{"id":13405601,"url":"https://github.com/frappe/frappe","last_synced_at":"2026-03-11T06:01:17.996Z","repository":{"id":1542324,"uuid":"1864194","full_name":"frappe/frappe","owner":"frappe","description":"Low code web framework for real world applications, in Python and Javascript","archived":false,"fork":false,"pushed_at":"2026-03-08T20:50:04.000Z","size":638303,"stargazers_count":9778,"open_issues_count":2214,"forks_count":4717,"subscribers_count":214,"default_branch":"develop","last_synced_at":"2026-03-08T23:35:38.446Z","etag":null,"topics":["cms","email","erpnext","frappe","full-stack","javascript","low-code","mariadb","multitenant","postgres","python","rest-api","security","socket-io","web-framework","webhooks"],"latest_commit_sha":null,"homepage":"https://frappe.io/framework","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/frappe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2011-06-08T08:14:16.000Z","updated_at":"2026-03-08T19:17:53.000Z","dependencies_parsed_at":"2026-01-07T14:02:41.557Z","dependency_job_id":null,"html_url":"https://github.com/frappe/frappe","commit_stats":{"total_commits":35070,"total_committers":791,"mean_commits":"44.336283185840706","dds":0.8651268890789849,"last_synced_commit":"8260574f0d53fc3485e8f26e28ed6b48ef0b4fd1"},"previous_names":[],"tags_count":1521,"template":false,"template_full_name":null,"purl":"pkg:github/frappe/frappe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frappe%2Ffrappe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frappe%2Ffrappe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frappe%2Ffrappe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frappe%2Ffrappe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/frappe","download_url":"https://codeload.github.com/frappe/frappe/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frappe%2Ffrappe/sbom","scorecard":{"id":254823,"data":{"date":"2025-08-11","repo":{"name":"github.com/frappe/frappe","commit":"9aa265e9a2d6385815505468850398db77295705"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Code-Review","score":2,"reason":"Found 4/14 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/generate-pot-file.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/label-base-on-title.yml:10","Info: jobLevel 'contents' permission set to 'read': .github/workflows/labeller.yml:9","Info: found token with 'none' permissions: .github/workflows/on_release.yml:58","Warn: no topLevel permission defined: .github/workflows/_base-migration.yml:1","Warn: no topLevel permission defined: .github/workflows/_base-server-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/_base-type-check.yml:1","Warn: no topLevel permission defined: .github/workflows/_base-ui-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/backport.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/create-release.yml:7","Warn: no topLevel permission defined: .github/workflows/generate-pot-file.yml:1","Warn: no topLevel permission defined: .github/workflows/initiate_release.yml:1","Warn: no topLevel permission defined: .github/workflows/label-base-on-title.yml:1","Warn: no topLevel permission defined: .github/workflows/labeller.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/linters.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/on_release.yml:8","Warn: no topLevel permission defined: .github/workflows/publish-assets-develop.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/release_notes.yml:22","Warn: no topLevel permission defined: .github/workflows/run-indinvidual-tests.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/server-tests.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/ui-tests.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-migration.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-migration.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_base-migration.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-migration.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-server-tests.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-server-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-server-tests.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-server-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_base-server-tests.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-server-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-type-check.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-type-check.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-type-check.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-type-check.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-type-check.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-type-check.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-type-check.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-type-check.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-type-check.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-type-check.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-ui-tests.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-ui-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-ui-tests.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-ui-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_base-ui-tests.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-ui-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-ui-tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-ui-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_base-ui-tests.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-ui-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_base-ui-tests.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/_base-ui-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/backport.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/create-release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/create-release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-pot-file.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/generate-pot-file.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-pot-file.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/generate-pot-file.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/initiate_release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/initiate_release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-base-on-title.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/label-base-on-title.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeller.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/labeller.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeller.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/labeller.