{"id":13555135,"url":"https://github.com/jsreport/jsreport","last_synced_at":"2026-04-29T23:04:24.793Z","repository":{"id":39898272,"uuid":"9118648","full_name":"jsreport/jsreport","owner":"jsreport","description":"javascript based business reporting platform :rocket:","archived":false,"fork":false,"pushed_at":"2026-04-27T18:32:21.000Z","size":294192,"stargazers_count":1307,"open_issues_count":126,"forks_count":258,"subscribers_count":52,"default_branch":"master","last_synced_at":"2026-04-28T00:08:11.071Z","etag":null,"topics":["excel","pdf","reporting"],"latest_commit_sha":null,"homepage":"https://jsreport.net","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jsreport.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2013-03-30T16:35:02.000Z","updated_at":"2026-04-27T18:32:30.000Z","dependencies_parsed_at":"2023-02-16T08:46:09.873Z","dependency_job_id":"0b1f7ecb-c1b9-42b4-bf2c-9a770dc92c88","html_url":"https://github.com/jsreport/jsreport","commit_stats":{"total_commits":2088,"total_committers":20,"mean_commits":104.4,"dds":"0.48323754789272033","last_synced_commit":"4c6c4fad5a92a70ce33d7d6f96b15edd08532c0a"},"previous_names":[],"tags_count":118,"template":false,"template_full_name":null,"purl":"pkg:github/jsreport/jsreport","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsreport%2Fjsreport","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsreport%2Fjsreport/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsreport%2Fjsreport/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsreport%2Fjsreport/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jsreport","download_url":"https://codeload.github.com/jsreport/jsreport/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jsreport%2Fjsreport/sbom","scorecard":{"id":539120,"data":{"date":"2025-08-11","repo":{"name":"github.com/jsreport/jsreport","commit":"91d974d9c9cbaa304f636d0f395899758fb6b7fc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/docker-build-default.yaml:1","Warn: no topLevel permission defined: .github/workflows/docker-build-full.yaml:1","Warn: no topLevel permission defined: .github/workflows/docker-build-nightly-default.yaml:1","Warn: no topLevel permission defined: .github/workflows/docker-build-windows.yaml:1","Warn: no topLevel permission defined: .github/workflows/linux-binary.yaml:1","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/osx-binary.yaml:1","Warn: no topLevel permission defined: .github/workflows/windows-binary.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: executable-license.txt:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: executable-license.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-build-default.yaml:8"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 4.10.1 not signed: https://api.github.com/repos/jsreport/jsreport/releases/239827980","Warn: release artifact 4.10.0 not signed: https://api.github.com/repos/jsreport/jsreport/releases/234976963","Warn: release artifact 4.9.0 not signed: https://api.github.com/repos/jsreport/jsreport/releases/217195776","Warn: release artifact 4.8.0 not signed: https://api.github.com/repos/jsreport/jsreport/releases/203094057","Warn: release artifact 4.7.0 not signed: https://api.github.com/repos/jsreport/jsreport/releases/182559888","Warn: release artifact 4.10.1 does not have provenance: https://api.github.com/repos/jsreport/jsreport/releases/239827980","Warn: release artifact 4.10.0 does not have provenance: https://api.github.com/repos/jsreport/jsreport/releases/234976963","Warn: release artifact 4.9.0 does not have provenance: https://api.github.com/repos/jsreport/jsreport/releases/217195776","Warn: release artifact 4.8.0 does not have provenance: https://api.github.com/repos/jsreport/jsreport/releases/203094057","Warn: release artifact 4.7.0 does not have provenance: https://api.github.com/repos/jsreport/jsreport/releases/182559888"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-default.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-default.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-default.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-default.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-default.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-default.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-default.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-full.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-full.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-full.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-full.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-full.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-full.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-full.