{"id":17068927,"url":"https://github.com/localnerve/cannibalizr","last_synced_at":"2026-02-25T00:36:08.293Z","repository":{"id":7453153,"uuid":"56423141","full_name":"localnerve/cannibalizr","owner":"localnerve","description":"Turns an old pile of rusty files into a json data source","archived":false,"fork":false,"pushed_at":"2025-11-12T12:57:17.000Z","size":720,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-11-12T14:33:46.917Z","etag":null,"topics":["data-source","file","javascript-library","json","regex"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/localnerve.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-04-17T06:53:20.000Z","updated_at":"2025-11-12T12:56:35.000Z","dependencies_parsed_at":"2025-01-20T17:36:44.851Z","dependency_job_id":"8b5a8f3e-ebc9-400e-b318-32bc9b50ff4f","html_url":"https://github.com/localnerve/cannibalizr","commit_stats":{"total_commits":53,"total_committers":4,"mean_commits":13.25,"dds":"0.30188679245283023","last_synced_commit":"102f8f0c2fcd34f4859b8e467aa9aee2e601add0"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/localnerve/cannibalizr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/localnerve%2Fcannibalizr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/localnerve%2Fcannibalizr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/localnerve%2Fcannibalizr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/localnerve%2Fcannibalizr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/localnerve","download_url":"https://codeload.github.com/localnerve/cannibalizr/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/localnerve%2Fcannibalizr/sbom","scorecard":{"id":596625,"data":{"date":"2025-08-11","repo":{"name":"github.com/localnerve/cannibalizr","commit":"4471138913c67cfde57a7aed733e0f643915869f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/14 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/localnerve/cannibalizr/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/localnerve/cannibalizr/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/localnerve/cannibalizr/verify.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/localnerve/cannibalizr/verify.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/localnerve/cannibalizr/verify.yml/master?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/deploy.yml:10","Warn: no topLevel permission defined: .github/workflows/deploy.yml:1","Warn: no topLevel permission defined: .github/workflows/verify.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/deploy.yml:7"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Warn: branch 'master' does not require approvers","Warn: codeowners review is not required on branch 'master'","Warn: 'last push approval' is disabled on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T23:17:57.011Z","repository_id":7453153,"created_at":"2025-08-20T23:17:57.011Z","updated_at":"2025-08-20T23:17:57.011Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29806689,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-24T22:43:48.403Z","status":"ssl_error","status_checked_at":"2026-02-24T22:43:18.536Z","response_time":75,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data-source","file","javascript-library","json","regex"],"created_at":"2024-10-14T11:15:35.685Z","updated_at":"2026-02-25T00:36:08.244Z","avatar_url":"https://github.com/localnerve.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cannibalizr\n\n[![npm version](https://badge.fury.io/js/cannibalizr.svg)](http://badge.fury.io/js/cannibalizr)\n![Verify](https://github.com/localnerve/cannibalizr/workflows/Verify/badge.svg)\n[![Coverage Status](https://coveralls.io/repos/localnerve/cannibalizr/badge.svg?branch=master)](https://coveralls.io/r/localnerve/cannibalizr?branch=master)\n\n\n\u003e A tool to pull strings from multiple files into a json file using regexes.\n\n## What?\n\u003e \"Turns an old pile of rusty files into a shiny, new json data source!\"\n\nThis tool pulls select strings from multiple files and writes them to a\nstructured json file.\nSo, it allows you to use those files as input to something else, making them the\nsingle source of truth.\n\n*This is not the tool you are looking for.*\n\n**Use this as a last resort.**\n\nBy nature, this is a brittle solution as the input files will (presumably) change\nover time, and inevitably evade your capturing regexes at some point.\nThe usefulness of this tool depends on your regexes and the nature of the input\nthey capture against (and other viable options available to you in your timeframe).\n\nIdeally, you should never have to do this, but sometimes, things are not ideal.\nHowever, if there are strings in your code that are NOT easy available in any\nother data form (**I'm looking at you, asset references in CSS**), this could be\na useful way to keep DRY without overcomplicating things.\n\n## Example using all options\n\n```javascript\nimport cannibalizr from 'cannibalizr';\n\ncannibalizr({\n  output: {\n    // manifest is an optional object with arbitrary data to store in the output\n    manifest: {\n      id: 123,\n      version: '0.1.0',\n      whatever: 'data I want here'\n    }\n    file: 'data.json' // the json output file path, always overwritten.\n  },\n  input: {\n    someIdentifier: [{\n      file: 'somefile.css',\n      captures: [{\n        global: true, // true if the regex is global (/g)\n        matchIndex: 1, // the match index to pull data from\n        re: /url\\(([^\\)]+)\\)/ig // the actual regex\n      }]\n    }],\n    anotherIdentifier: [{\n      file: 'somefile.js',\n      captures: [{\n        global: false,\n        matchIndex: 1,\n        re: /xhrPath\\s*\\:\\s*(?:'|\")([^'\"]+)/\n      }]\n    }]\n  },\n  // A logging function. If omitted, nothing is logged.\n  logger: console.log\n});\n\n// data.json:\n{\n  \"manifest\": {\n    \"id\": 123,\n    \"version\": \"0.1.0\",\n    \"whatever\": \"data I want here\"\n  },\n  \"someIdentifier\": [\n    \"//fonts.gstatic.com/s/sourcesanspro/v9/guid.woff2\",\n    \"//fonts.gstatic.com/s/sourcesanspro/v9/guid.woff\",\n    \"//fonts.gstatic.com/s/sourcesanspro/v9/guid.ttf\"\n  ]\n  \"anotherIdentifier\": [\n    \"/api\"\n  ]\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flocalnerve%2Fcannibalizr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flocalnerve%2Fcannibalizr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flocalnerve%2Fcannibalizr/lists"}