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linters.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/linters.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/lock.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on_release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/on_release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on_release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/on_release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on_release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/on_release.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/on_release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/on_release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on_release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/on_release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-assets-develop.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/publish-assets-develop.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-assets-develop.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/publish-assets-develop.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-assets-develop.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/publish-assets-develop.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-assets-develop.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/publish-assets-develop.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-indinvidual-tests.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/run-indinvidual-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-indinvidual-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/run-indinvidual-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-indinvidual-tests.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/run-indinvidual-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-indinvidual-tests.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/run-indinvidual-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-indinvidual-tests.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/run-indinvidual-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-indinvidual-tests.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/run-indinvidual-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-indinvidual-tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/run-indinvidual-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/server-tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/server-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/server-tests.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/server-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/server-tests.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/server-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/server-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/server-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/server-tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/server-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ui-tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/ui-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ui-tests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/ui-tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ui-tests.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/ui-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ui-tests.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/ui-tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ui-tests.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/frappe/frappe/ui-tests.yml/develop?enable=pin","Warn: pipCommand not pinned by hash: .github/helper/update_pot_file.sh:7","Warn: pipCommand not pinned by hash: .github/workflows/_base-migration.yml:113","Warn: pipCommand not pinned by hash: .github/workflows/_base-migration.yml:114","Warn: pipCommand not pinned by hash: .github/workflows/_base-migration.yml:123","Warn: npmCommand not pinned by hash: .github/workflows/_base-type-check.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/_base-type-check.yml:83","Warn: pipCommand not pinned by hash: .github/workflows/_base-type-check.yml:84","Warn: npmCommand not pinned by hash: .github/workflows/backport.yml:21","Warn: npmCommand not pinned by hash: .github/workflows/create-release.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/linters.yml:96","Warn: npmCommand not pinned by hash: .github/workflows/linters.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/linters.yml:51","Warn: pipCommand not pinned by hash: .github/workflows/linters.yml:71","Warn: npmCommand not pinned by hash: .github/workflows/on_release.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/on_release.yml:33","Warn: npmCommand not pinned by hash: .github/workflows/publish-assets-develop.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/publish-assets-develop.yml:26","Info:   0 out of  51 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  13 third-party GitHubAction dependencies pinned","Info:   0 out of  11 pipCommand dependencies pinned","Info:   0 out of   6 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/create-release.yml:10"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-vc8w-jr9v-vj7f","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-4943-9vgg-gr5r","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T09:23:35.335Z","repository_id":1542324,"created_at":"2025-08-17T09:23:35.335Z","updated_at":"2025-08-17T09:23:35.335Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30372534,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"online","status_checked_at":"2026-03-11T02:00:07.027Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cms","email","erpnext","frappe","full-stack","javascript","low-code","mariadb","multitenant","postgres","python","rest-api","security","socket-io","web-framework","webhooks"],"created_at":"2024-07-30T19:02:06.345Z","updated_at":"2026-03-11T06:01:17.973Z","avatar_url":"https://github.com/frappe.png","language":"Python","funding_links":[],"categories":["Python","Uncategorized","POS AWESOME","Open Source","Misc","javascript","security","cms","🌐 Web Development - Full-Stack"],"sub_categories":["Uncategorized","Dependencies:","Frameworks:"],"readme":"\u003cdiv align=\"center\" markdown=\"1\"\u003e\n\t\u003cimg src=\".github/framework-logo-new.svg\" width=\"80\" height=\"80\"/\u003e\n\t\u003ch1\u003eFrappe Framework\u003c/h1\u003e\n\n **Low Code Web Framework For Real World Applications, In Python And JavaScript**\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\t\u003ca target=\"_blank\" href=\"LICENSE\" title=\"License: MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-MIT-success.svg\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://codecov.io/gh/frappe/frappe\"\u003e\u003cimg src=\"https://codecov.io/gh/frappe/frappe/branch/develop/graph/badge.svg?token=XoTa679hIj\"/\u003e\u003c/a\u003e\n\u003c/div\u003e\n\u003cdiv align=\"center\"\u003e\n\t\u003cimg src=\".github/hero-image.png\" alt=\"Hero Image\" /\u003e\n\u003c/div\u003e\n\u003cdiv align=\"center\"\u003e\n    \u003ca href=\"https://frappe.io/framework\"\u003eWebsite\u003c/a\u003e\n    -\n    \u003ca href=\"https://docs.frappe.io/framework\"\u003eDocumentation\u003c/a\u003e\n\u003c/div\u003e\n\n## Frappe Framework\nFull-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Built for ERPNext.