{"id":22076496,"url":"https://github.com/codecademy/client-modules","last_synced_at":"2025-10-04T16:41:51.452Z","repository":{"id":35153102,"uuid":"414593867","full_name":"Codecademy/client-modules","owner":"Codecademy","description":"Shared node modules for codecademy.com \u0026 co","archived":false,"fork":false,"pushed_at":"2025-07-02T16:28:01.000Z","size":141219,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":15,"default_branch":"main","last_synced_at":"2025-09-16T15:28:34.352Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Codecademy.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-10-07T12:33:48.000Z","updated_at":"2025-05-14T19:16:12.000Z","dependencies_parsed_at":"2023-12-11T20:25:14.571Z","dependency_job_id":"19683d87-78b6-4970-bea5-1b5e70611659","html_url":"https://github.com/Codecademy/client-modules","commit_stats":{"total_commits":1505,"total_committers":55,"mean_commits":"27.363636363636363","dds":0.6305647840531561,"last_synced_commit":"3121fcf884bf59b7867e668c3ca77ac66a814039"},"previous_names":[],"tags_count":83,"template":false,"template_full_name":null,"purl":"pkg:github/Codecademy/client-modules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codecademy%2Fclient-modules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codecademy%2Fclient-modules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codecademy%2Fclient-modules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codecademy%2Fclient-modules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Codecademy","download_url":"https://codeload.github.com/Codecademy/client-modules/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codecademy%2Fclient-modules/sbom","scorecard":{"id":31625,"data":{"date":"2025-08-11","repo":{"name":"github.com/Codecademy/client-modules","commit":"5b484ba47c0d64958eeae4b4be4167ba0bf6b3ce"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":1,"reason":"Found 4/22 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/dependabot-automerge.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/publish.yml:12","Warn: topLevel 'actions' permission set to 'write': .github/workflows/publish.yml:15","Warn: topLevel 'checks' permission set to 'write': .github/workflows/publish.yml:16","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/publish.yml:17","Warn: no topLevel permission defined: .github/workflows/push.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-automerge.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/Codecademy/client-modules/dependabot-automerge.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Codecademy/client-modules/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/Codecademy/client-modules/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Codecademy/client-modules/push.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Codecademy/client-modules/stale.yml/main?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":2,"reason":"SAST tool is not run on all commits -- score normalized to 2","details":["Warn: 4 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"27 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-q8pj-2vqx-8ggc","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T19:14:52.158Z","repository_id":35153102,"created_at":"2025-08-14T19:14:52.158Z","updated_at":"2025-08-14T19:14:52.158Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278343072,"owners_count":25971399,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-30T22:14:53.135Z","updated_at":"2025-10-04T16:41:51.414Z","avatar_url":"https://github.com/Codecademy.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CLIENT MODULES\n\n_Shared node modules for codecademy.com \u0026 co_\n\n---\n\n[![CircleCI](https://circleci.com/gh/Codecademy/client-modules.svg?style=svg\u0026circle-token=3d9adfca5a8b44e7297ceb18e032e89a11d223a2)](https://circleci.com/gh/Codecademy/client-modules)\n\nThis repository is a monorepo that we manage using [Lerna](https://lernajs.io/). That means that we publish several packages to npm from the same codebase, including:\n\n## Local development\n\n1.  Run `yarn` in the root directory\n1.  Run `yarn build`\n\n### Publishing Modules\n\n1.  Make your changes in a feature branch, and get another engineer to review your code\n1.  At this time, determine what kind of version bump your changes will require and add the appropriate label to your PR\n    - If your changes are backwards compatible, you can use a `release/patch` or `release/minor` version label\n    - If your changes are not backwards compatible, you will need to use a `release/major` version label\n1.  After your code has been reviewed and tested, you can merge your branch into main.\n1.  Make sure to update the release notes section in your PR description, this will end up in the changelog\n1.  You can now merge your changes\n1.  Once your branch is merged into main, it will be published automatically by Github Actions\n1.  You can find the new version number on npmjs.com/package/\u003cpackage-name\u003e, or find it in that package's `package.json` on the `main` branch\n\n### Publishing an alpha version of a module\n\nEvery PR that changes files in a package publishes alpha releases that you can use to test your changes across applications.\n\n1.  Create a PR or Draft PR.\n    - This will kickoff a Github Actions workflow which will publish an alpha build.\n1.  After the alpha build is published, the description of your PR should update with the latest versions of the packages that were published.\n1.  Install this version of the package in your application you wish to test your changes on.\n\n### Working with pre-published changes\n\nFor quicker development cycles, it's possible to run a pre-published version of a client-modules package in another project.\nWe do that using symlinks (the following instructions assume you have set up and built client-modules):\n\n1. `cd /path/to/client-modules/packages/eslint-config`\n1. `yarn link`\n1. `cd path/to/other/repo`\n1. `yarn link @codecademy/eslint-config`\n1. `yarn install`\n\n### Adding a New Package\n\n1. Create a new directory at `packages/\u003cpackage-name\u003e/package.json`.\n1. Use `yarn lerna create` to create the new package, copying values from existing `package.json`s when unsure.\n   - Also copy the `publishConfig` field to let your published package be public by default\n1. Create a minimal amount of source code in the new package\n   - Example: a simple `tsconfig.json` with a `index.ts` exporting a single object\n1. Run `yarn lerna bootstrap` from the repository root\n1. Send a `feat` PR adding that package\n1. One merged, message out in our #frontend Slack channel to other client-modules developers to re-run `yarn lerna bootstrap` after they merge from `main`\n\n**Turborepo**\n\nThis monorepo uses [Turborepo](https://turborepo.org/) to cache previous builds locally and in CI.\n\nThe config for Turborepo is located at [/turbo.json](/turbo.json).\n\nTo use Turborepo without extra configuration, if your package needs to be compiled, it should have a task called `build` that compiles it's files and puts them into a directory called `dist` inside the package directory. If you need a more complicated setup, you can read the docs and customize the configuration in `turbo.json`.\n\n#### Breaking Changes Release Process\n\nBecause client-modules is a separate repository from its consumers, it can be tricky to coordinate technically breaking changes.\nIf your changes will require changes in any downstream repositories:\n\n1. Create a PR in client-modules to create alpha package versions\n2. Create PRs in the repositories using those alpha package versions\n3. Update each downstream PR description to link to the client-modules PR, and vice versa\n4. Once all PRs have been approved, merge your client-modules PR first\n5. Update your repository PRs to use the new (non-alpha) package versions once published\n6. Merge your repository PRs\n\nThis process minimizes the likelihood of accidental breaking changes in client-modules negatively affecting development on our other repositories.\n\n**Release Notes**\n\nThis section of the PR description will be used to generate the changelog for the package(s) you changed.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodecademy%2Fclient-modules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodecademy%2Fclient-modules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodecademy%2Fclient-modules/lists"}