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-full.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-full.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-full.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-nightly-default.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-nightly-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-nightly-default.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-nightly-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-nightly-default.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-nightly-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-nightly-default.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-nightly-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-nightly-default.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-nightly-default.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-nightly-default.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-nightly-default.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-windows.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-windows.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-windows.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/docker-build-windows.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-binary.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/linux-binary.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux-binary.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/linux-binary.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linux-binary.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/linux-binary.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-binary.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/osx-binary.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/osx-binary.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/osx-binary.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/osx-binary.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/osx-binary.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows-binary.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/windows-binary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows-binary.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/windows-binary.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/windows-binary.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jsreport/jsreport/windows-binary.yml/master?enable=pin","Warn: containerImage not pinned by hash: packages/jsreport/docker/default/Dockerfile:1: pin your Docker image by updating jsreport/jsreport:4.10.0 to jsreport/jsreport:4.10.0@sha256:1a7a022ff713a958e7dca0dc9ca594244fbed3b487921e52658a32ef8d1d5303","Warn: containerImage not pinned by hash: packages/jsreport/docker/default/Dockerfile.local:1: pin your Docker image by updating node:22.15-alpine3.21 to node:22.15-alpine3.21@sha256:152270cd4bd094d216a84cbc3c5eb1791afb05af00b811e2f0f04bdc6c473602","Warn: containerImage not pinned by hash: packages/jsreport/docker/default/Dockerfile.nightly:1: pin your Docker image by updating node:22.15-alpine3.21 to node:22.15-alpine3.21@sha256:152270cd4bd094d216a84cbc3c5eb1791afb05af00b811e2f0f04bdc6c473602","Warn: containerImage not pinned by hash: packages/jsreport/docker/full/Dockerfile:1: pin your Docker image by updating jsreport/jsreport:4.10.0-full to jsreport/jsreport:4.10.0-full@sha256:8faebdac20d1967ccf8ccc1ca510ecf0a57dff357c354cc6c9cec5c0ae6fb4ce","Warn: containerImage not pinned by hash: packages/jsreport/docker/full/Dockerfile.local:1: pin your Docker image by updating ubuntu:noble to ubuntu:noble@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: packages/jsreport/docker/windowsservercore/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/windows/servercore:ltsc2025 to mcr.microsoft.com/windows/servercore:ltsc2025@sha256:570916ae0393ca7784819b7ab17776b958ca702922c56dda1ae4e0eaadcac57f","Warn: containerImage not pinned by hash: packages/worker/Dockerfile:1: pin your Docker image by updating ubuntu:noble to ubuntu:noble@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: packages/worker/Dockerfile.fast:1","Warn: containerImage not pinned by hash: packages/worker/Dockerfile.local:1: pin your Docker image by updating ubuntu:focal to ubuntu:focal@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: npmCommand not pinned by hash: packages/jsreport/docker/default/Dockerfile:7","Warn: npmCommand not pinned by hash: packages/jsreport/docker/default/Dockerfile.local:82","Warn: npmCommand not pinned by hash: packages/jsreport/docker/default/Dockerfile.nightly:80","Warn: npmCommand not pinned by hash: packages/jsreport/docker/full/Dockerfile:8","Warn: downloadThenRun not pinned by hash: packages/jsreport/docker/full/Dockerfile.local:52","Warn: