{"id":14978564,"url":"https://github.com/lemonldapng/node-lemonldap-ng-handler","last_synced_at":"2025-10-09T08:32:56.517Z","repository":{"id":37390846,"uuid":"50499376","full_name":"LemonLDAPNG/node-lemonldap-ng-handler","owner":"LemonLDAPNG","description":"Lemonldap::NG handler for Node.js","archived":false,"fork":false,"pushed_at":"2025-09-24T13:54:27.000Z","size":2622,"stargazers_count":8,"open_issues_count":7,"forks_count":2,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-09-24T22:55:04.485Z","etag":null,"topics":["handler","lemonldap-ng","nginx","sso","sso-authentication","ssoaas"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LemonLDAPNG.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-01-27T10:19:44.000Z","updated_at":"2025-09-24T13:50:37.000Z","dependencies_parsed_at":"2024-09-28T01:40:50.049Z","dependency_job_id":"c4920ec3-27c2-4056-afdc-60e74089d185","html_url":"https://github.com/LemonLDAPNG/node-lemonldap-ng-handler","commit_stats":{"total_commits":365,"total_committers":5,"mean_commits":73.0,"dds":0.4657534246575342,"last_synced_commit":"3ab0b8044b71158b8f4300a7db5c3140d34b6c02"},"previous_names":["guimard/node-lemonldap-ng-handler"],"tags_count":29,"template":false,"template_full_name":null,"purl":"pkg:github/LemonLDAPNG/node-lemonldap-ng-handler","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Fnode-lemonldap-ng-handler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Fnode-lemonldap-ng-handler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Fnode-lemonldap-ng-handler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Fnode-lemonldap-ng-handler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LemonLDAPNG","download_url":"https://codeload.github.com/LemonLDAPNG/node-lemonldap-ng-handler/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Fnode-lemonldap-ng-handler/sbom","scorecard":{"id":83358,"data":{"date":"2025-08-11","repo":{"name":"github.com/LemonLDAPNG/node-lemonldap-ng-handler","commit":"90f79d3f9338b9a324ddb71501d391f4d5163ca4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/16 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":5,"reason":"7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/buildandtest.yml:3","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildandtest.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/LemonLDAPNG/node-lemonldap-ng-handler/buildandtest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildandtest.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/LemonLDAPNG/node-lemonldap-ng-handler/buildandtest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildandtest.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/LemonLDAPNG/node-lemonldap-ng-handler/buildandtest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildandtest.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/LemonLDAPNG/node-lemonldap-ng-handler/buildandtest.yml/master?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/buildandtest.yml:26","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-jgmv-j7ww-jx2x"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T06:22:05.608Z","repository_id":37390846,"created_at":"2025-08-15T06:22:05.608Z","updated_at":"2025-08-15T06:22:05.608Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001051,"owners_count":26082991,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["handler","lemonldap-ng","nginx","sso","sso-authentication","ssoaas"],"created_at":"2024-09-24T13:57:55.121Z","updated_at":"2025-10-09T08:32:56.512Z","avatar_url":"https://github.com/LemonLDAPNG.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lemonldap::NG handler for Node.js\n\nBeta [Lemonldap::NG](https://lemonldap-ng.org) handler for node.js\n\n## packages\n\n- Main package: [lemonldap-ng-handler](./packages/z-handler/README.md)\n- Configuration:\n  - Main class: [@lemonldap-ng/conf](./packages/conf/README.md)\n  - Configuration backends: [@lemonldap-ng/conf-\\*](./packages/)\n- Perl Apache::Session::\\* wrapper:\n  - Main class: [@lemonldap-ng/session](./packages/session/README.md)\n  - Session backends: [@lemonldap-ng/session-\\*](./packages/)\n- Perl-DBI wrapper: [perl-dbi](./packages/perl-dbi/README.md)\n- Crypto API: [@lemonldap-ng/crypto](./packages/crypto/README.md)\n- Constants: [@lemonldap-ng/constants](./packages/constants)\n- Global typescript types: [@lemonldap-ng/types](./packages/types)\n\n## What is [LemonLDAP::NG](https://lemonldap-ng.org)\n\nLemonldap::NG is a complete Web-SSO system that can run with reverse-proxies\nor directly on application webservers. It can be used in conjunction with\nOpenID-Connect, CAS and SAML systems as identity or service provider. It can\nalso be used as proxy between those federation systems.\n\nIt manages both authentication and authorization and provides headers for\naccounting. So you can have a full AAA protection. Authorization are built by\nassociating a regular expression and a rule. Regular expression is applied on\nthe requested URL and the rule calculates if the user is authorized.\n\nLLNG is designed in 3 kinds of elements:\n\n- a portal\n- a manager\n- some handlers for Apache, [Plack family](https://plackperl.org), Node.js\n- some FastCGI servers to provide Nginx handler or\n  [SSOaaS](https://lemonldap-ng.org/documentation/2.0/ssoaas):\n  - pure Perl (default)\n  - uWSGI _(Perl via uwsgi-psgi plugin)_\n  - this Node.js module\n\nThis module provide the Node.js handler and the FastCGI server.\n\nSee [Lemonldap::NG website](http://lemonldap-ng.org) for more.\n\n## Copyright and license\n\nCopyright (C) 2016-present Yadd \u003cyadd@debian.org\u003e\n\nLicensed under [GNU GPL V3](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flemonldapng%2Fnode-lemonldap-ng-handler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flemonldapng%2Fnode-lemonldap-ng-handler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flemonldapng%2Fnode-lemonldap-ng-handler/lists"}