\n\n## Philosophy\n\n\u003e The best code is the one that is not written\n\nStarted in 2005, Frappe Framework was inspired by the Semantic Web. The \"big idea\" behind semantic web was of a framework that not only described how information is shown (like headings, body etc), but also what it means, like name, address etc.\n\nBy creating a web framework that allowed for easy definition of metadata, it made building complex applications easy. Applications are usually designed around how users interact with a system, but not based on semantics of the underlying system. Applications built on semantics end up being much more consistent and extensible. \n\nThe first application built on Framework was ERPNext, a beast with more than 700 object types. Framework is not for the light hearted - it is not the first thing you might want to learn if you are beginning to learn web programming, but if you are ready to do real work, then Framework is the right tool for the job.\n\n### Key Features\n\n- **Full-Stack Framework**: Frappe covers both front-end and back-end development, allowing developers to build complete applications using a single framework.\n\n- **Built-in Admin Interface**: Provides a pre-built, customizable admin dashboard for managing application data, reducing development time and effort.\n\n- **Role-Based Permissions**: Comprehensive user and role management system to control access and permissions within the application.\n\n- **REST API**: Automatically generated RESTful API for all models, enabling easy integration with other systems and services.\n\n- **Customizable Forms and Views**: Flexible form and view customization using server-side scripting and client-side JavaScript.\n\n- **Report Builder**: Powerful reporting tool that allows users to create custom reports without writing any code.\n\n\u003cdetails\u003e\n\u003csummary\u003eScreenshots\u003c/summary\u003e\n\n![List View](.github/fw-list-view.png)\n![Form View](.github/fw-form-view.png)\n![Role Permission Manager](.github/fw-rpm.png)\n\u003c/details\u003e\n\n## Production Setup\n\n### Managed Hosting\n\nYou can try [Frappe Cloud](https://frappecloud.com), a simple, user-friendly and sophisticated [open-source](https://github.com/frappe/press) platform to host Frappe applications with peace of mind.\n\nIt takes care of installation, setup, upgrades, monitoring, maintenance and support of your Frappe deployments. It is a fully featured developer platform with an ability to manage and control multiple Frappe deployments.\n\n\u003cdiv\u003e\n    \u003ca href=\"https://frappecloud.com/\" target=\"_blank\"\u003e\n        \u003cpicture\u003e\n            \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://frappe.io/files/try-on-fc-white.png\"\u003e\n            \u003cimg src=\"https://frappe.io/files/try-on-fc-black.png\" alt=\"Try on Frappe Cloud\" height=\"28\" /\u003e\n        \u003c/picture\u003e\n    \u003c/a\u003e\n\u003c/div\u003e\n\n### Self Hosting\n\n### Docker\nPrerequisites: docker, docker-compose, git. Refer [Docker Documentation](https://docs.docker.com) for more details on Docker setup.\n\nRun the following commands:\n\n```\ngit clone https://github.com/frappe/frappe_docker\ncd frappe_docker\ndocker compose -f pwd.yml up -d\n```\n\nAfter a couple of minutes, site should be accessible on your localhost port: 8080. Use below default login credentials to access the site.\n- Username: Administrator\n- Password: admin\n\nSee [Frappe Docker](https://github.com/frappe/frappe_docker?tab=readme-ov-file#to-run-on-arm64-architecture-follow-this-instructions) for ARM based docker setup.\n\n## Development Setup\n### Manual Install\n\nThe Easy Way: our install script for bench will install all dependencies (e.g. MariaDB). See https://github.com/frappe/bench for more details.\n\nNew passwords will be created for the Frappe \"Administrator\" user, the MariaDB root user, and the frappe user (the script displays the passwords and saves them to ~/frappe_passwords.txt).\n\n### Local\n\nTo setup the repository locally follow the steps mentioned below:\n\n1. Setup bench by following the [Installation Steps](https://docs.frappe.io/framework/user/en/installation) and start the server\n   ```\n   bench start\n   ```\n\n2. In a separate terminal window, run the following commands:\n   ```\n   # Create a new site\n   bench new-site frappe.localhost\n   ```\n\n3. Open the URL `http://frappe.localhost:8000/app` in your browser, you should see the app running\n\n## Learning and community\n\n1. [Frappe School](https://frappe.school) - Learn Frappe Framework and ERPNext from the various courses by the maintainers or from the community.\n2. [Official documentation](https://docs.frappe.io/framework) - Extensive documentation for Frappe Framework.\n3. [Discussion Forum](https://discuss.frappe.io/) - Engage with community of Frappe Framework users and service providers.\n4. [buildwithhussain.com](https://buildwithhussain.com) - Watch Frappe Framework being used in the wild to build world-class web apps.\n\n## Contributing\n\n1. [Issue Guidelines](https://github.com/frappe/erpnext/wiki/Issue-Guidelines)\n1. [Report Security Vulnerabilities](https://frappe.io/security)\n1. [Pull Request Requirements](https://github.com/frappe/erpnext/wiki/Contribution-Guidelines)\n2. [Translations](https://crowdin.com/project/frappe)\n\n\u003cbr\u003e\n\u003cbr\u003e\n\u003cdiv align=\"center\"\u003e\n\t\u003ca href=\"https://frappe.io\" target=\"_blank\"\u003e\n\t\t\u003cpicture\u003e\n\t\t\t\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://frappe.io/files/Frappe-white.png\"\u003e\n\t\t\t\u003cimg src=\"https://frappe.io/files/Frappe-black.png\" alt=\"Frappe Technologies\" height=\"28\"/\u003e\n\t\t\u003c/picture\u003e\n\t\u003c/a\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrappe%2Ffrappe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffrappe%2Ffrappe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrappe%2Ffrappe/lists"}