npmCommand not pinned by hash: packages/jsreport/docker/full/Dockerfile.local:58","Warn: npmCommand not pinned by hash: packages/jsreport/docker/windowsservercore/Dockerfile:20","Warn: downloadThenRun not pinned by hash: packages/worker/Dockerfile:42-43","Warn: npmCommand not pinned by hash: packages/worker/Dockerfile:55","Warn: downloadThenRun not pinned by hash: packages/worker/Dockerfile.local:41-42","Warn: npmCommand not pinned by hash: packages/worker/Dockerfile.local:52","Info:   0 out of  12 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  18 third-party GitHubAction dependencies pinned","Info:   0 out of   8 npmCommand dependencies pinned","Info:   0 out of   3 downloadThenRun dependencies pinned","Info:   0 out of   9 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"101 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx","Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-g74r-ffvr-5q9f","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-qgfr-5hqp-vrw9","Warn: Project is vulnerable to: GHSA-7fv9-m79r-j9x8","Warn: Project is vulnerable to: GHSA-4w88-rjj3-x7wp","Warn: Project is vulnerable to: GHSA-w222-53c6-c86p","Warn: Project is vulnerable to: GHSA-fjqr-fx3f-g4rv","Warn: Project is vulnerable to: GHSA-6vrv-94jv-crrg","Warn: Project is vulnerable to: GHSA-f9mq-jph6-9mhm","Warn: Project is vulnerable to: GHSA-h9jc-284h-533g","Warn: Project is vulnerable to: GHSA-m93v-9qjc-3g79","Warn: Project is vulnerable to: GHSA-hvf8-h2qh-37m9","Warn: Project is vulnerable to: GHSA-mpjm-v997-c4h4","Warn: Project is vulnerable to: GHSA-3p22-ghq8-v749","Warn: Project is vulnerable to: GHSA-77xc-hjv8-ww97","Warn: Project is vulnerable to: GHSA-mq8j-3h7h-p8g7","Warn: Project is vulnerable to: GHSA-p2jh-44qj-pf2v","Warn: Project is vulnerable to: GHSA-p7v2-p9m8-qqg7","Warn: Project is vulnerable to: GHSA-7x97-j373-85x5","Warn: Project is vulnerable to: GHSA-7m48-wc93-9g85","Warn: Project is vulnerable to: GHSA-qqvq-6xgj-jw8g","Warn: Project is vulnerable to: GHSA-6r2x-8pq8-9489","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq","Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm","Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-jg8v-48h5-wgxg","Warn: Project is vulnerable to: GHSA-36fh-84j7-cv5h","Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m","Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v","Warn: Project is vulnerable to: GHSA-jgmv-j7ww-jx2x","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-ch52-vgq2-943f","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-7jg2-jgv3-fmr4","Warn: Project is vulnerable to: GHSA-wgrm-67xf-hhpq","Warn: Project is vulnerable to: GHSA-x43g-gj9x-838x","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-7xfp-9c55-5vqj","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx","Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-6hwc-9h8r-3vmf","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-qhv9-728r-6jqg","Warn: Project is vulnerable to: GHSA-g7q5-pjjr-gqvp","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-xc7v-wxcw-j472","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-3x9f-74h4-2fqr","Warn: Project is vulnerable to: GHSA-8vcr-vxm8-293m","Warn: Project is vulnerable to: GHSA-g973-978j-2c3p","Warn: Project is vulnerable to: GHSA-4r6h-8v6p-xvw6","Warn: Project is vulnerable to: GHSA-5pgg-2g8v-p4x9","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv","Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q","Warn: Project is vulnerable to: GHSA-crh6-fp67-6883"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T07:46:09.594Z","repository_id":39898272,"created_at":"2025-08-20T07:46:09.594Z","updated_at":"2025-08-20T07:46:09.594Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32364093,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"online","status_checked_at":"2026-04-28T02:00:07.250Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["excel","pdf","reporting"],"created_at":"2024-08-01T12:03:03.071Z","updated_at":"2026-04-29T23:04:24.784Z","avatar_url":"https://github.com/jsreport.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","JAVASCRIPT","Office \u0026 Reports","others","pdf"],"sub_categories":[],"readme":"\n# jsreport\n\n[![Join the chat at https://gitter.im/jsreport/jsreport](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/jsreport/jsreport?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n[![NPM Version](http://img.shields.io/npm/v/jsreport.svg?style=flat-square)](https://npmjs.com/package/jsreport)\n[![NPM Downloads](https://img.shields.io/npm/dt/jsreport.svg?style=flat-square)](https://npmjs.com/package/jsreport)\n[![Docker Pulls](https://img.shields.io/docker/pulls/jsreport/jsreport)](https://hub.docker.com/r/jsreport/jsreport)\n[![build status](https://github.com/jsreport/jsreport/actions/workflows/main.yml/badge.svg)](https://github.com/jsreport/jsreport/actions)\n\n*An open-source platform for designing and rendering various reports.