{"id":13653698,"url":"https://github.com/kee-org/browser-addon","last_synced_at":"2026-02-22T18:45:20.912Z","repository":{"id":53136908,"uuid":"86247022","full_name":"kee-org/browser-addon","owner":"kee-org","description":"Kee adds free, secure and easy password management features to your browser which save time and keep your private data more secure.","archived":false,"fork":false,"pushed_at":"2025-07-23T17:28:24.000Z","size":10373,"stargazers_count":462,"open_issues_count":22,"forks_count":42,"subscribers_count":31,"default_branch":"master","last_synced_at":"2025-07-23T20:26:07.888Z","etag":null,"topics":["chrome","chrome-extension","edge-extension","firefox","firefox-addon","firefox-extension","keefox","keepass","keepassrpc","password-manager","password-store","webextensions"],"latest_commit_sha":null,"homepage":"https://www.kee.pm","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kee-org.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-03-26T16:25:03.000Z","updated_at":"2025-07-07T17:56:05.000Z","dependencies_parsed_at":"2024-01-29T07:28:28.802Z","dependency_job_id":"5567ff36-28ca-4465-95a1-6115fec7a607","html_url":"https://github.com/kee-org/browser-addon","commit_stats":null,"previous_names":[],"tags_count":268,"template":false,"template_full_name":null,"purl":"pkg:github/kee-org/browser-addon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kee-org%2Fbrowser-addon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kee-org%2Fbrowser-addon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kee-org%2Fbrowser-addon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kee-org%2Fbrowser-addon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kee-org","download_url":"https://codeload.github.com/kee-org/browser-addon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kee-org%2Fbrowser-addon/sbom","scorecard":{"id":553412,"data":{"date":"2025-08-11","repo":{"name":"github.com/kee-org/browser-addon","commit":"4bd94e2d8fbcf88b7064b09efb0ae986fa4bda16"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/23 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/master.yaml:1","Warn: no topLevel permission defined: .github/workflows/pr-build.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/master.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/master.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/master.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/master.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-build.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/pr-build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-build.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/pr-build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/release.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/release.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/release.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/kee-org/browser-addon/release.yaml/master?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   3 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 4.1.4 not signed: https://api.github.com/repos/kee-org/browser-addon/releases/184136247","Warn: release artifact 4.0.7 not signed: https://api.github.com/repos/kee-org/browser-addon/releases/179339565","Warn: release artifact 4.1.3 not signed: https://api.github.com/repos/kee-org/browser-addon/releases/160615848","Warn: release artifact 4.0.6 not signed: https://api.github.com/repos/kee-org/browser-addon/releases/160615724","Warn: release artifact 4.1.2 not signed: https://api.github.com/repos/kee-org/browser-addon/releases/159202583","Warn: release artifact 4.1.4 does not have provenance: https://api.github.com/repos/kee-org/browser-addon/releases/184136247","Warn: release artifact 4.0.7 does not have provenance: https://api.github.com/repos/kee-org/browser-addon/releases/179339565","Warn: release artifact 4.1.3 does not have provenance: https://api.github.com/repos/kee-org/browser-addon/releases/160615848","Warn: release artifact 4.0.6 does not have provenance: https://api.github.com/repos/kee-org/browser-addon/releases/160615724","Warn: release artifact 4.1.2 does not have provenance: https://api.github.com/repos/kee-org/browser-addon/releases/159202583"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"29 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-m5qc-5hw7-8vg7","Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q","Warn: Project is vulnerable to: GHSA-95jq-xph2-cx9h","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-6jrj-vc65-c983","Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3","Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx","Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6","Warn: Project is vulnerable to: GHSA-x574-m823-4x7w","Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8","Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x","Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4","Warn: Project is vulnerable to: GHSA-859w-5945-r5v3","Warn: Project is vulnerable to: GHSA-9crc-q9x8-hgqq","Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T11:37:32.140Z","repository_id":53136908,"created_at":"2025-08-20T11:37:32.141Z","updated_at":"2025-08-20T11:37:32.141Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29722186,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-22T15:10:41.462Z","status":"ssl_error","status_checked_at":"2026-02-22T15:10:04.636Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chrome","chrome-extension","edge-extension","firefox","firefox-addon","firefox-extension","keefox","keepass","keepassrpc","password-manager","password-store","webextensions"],"created_at":"2024-08-02T02:01:15.513Z","updated_at":"2026-02-22T18:45:20.882Z","avatar_url":"https://github.com/kee-org.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","chrome-extension","JavaScript"],"sub_categories":[],"readme":"# Simple and secure password management\n\n## Kee automatically fills login forms to save you time and protect you from security risks.\n\nKee is a free Firefox and Chrome add-on for linking browsers to [Kee Vault](https://keevault.pm) or KeePass (latter requires using the [KeePassRPC KeePass plugin](https://github.com/kee-org/keepassrpc)).\n\nOfficial website with sign-up and download links: https://www.kee.pm\n\nSupport forum: https://forum.kee.pm\n\n# Build\n\n## Requirements\n\n* node (16 should work but only tested with 18)\n* a node package manager (tested with npm 8 and 9)\n* a web browser (tested with Firefox 117)\n* a Supporter's subscription to [Kee Vault](https://keevault.pm) OR KeePass 2.x (+ .NET/Mono) + KeePassRPC.plgx\n\nIt's set up for Visual Studio Code but it shouldn't be too hard to work out how to develop using other IDEs.