{"id":14977066,"url":"https://github.com/embroider-build/embroider","last_synced_at":"2026-04-01T17:45:55.511Z","repository":{"id":34248649,"uuid":"153275525","full_name":"embroider-build/embroider","owner":"embroider-build","description":"Compiling Ember apps into spec-compliant, modern Javascript.","archived":false,"fork":false,"pushed_at":"2026-03-27T19:17:14.000Z","size":23519,"stargazers_count":355,"open_issues_count":380,"forks_count":159,"subscribers_count":23,"default_branch":"main","last_synced_at":"2026-03-28T00:48:42.782Z","etag":null,"topics":["emberjs","hacktoberfest","vite","webpack"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/embroider-build.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-10-16T11:38:50.000Z","updated_at":"2026-03-27T15:23:16.000Z","dependencies_parsed_at":"2023-12-13T20:08:18.035Z","dependency_job_id":"b5c5117c-39d2-4194-ae65-cbd94613f18c","html_url":"https://github.com/embroider-build/embroider","commit_stats":{"total_commits":3799,"total_committers":106,"mean_commits":"35.839622641509436","dds":0.6385891023953671,"last_synced_commit":"f33728f8e2db44f0857d01bb8058e7c667b807a9"},"previous_names":[],"tags_count":603,"template":false,"template_full_name":null,"purl":"pkg:github/embroider-build/embroider","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embroider-build%2Fembroider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embroider-build%2Fembroider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embroider-build%2Fembroider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embroider-build%2Fembroider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/embroider-build","download_url":"https://codeload.github.com/embroider-build/embroider/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/embroider-build%2Fembroider/sbom","scorecard":{"id":374968,"data":{"date":"2025-08-11","repo":{"name":"github.com/embroider-build/embroider","commit":"ddd8ceaa091507d5a475f8286c0000c4a0c73a16"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":6,"reason":"Found 5/8 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/plan-release.yml:40","Info: jobLevel 'issues' permission set to 'read': .github/workflows/plan-release.yml:41","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yml:24","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/plan-release.yml:1","Warn: no topLevel permission defined: .github/workflows/publish.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing job operating system: .github/workflows/ci.yml:54","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/embroider-build/embroider/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/embroider-build/embroider/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/plan-release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/embroider-build/embroider/plan-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/plan-release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/embroider-build/embroider/plan-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/plan-release.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/embroider-build/embroider/plan-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/embroider-build/embroider/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/embroider-build/embroider/publish.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yml:20"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-vc8w-jr9v-vj7f","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-wxhq-pm8v-cw75","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c","Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T14:00:55.096Z","repository_id":34248649,"created_at":"2025-08-18T14:00:55.096Z","updated_at":"2025-08-18T14:00:55.096Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290582,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["emberjs","hacktoberfest","vite","webpack"],"created_at":"2024-09-24T13:54:59.701Z","updated_at":"2026-04-01T17:45:55.505Z","avatar_url":"https://github.com/embroider-build.png","language":"TypeScript","funding_links":[],"categories":["Libraries"],"sub_categories":["Build Tools \u0026 Modern Compilation"],"readme":"# Embroider: translating existing Ember code into spec-compliant modern JavaScript\n\n\n[![GitHub Actions CI][github-actions-badge]][github-actions-ci-url]\n\n[github-actions-badge]: https://github.com/embroider-build/embroider/workflows/CI/badge.svg\n[github-actions-ci-url]: https://github.com/embroider-build/embroider/actions?query=workflow%3ACI\n\nThis repo implements the Embroider translation layer and resolver that is used to allow modern build tooling with Ember Apps.\n\nYou can read more about the motivation and key ideas in the [intro to the SPEC](docs/spec.md).\n\n## Status / Should I Use It?\n\nThere is an accepted RFC that will [make the Embroider build system the default for all newly generated Ember apps](https://rfcs.emberjs.com/id/0977-v2-app-format) i.e. when you run `ember new my-app` it will generate an Ember app that is built with [Vite](https://vite.dev) with this Embroider resolver installed as a plugin.\n\nIf you don't want to wait until that RFC has been fully implemented you can try out the [ember-vite-codemod](https://github.com/mainmatter/ember-vite-codemod) which will guide you through updating your existing applications or you can try the current [draft blueprint for an Embroider based Ember ember app](https://github.com/embroider-build/app-blueprint) and follow the instructions on that README.\n\nEmbroider with Vite is considered production ready so you should try it out and let us know if you discover any issues with your Applications\n\n## For Addon Authors\n\nAddon authors should see [ADDON-AUTHOR-GUIDE.md](docs/addon-author-guide.md) for advice on how to get their existing addons ready for Embroider. \n\nThe [v2 Addon Format RFC](https://github.com/emberjs/rfcs/pull/507) is the official spec for the packages that Embroider natively handles. Common patterns and best practices for authoring these have been collected in the [v2 addon FAQs](./docs/v2-faq.md). For creating a new v2 addon from scratch, we recommend using our [v2 addon blueprint](https://github.com/embroider-build/addon-blueprint). For porting existing v1 addons, we refer to the [v2 porting guide](./docs/porting-addons-to-v2.md).\n\n## Options\n\nYou can pass options into Embroider by passing them into the `compatBuild` function like:\n\n```js\n// ember-cli-build.js\nconst EmberApp = require('ember-cli/lib/broccoli/ember-app');\nconst { compatBuild } = require('@embroider/compat');\n\nmodule.exports = async function (defaults) {\n  const { buildOnce } = await import('@embroider/vite');\n  let app = new EmberApp(defaults, {});\n\n  return compatBuild(app, buildOnce, {\n    staticInvokables: true, // this is the default so you don't need to set it\n    splitAtRoutes: ['route.name'], // can also be a RegExp\n  );\n};\n```\n\nThe options are documented in detail in [Core Options](https://github.com/embroider-build/embroider/blob/main/packages/core/src/options.ts) and [Compat Options](https://github.com/embroider-build/embroider/blob/main/packages/compat/src/options.ts)\n\n## Environment variables\n\nFor optional features, Embroider supports the following environment variables:\n\n- `EMBROIDER_WORKING_DIRECTORY`: by default Embroider writes internal build-time artifacts like rewritten packages to `node_modules/.embroider`. In the case of running multiple builds concurrently (e.g. building for production and test in parallel) this would cause conflicts when concurrent processes try to write into the same directory. For this case you can point each Embroider process to a different directory using this environment variable. It can be an absolute file path, or relative to the application root directory.\n\n## Compatibility\n\n### Ember version\n\nRequires Ember 3.28.11 or greater\n\n## Contributing\n\nsee [`CONTRIBUTING.md`](CONTRIBUTING.md)\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE).\n\n## Acknowledgements\n\nThanks to [Cardstack](https://github.com/cardstack) for sponsoring Embroider's development.\n\nThanks to the [Embroider Initiative](https://mainmatter.com/embroider-initiative/) sponsors for contributing to Embroider's development: \n\n- [Intercom](https://www.intercom.com/)\n- [Ticketsolve](https://www.ticketsolve.com/)\n- [Crowdstrike](https://www.crowdstrike.com/)\n- [Auditboard](https://auditboard.com/)\n- [HashiCorp](https://www.hashicorp.com/)\n- [OTA Insight](https://www.otainsight.com/)\n- [XBE](https://www.x-b-e.com/)\n- [Teamtailor](https://www.teamtailor.com/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fembroider-build%2Fembroider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fembroider-build%2Fembroider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fembroider-build%2Fembroider/lists"}