{"id":20820622,"url":"https://github.com/hubgit/passport-orcid","last_synced_at":"2025-09-08T00:07:18.780Z","repository":{"id":27428475,"uuid":"113871482","full_name":"hubgit/passport-orcid","owner":"hubgit","description":null,"archived":false,"fork":false,"pushed_at":"2022-02-12T03:16:33.000Z","size":131,"stargazers_count":3,"open_issues_count":6,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-31T04:56:19.782Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/passport-orcid","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hubgit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-11T14:52:08.000Z","updated_at":"2025-03-19T21:41:05.000Z","dependencies_parsed_at":"2022-08-07T12:16:42.335Z","dependency_job_id":null,"html_url":"https://github.com/hubgit/passport-orcid","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/hubgit/passport-orcid","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubgit%2Fpassport-orcid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubgit%2Fpassport-orcid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubgit%2Fpassport-orcid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubgit%2Fpassport-orcid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hubgit","download_url":"https://codeload.github.com/hubgit/passport-orcid/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hubgit%2Fpassport-orcid/sbom","scorecard":{"id":471925,"data":{"date":"2025-08-11","repo":{"name":"github.com/hubgit/passport-orcid","commit":"339fd5b9171440975f47a77d835399ba61165927"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":0,"reason":"Found 1/11 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"17 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-f794-r6xc-hf3v","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T14:07:58.968Z","repository_id":27428475,"created_at":"2025-08-19T14:07:58.968Z","updated_at":"2025-08-19T14:07:58.968Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274113090,"owners_count":25224335,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T22:09:40.600Z","updated_at":"2025-09-08T00:07:18.760Z","avatar_url":"https://github.com/hubgit.png","language":"JavaScript","readme":"# passport-orcid\n\n[Passport](http://passportjs.org/) strategy for authenticating with [ORCID](https://orcid.org/) using the OAuth 2.0 API.\n\nThis module lets you authenticate using ORCID in your Node.js applications. By plugging into Passport, ORCID authentication can be easily and unobtrusively integrated into any application or framework that supports [Connect](http://www.senchalabs.org/connect/)-style middleware, including [Express](http://expressjs.com/).\n\n## Install\n\n```bash\n$ npm install passport-orcid\n```\n\n## Usage\n\n#### Create an Application\n\nBefore using `passport-orcid`, you must register an application with ORCID. If you have not already done so, a new project can be created using [ORCID's Developer Tools](http://support.orcid.org/knowledgebase/articles/343182). Your application will be issued a client ID and client secret, which need to be provided to the strategy. You will also need to configure a redirect URI which matches the route in your application.\n\n#### Configure Strategy\n\nThe ORCID authentication strategy authenticates users using a ORCID account and OAuth 2.0 tokens.  The client ID and secret obtained when creating an application are supplied as options when creating the strategy.  The strategy also requires a `verify` callback, which receives the access token and optional refresh token, as well as `params` which contains the authenticated user's ORCID identifier and name. The `verify` callback must call `done` providing a user to complete authentication.\n\n```javascript\nvar OrcidStrategy = require('passport-orcid').Strategy;\n\npassport.use(new OrcidStrategy({\n    sandbox: process.env.NODE_ENV !== 'production', // use the sandbox for non-production environments\n    clientID: ORCID_CLIENT_ID,\n    clientSecret: ORCID_CLIENT_SECRET,\n    callbackURL: \"http://www.example.com/auth/orcid/callback\"\n  },\n  function(accessToken, refreshToken, params, profile, done) {\n    // NOTE: `profile` is empty, use `params` instead\n    User.findOrCreate({ orcid: params.orcid }, function (err, user) {\n      return done(err, user);\n    });\n  }\n));\n```\n\n#### Authenticate Requests\n\nUse `passport.authenticate()`, specifying the `'orcid'` strategy, to authenticate requests.\n\nFor example, as route middleware in an [Express](http://expressjs.com/) application:\n\n```javascript\napp.get('/auth/orcid',\n  passport.authenticate('orcid'));\n\napp.get('/auth/orcid/callback',\n  passport.authenticate('orcid', { failureRedirect: '/login' }),\n  function(req, res) {\n    // Successful authentication, redirect home.\n    res.redirect('/');\n  });\n  ```\n\n## Example\n\nDevelopers using the popular [Express](http://expressjs.com/) web framework can refer to an [example](https://gitlab.coko.foundation/pubsweet/passport-orcid/blob/master/example/index.js) as a starting point for their own web applications.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhubgit%2Fpassport-orcid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhubgit%2Fpassport-orcid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhubgit%2Fpassport-orcid/lists"}