\n\n## Instructions\n\n1. clone the repo\n1. `npm ci` (or `npm install` to get any newer library dependencies than those we used in official builds)\n1. Development:\n   1. Open two terminals/consoles\n      1. In the 1st: `npm run dev` OR `npm run dev-chrome`\n      1. In the 2nd: `npm run start:firefox` OR `npm run start:chrome`\n   1. the task in the 1st terminal will recompile and reload necessary parts of the addon each time you change a file but in some circumstances you'll need to press 'r' in the 2nd terminal to force a complete reload.\n   1. If you mismatch the Firefox/Chrome commands most parts of the development process should be unaffected but you'll see some console warnings so try to keep them aligned when switching between browsers.\n1. Preparing for release or Pull Request:\n   1. `npm run tsc` to verify that no type errors have been introduced during recent development changes\n   1. `npm run lint`\n\nYou may need to modify the vite config files or some of the build scripts if you add significant new sections to the WebExtension structure but it's unlikely and we can help you with that if necessary.\n\n## Reproducing a build\n\n### Introduction\n\nExactly reproducing the files delivered from the Firefox add-on website or Chrome extension store is not possible because the websites modify the file that we build in order to attach a digital signature. One can get very close though, to the point where a diff of the files from a given release on GitHub varies from your own local build in only three ways:\n\n1. Line endings - some parts of the tool chain may treat line endings differently so that the end result could differ between operating systems.\n2. Version number - the CI build system holds credentials that allow it to manipulate git tags on the GitHub repository and in doing so allows for automatic incrementing of build numbers, which in turn will result in a unique version number being calculated. This can only be reproduced if you download the git repo to your local system (including all tags) and develop a custom build script or modify the source files as needed - it's most likely not worth the effort but can be done if it is important to you.\n3. File dates - the build output is essentially a zip file so when the newly downloaded and built files on your system are added to the zip file, they will have different dates than those that were built on the CI platform and automatically added to a GitHub Release. For this reason, even if you were to end up with the same line endings and version number, it is not possible to compare a digest (hash) of your built file and expect it to match the file built by anyone else (unless you build it at exactly the same time!)\n\n### Requirements\n\nReproducible builds rely upon npm version 7 or higher.\n\nOur builds are created by GitHub Actions using the following configuration:\n\n* Ubuntu 22.04\n* Node 18\n* npm 8\n\n### Instructions\n\n1. download the source code (e.g. from the relevant GitHub Release page) or clone the repo for the latest (often pre-release) version\n1. `npm ci \u0026\u0026 mkdir dist`\n1. manipulate package.json if you want to adjust version numbers\n1. For a Firefox release: `npm run build:prod \u0026\u0026 npm run pack:prod` (for stable releases) and/or `npm run build:beta \u0026\u0026 npm run pack:beta` (for beta releases) \n1. For a Chromium release: `npm run build-chrome:prod \u0026\u0026 npm run pack-chrome:prod` (for stable releases) and/or `npm run build-chrome:beta \u0026\u0026 npm run pack-chrome:beta` (for beta releases) \n1. XPIs and ZIPs of each variant are put into the `dist` folder\n\n## Repo/project structure\n\n* `/_locales` Localisation data (language translations).\n* `.tx` Used by Transifex localisation scripts to help manage multiple language translation.\n* `dist` Output folder for build packages (e.g. an XPI file for installation in Firefox). Created automatically by development scripts or manually if you're only building for packaging/release.\n* `extension` Output folder for compiled files when developing or building for packaging/release.\n* `lib` Files that are directly included in the resulting extension, undergoing no further adjustment or compilation.\n* `scripts` The scripts within help prepare the `extension` file structure for hot module reloading during development, as well as ensuring that various categories of files end up in the right place, with appropriate references updated.\n* `src` \n   * `manifest.ts` Outputs a manifest.json file appropriate to the current build / development environment.\n   * `assets` Static assets. These may be manipulated by the build process into a different format or excluded entirely from the final output but typically will just be included as is, into the extension/assets folder.\n   * `background` Extension's main background script / Service Worker.\n   * `common` Modules that are used across multiple extension scopes (e.g. background, popup, content script, etc.) \n   * `dialogs` Standalone dialogs within the extension context (e.g. for the Network Authentication window).\n   * `install-notes` A Vue app that is shown after an extension installation has occurred.\n   * `page` The content page script that gets injected to every web page that is not Kee Vault.\n   * `panels` Small pages that are rendered as in-page panels, within an iframe, within any web page.\n   * `popup` The main browser popup that clicking on the browser toolbar button will display.\n   * `release-notes` Pages that are shown after an extension update has occurred.\n   * `settings` Page to allow user to adjust many extension settings.\n   * `store` The Pinia Store definitions that are used for both Vue/Vuetify UI state storage and for automated data transfer across multiple extension execution scopes (popup, settings page, background, in-page panels, etc.)\n   * `vault` The content page script that gets injected to the Kee Vault website.\n\n## Vue devtools\n\nIt's likely that the below does not work. It might though, at least on one or two devices in the world when the stars are aligned.\n\nWe'll take a fresh look at this challenge when working on the migration to MV3.\n\n### One time:\n````\nnpm install -g @vue/devtools\nnpm install -g https-proxy-cli\n````\n\n### Each time:\n\n`https-proxy -t http://localhost:8098 -p 8099 --keys \u003cfolder to store and re-access self-signed certs\u003e \u0026`\n`vue-devtools`\n\n### First time:\n\nsudo apt-get install libnss3-tools\nManually load https://localhost:8099 in the browser, add self-signed cert to whitelist and export the cert to a local file (or just use the generated keys folder location above... not sure if that will work or not).\n`certutil -d sql:$HOME/.pki/nssdb -A -t \"P,,\" -n \u003cpath to saved cert\u003e -i \u003cpath to saved cert\u003e`\nrestart Chrome\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkee-org%2Fbrowser-addon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkee-org%2Fbrowser-addon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkee-org%2Fbrowser-addon/lists"}