{"id":15420284,"url":"https://github.com/jakebailey/hereby","last_synced_at":"2026-02-18T23:03:01.901Z","repository":{"id":56785593,"uuid":"523486340","full_name":"jakebailey/hereby","owner":"jakebailey","description":"A simple Node.js task runner","archived":false,"fork":false,"pushed_at":"2026-02-16T19:03:24.000Z","size":1515,"stargazers_count":420,"open_issues_count":9,"forks_count":15,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-17T08:56:03.017Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://hereby.js.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jakebailey.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-08-10T20:23:10.000Z","updated_at":"2026-02-12T20:12:16.000Z","dependencies_parsed_at":"2023-02-18T12:46:03.731Z","dependency_job_id":"e721052b-028a-4f38-90a4-605a10005c00","html_url":"https://github.com/jakebailey/hereby","commit_stats":{"total_commits":437,"total_committers":4,"mean_commits":109.25,"dds":"0.10526315789473684","last_synced_commit":"c07ee226d0c3340215dc3075897edc9435cf8faf"},"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"purl":"pkg:github/jakebailey/hereby","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakebailey%2Fhereby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakebailey%2Fhereby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakebailey%2Fhereby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakebailey%2Fhereby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jakebailey","download_url":"https://codeload.github.com/jakebailey/hereby/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jakebailey%2Fhereby/sbom","scorecard":{"id":170878,"data":{"date":"2025-08-10T17:36:10Z","repo":{"name":"github.com/jakebailey/hereby","commit":"e8295cc85bd01d511a00d006b5e37d73fb89343f"},"scorecard":{"version":"v5.1.1","commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198"},"score":7.6,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: .github/renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"}},{"name":"Code-Review","score":0,"reason":"Found 2/22 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":2,"reason":"0 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/changesets.yml:18","Info: jobLevel 'checks' permission set to 'read': .github/workflows/changesets.yml:19","Info: jobLevel 'issues' permission set to 'read': .github/workflows/changesets.yml:20","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:48","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:33","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:34","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/gh-pages.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:16","Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/changesets.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/codspeed.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/gh-pages.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/release.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:61","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:63","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:133","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:139","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:151","Info:  22 out of  22 GitHub-owned GitHubAction dependencies pinned","Info:   6 out of   6 third-party GitHubAction dependencies pinned","Info:   6 out of  11 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: TypeScriptPropertyBasedTesting integration found: src/__tests__/cli/parseArgs.test.ts:1"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (10) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"}},{"name":"Contributors","score":10,"reason":"project has 3 contributing companies or organizations -- score normalized to 10","details":["Info: found contributions from: DefinitelyTyped, microsoft, pnpm"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"10 out of 10 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-08-16T16:25:16.806Z","repository_id":56785593,"created_at":"2025-08-16T16:25:16.807Z","updated_at":"2025-08-16T16:25:16.807Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29569856,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T04:18:28.490Z","status":"ssl_error","status_checked_at":"2026-02-18T04:13:49.018Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-01T17:28:50.974Z","updated_at":"2026-02-18T23:03:01.880Z","avatar_url":"https://github.com/jakebailey.png","language":"TypeScript","readme":"# hereby\n\n[![npm](https://img.shields.io/npm/v/hereby.svg)](https://npmjs.com/package/hereby)\n[![node](https://img.shields.io/node/v/hereby.svg)](https://nodejs.org)\n[![install