{"id":16237854,"url":"https://github.com/malept/sumchecker","last_synced_at":"2025-09-14T07:31:29.285Z","repository":{"id":10916675,"uuid":"67456828","full_name":"malept/sumchecker","owner":"malept","description":"Checksum checker for Node.js","archived":false,"fork":false,"pushed_at":"2023-09-22T18:06:02.000Z","size":266,"stargazers_count":12,"open_issues_count":9,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-17T11:16:35.817Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://npm.im/sumchecker","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/malept.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"malept","tidelift":"npm/sumchecker"}},"created_at":"2016-09-05T23:25:23.000Z","updated_at":"2023-11-07T12:43:14.000Z","dependencies_parsed_at":"2024-06-18T15:33:03.198Z","dependency_job_id":"9a349cd7-8642-4204-8d52-1fcd5b558571","html_url":"https://github.com/malept/sumchecker","commit_stats":{"total_commits":178,"total_committers":7,"mean_commits":"25.428571428571427","dds":0.6067415730337078,"last_synced_commit":"9f8536eb079a7f4088333a0492a0b758c8c24f51"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/malept/sumchecker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malept%2Fsumchecker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malept%2Fsumchecker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malept%2Fsumchecker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malept%2Fsumchecker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/malept","download_url":"https://codeload.github.com/malept/sumchecker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malept%2Fsumchecker/sbom","scorecard":{"id":614109,"data":{"date":"2025-08-11","repo":{"name":"github.com/malept/sumchecker","commit":"b528a56827f1387a3e43962fec7a300a0dbc5518"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":-1,"reason":"Found no human activity in the last 30 changesets","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/docs.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/malept/sumchecker/docs.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:41","Warn: npmCommand not pinned by hash: .github/workflows/docs.yml:33","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:65","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/docs.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T03:26:02.289Z","repository_id":10916675,"created_at":"2025-08-21T03:26:02.289Z","updated_at":"2025-08-21T03:26:02.289Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275076531,"owners_count":25401314,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-14T02:00:10.474Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-10T13:37:44.314Z","updated_at":"2025-09-14T07:31:29.019Z","avatar_url":"https://github.com/malept.png","language":"TypeScript","funding_links":["https://github.com/sponsors/malept","https://tidelift.com/funding/github/npm/sumchecker","https://tidelift.com/badges/github/malept/sumchecker","https://tidelift.com/subscription/pkg/npm-sumchecker?utm_source=npm-sumchecker\u0026utm_medium=referral\u0026utm_campaign=enterprise\u0026utm_term=repo"],"categories":[],"sub_categories":[],"readme":"# Sumchecker\n\n[![Build\nStatus](https://github.com/malept/sumchecker/workflows/CI/badge.svg)](https://github.com/malept/sumchecker/actions?query=workflow%3ACI)\n[![Code Coverage](https://codecov.io/gh/malept/sumchecker/branch/main/graph/badge.svg)](https://codecov.io/gh/malept/sumchecker)\n![Dependency Status](https://tidelift.com/badges/github/malept/sumchecker)\n[![NPM package](https://img.shields.io/npm/v/sumchecker)](https://npm.im/sumchecker)\n\nSumchecker is a pure Node.js solution to validating files specified in a checksum file, which are\nusually generated by programs such as [`sha256sum`](https://en.wikipedia.org/wiki/Sha256sum).\n\n## Requirements\n\n`sumchecker` is tested with Node.js 14.19.0 (LTS) and above.\n\n## Usage\n\n```javascript\nconst sumchecker = require(\"sumchecker\");\n\n// NB: Top-level await is available in Node.js \u003e= 14.8.0. Non-top-level-await syntax is left as an\n// exercise to the reader.\ntry {\n  await sumchecker(algorithm, checksumFilename, baseDir, filesToCheck);\n  console.log(\"All files validate!\");\n} catch (error) {\n  console.error(\"An error occurred\", error);\n}\n```\n\nFor details, see the [API documentation](https://malept.github.io/sumchecker/).\n\n## Security contact information\n\nSee [SECURITY.md](https://github.com/malept/sumchecker/blob/main/SECURITY.md).\n\n## Legal\n\nThis library is copyrighted under the terms of the [Apache 2.0 License].\n\n[apache 2.0 license]: http://www.apache.org/licenses/LICENSE-2.0\n\n## Enterprise support\n\nAvailable as part of the Tidelift Subscription.\n\nThe maintainers of sumchecker and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more](https://tidelift.com/subscription/pkg/npm-sumchecker?utm_source=npm-sumchecker\u0026utm_medium=referral\u0026utm_campaign=enterprise\u0026utm_term=repo).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalept%2Fsumchecker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmalept%2Fsumchecker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalept%2Fsumchecker/lists"}