*\n\njsreport is a reporting server letting developers define reports using javascript templating engines like handlebars. It supports various report output formats like html, pdf, excel, docx, and others.  It also includes advanced reporting features like user management, REST API, scheduling, designer, or sending emails.\n\nYou can find more information on the official project website https://jsreport.net\n\n![studio](https://github.com/jsreport/website/blob/master/public/img/jsreport-demo.gif?raw=true)\n\n## Installation\n\nBasic installation from the npm\n```sh            \nnpm install -g @jsreport/jsreport-cli\njsreport init\njsreport configure\njsreport start\n```\n\nYou can also download compiled binary or pull from the official docker images. See [https://jsreport.net/on-prem](http://jsreport.net/on-prem) for the details.\n\n## Documentation\n\nSee the [https://jsreport.net/learn](https://jsreport.net/learn) for an overview of concepts, guides, clients, and general documentation.\n\n## Extensions\nThe jsreport official distribution in npm, docker, or compiled binary includes the most commonly used extensions. However, the list of available extensions is much longer, and you may want to install some of the missing ones as well.  See the list of available packages [here](https://github.com/jsreport/jsreport/tree/master/packages) or in the [documentation](https://jsreport.net/learn).\n\nYou are also not limited to extensions we provide to you. You can implement your extensions. See the [Implementing custom extension](https://jsreport.net/learn/custom-extension) article.\n\n## Node.js\n\nYou can find documentation for adapting this jsreport distribution using nodejs and also information for integrating it into an existing nodejs application in the article [adapting jsreport](https://jsreport.net/learn/adapting-jsreport).\n\nThe official jsreport distribution wires the most popular extensions into the ready-to-use package.\nHowever, if you are skilled, you are free to start from the ground using [jsreport-core](https://github.com/jsreport/jsreport/tree/master/packages/jsreport-core).\n\n## Development\nWe use [yarn](https://yarnpkg.com/) to manage the monorepo. The basic workflow is the following\n```sh\ngit clone https://github.com/jsreport/jsreport\nyarn install\nyarn start\n```\nThe tests for the individual package runs the following way\n\n```\nyarn workspace @jsreport/jsreport-scripts test\n```\n\nThe studio extensions development with the hot reload can be started using\n```\nset NODE_ENV=jsreport-development\u0026\u0026yarn start\n```\n\n## Roadmap\n- adding more features to docx/pptx/xlsx recipes\n- version control extension direct git integration and improvements\n- studio editor intellisense\n- html-to-xlsx - images, filters...\n\nMore in the [backlog](https://github.com/jsreport/jsreport/issues).\n\n**Missing a feature? Submit a feature request.**\n\n## Vulnerabilities\n\nWe update vulnerable jsreport dependencies based on npm and Snyk audits during every release. Please wait until we release the next version when you notice a security warning in your audit. There is no need to create a ticket for it. In case you see a direct impact on jsreport security that you can replicate, please send us an email to support@jsreport.net and we will make sure it's fixed ASAP. Note there is no need to panic when there is a vulnerability mentioned in the audit because it is the most likely in the code path that is not used. A typical example of a vulnerability is an eventual DDoS attack through a dependency parsing some internal config, which in fact can't happen and isn't a vulnerability at all.\n\n## Licensing\nCopyright (C) 2025 Jan Blaha\n\nDo you want to use jsreport for a personal purpose, in a school project or a non-profit organization?\nThen you don't need the author's permission, just go on and use it. You can use jsreport without the author's permission\nalso when having a maximum 5 templates stored in jsreport storage.\n\nFor commercial projects using more than 5 stored report templates see [Pricing page](https://jsreport.net/buy).\n\nUnder any of the licenses, free or not, you are allowed to download the source code and make your own edits.\n\nIn every case, there are no warranties of any kind provided:\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsreport%2Fjsreport","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsreport%2Fjsreport","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsreport%2Fjsreport/lists"}