size](https://packagephobia.com/badge?p=hereby)](https://packagephobia.com/result?p=hereby)\n[![tokei](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/jakebailey/hereby/gh-pages/tokei.json)](https://github.com/XAMPPRocky/tokei)\n[![ci](https://github.com/jakebailey/hereby/actions/workflows/ci.yml/badge.svg)](https://github.com/jakebailey/hereby/actions/workflows/ci.yml)\n[![codecov](https://codecov.io/gh/jakebailey/hereby/branch/main/graph/badge.svg?token=YL2Z1uk5dh)](https://codecov.io/gh/jakebailey/hereby)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/jakebailey/hereby/badge)](https://securityscorecards.dev/viewer/?uri=github.com/jakebailey/hereby)\n\n\u003e _I hereby declare thee built._\n\n`hereby` is a simple task runner.\n\n```console\n$ npm i -D hereby\n$ yarn add -D hereby\n```\n\n## Herebyfile.mjs\n\nTasks are defined in `Herebyfile.mjs`. Exported tasks are available to run at\nthe CLI, with support for `export default`.\n\nFor example:\n\n```js\nimport { execa } from \"execa\";\nimport { task } from \"hereby\";\n\nexport const build = task({\n    name: \"build\",\n    run: async () =\u003e {\n        await execa(\"tsc\", [\"-b\", \"./src\"]);\n    },\n});\n\nexport const test = task({\n    name: \"test\",\n    dependencies: [build],\n    run: async () =\u003e {\n        await execa(\"node\", [\"./out/test.js\"]);\n    },\n});\n\nexport const lint = task({\n    name: \"lint\",\n    run: async () =\u003e {\n        await runLinter(...);\n    },\n});\n\nexport const testAndLint = task({\n    name: \"testAndLint\",\n    dependencies: [test, lint],\n});\n\nexport default testAndLint;\n\nexport const bundle = task({\n    name: \"bundle\",\n    dependencies: [build],\n    run: async () =\u003e {\n        await execa(\"esbuild\", [\n            \"--bundle\",\n            \"./out/index.js\",\n            \"--outfile=./out/bundled.js\",\n        ]);\n    },\n});\n```\n\n## Running tasks\n\nGiven the above Herebyfile:\n\n```console\n$ hereby build        # Run the \"build\" task\n$ hereby test         # Run the \"test\" task, which depends on \"build\".\n$ hereby              # Run the default exported task.\n$ hereby test bundle  # Run the \"test\" and \"bundle\" tasks in parallel.\n```\n\n## Flags\n\n`hereby` also supports a handful of flags:\n\n```console\n-h, --help          Display this usage guide.\n--herebyfile path   A path to a Herebyfile. Optional.\n-T, --tasks         Print a listing of the available tasks.\n```\n\n## ESM\n\n`hereby` is implemented in ES modules. But, don't fret! This does not mean that\nyour project must be ESM-only, only that your `Herebyfile` must be ESM module so\nthat `hereby`'s `task` function can be imported. It's recommended to use the\nfilename `Herebyfile.mjs` to ensure that it is treated as ESM. This will work in\na CommonJS project; ES modules can import CommonJS modules.\n\nIf your package already sets `\"type\": \"module\"`, `Herebyfile.js` will work as\nwell.\n\n## TypeScript support\n\n`hereby` supports `Herebyfile.mts` and `Herebyfile.ts`, so long as your runtime\nsupports loading these files. This includes like Node's type stripping, `bun`,\nor even a custom loader, and so on.\n\n## Caveats\n\n### No serial tasks\n\n`hereby` does not support running tasks in series; specifying multiple tasks at\nthe CLI or as dependencies of another task will run them in parallel. This\nmatches the behavior of tools like `make`, which like `hereby` intend to encode\na dependency graph of tasks, not act as a script.\n\nIn general, if you're trying to emulate a serial task, you will likely be better\nserved by writing out explicit dependencies for your tasks.\n\n### Tasks only run once\n\n`hereby` will only run each task once during its execution. This means that\ntasks which consist of other tasks run in order like a script cannot be\nconstructed. For example, it's not possible to run \"build\", then \"clean\", then\n\"build\" again within the same invocation of `hereby`, since \"build\" will only be\nexecuted once (and the lack of serial tasks prevents such a construction\nanyway).\n\nTo run tasks in a specific order and more than once, run `hereby` multiple\ntimes:\n\n```console\n$ hereby build\n$ hereby clean\n$ hereby build\n```\n","funding_links":[],"categories":["Packages","TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjakebailey%2Fhereby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjakebailey%2Fhereby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjakebailey%2Fhereby/lists"}