all the request headers, and at least one of `body`, `rawBody` or `payload` properties containing the webhook payload __as string__. |   |   |\n| secret   | String  | The webhook secret found in the Commerce Layer webhook interface.                                                                                                                                                             |   |   |\n| verify   | Boolean | Enable or disable signature verification. Defaults to `true`.\n\nThe function returns a promise that resolves with the following object:\n\n```js\n{\n  topic: 'topic sent by the webhook',\n  resource: {\n    // An object representing a Commerce Layer resource. \n    // The object properties depend on the topic received\n  }\n}\n```\n\n----\n\n#### Webhook.SignatureVerificationError\n\nThis is the error thrown when the signature verification fails. It contains the following properties:\n\n| Name      | Type   | Description                                                    |   |   |\n|-----------|--------|----------------------------------------------------------------|---|---|\n| message   | String | The standard error messsage. It is always \"Signature mismatch\" |   |   |\n| signature | String | The signature sent by the webhook.                             |   |   |\n| body      | String | The body sent by the webhook.                                  |   |   |\n\n# Contributing\n\nPlease read [CONTRIBUTING.md](https://github.com/atoms-studio/commercelayer-webhooks/blob/master/CONTRIBUTING.md)\n\n# License\n\n[MIT](https://github.com/atoms-studio/commercelayer-webhooks/blob/master/LICENSE)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatoms-studio%2Fcommercelayer-webhooks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatoms-studio%2Fcommercelayer-webhooks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatoms-studio%2Fcommercelayer-webhooks/lists"}