{"id":20742408,"url":"https://github.com/expressjs/codemod","last_synced_at":"2026-01-16T07:05:20.623Z","repository":{"id":263147756,"uuid":"888758581","full_name":"expressjs/codemod","owner":"expressjs","description":"Codemods for updating express servers","archived":false,"fork":false,"pushed_at":"2026-01-13T16:36:16.000Z","size":187,"stargazers_count":16,"open_issues_count":3,"forks_count":9,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-01-13T18:18:25.688Z","etag":null,"topics":["ast-grep","codemods","express","expressjs","migrations"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/expressjs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"open_collective":"express"}},"created_at":"2024-11-15T00:33:56.000Z","updated_at":"2026-01-13T17:10:12.000Z","dependencies_parsed_at":"2026-01-08T00:08:29.231Z","dependency_job_id":null,"html_url":"https://github.com/expressjs/codemod","commit_stats":null,"previous_names":["expressjs/codemod"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/expressjs/codemod","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expressjs%2Fcodemod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expressjs%2Fcodemod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expressjs%2Fcodemod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expressjs%2Fcodemod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/expressjs","download_url":"https://codeload.github.com/expressjs/codemod/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expressjs%2Fcodemod/sbom","scorecard":{"id":1239393,"data":{"date":"2025-10-27T21:23:20Z","repo":{"name":"github.com/expressjs/codemod","commit":"1c27679d7a3b41df497b181a85ecf5555deff2f7"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":6.6,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Code-Review","score":8,"reason":"Found 15/17 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/generate-readme.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/generate-readme.yml:13","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:19"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/codemod/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/codemod/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/codemod/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/codemod/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-readme.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/codemod/generate-readme.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-readme.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/codemod/generate-readme.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate-readme.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/codemod/generate-readme.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:36","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:68","Warn: npmCommand not pinned by hash: .github/workflows/generate-readme.yml:32","Info:   6 out of  12 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 29 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/expressjs/.github/SECURITY.md:1","Info: Found linked content: github.com/expressjs/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/expressjs/.github/SECURITY.md:1","Info: Found text in security policy: github.com/expressjs/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Contributors","score":10,"reason":"project has 8 contributing companies or organizations","details":["Info: found contributions from: expressjs, jshttp, nodejs, olx, openjs-foundation, pillarjs, pkgjs, webpack"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":9,"reason":"29 out of 30 merged PRs checked by a CI test -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-10-31T23:28:53.219Z","repository_id":263147756,"created_at":"2025-10-31T23:28:53.220Z","updated_at":"2025-10-31T23:28:53.220Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478004,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ast-grep","codemods","express","expressjs","migrations"],"created_at":"2024-11-17T07:03:37.319Z","updated_at":"2026-01-16T07:05:20.613Z","avatar_url":"https://github.com/expressjs.png","language":"TypeScript","funding_links":["https://opencollective.com/express"],"categories":["TypeScript"],"sub_categories":[],"readme":"# @expressjs/codemod\n\n[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]\n\nExpress.js provides Codemod transforms to help you upgrade your express server when a feature is deprecated or removed.\n\nCodemods are transformations that run on your codebase programmatically. This allows for a large amount of changes to be applied without having to manually go through every file.\n\n## Usage\n\n### From Registry\n\nWith the codemod CLI you can run a workflow from the Codemod Registry. Replace `\u003ccodemod\u003e` with the name of the codemod you want to run:\n\n```sh\nnpx codemod @expressjs/\u003ccodemod\u003e\n```\n\nFor see the list of available codemods, visit the [Express.js Codemod Registry](https://codemod.link/express).\n\n### From source\n\nYou can also clone the repository and run the codemods locally. First, clone the repository:\n\n```sh\ngit clone https://github.com/expressjs/codemod.git\ncd /path/to/your-project\nnpx codemod workflow run -w /path/to/codemod/codemods/\u003crecipe\u003e/workflow.yaml\n```\n\nSee the [codemod CLI doc](https://docs.codemod.com/cli) for a full list of available commands.\n\n##  Contributing\n\nThe Express.js project welcomes all constructive contributions. Contributions take many forms,\nfrom code for bug fixes and enhancements, to additions and fixes to documentation, additional\ntests, triaging incoming pull requests and issues, and more!\n\nSee the [Contributing Guide](https://github.com/expressjs/codemod/blob/main/CONTRIBUTING.md) for more technical details on contributing.\n\n\n## License\n\n[MIT](LICENSE)\n\n[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/codemod/badge\n[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/codemod","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexpressjs%2Fcodemod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexpressjs%2Fcodemod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexpressjs%2Fcodemod/lists"}