{"id":25227539,"url":"https://github.com/mattdavis90/node-tado-client","last_synced_at":"2025-10-20T12:47:31.387Z","repository":{"id":32783850,"uuid":"142443858","full_name":"mattdavis90/node-tado-client","owner":"mattdavis90","description":"A Tado API client for Node","archived":false,"fork":false,"pushed_at":"2025-04-14T15:09:27.000Z","size":1033,"stargazers_count":61,"open_issues_count":5,"forks_count":21,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-10-13T14:46:23.344Z","etag":null,"topics":["node","node-js","node-module","nodejs","nodejs-modules","tado","tado-api"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mattdavis90.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-07-26T13:20:14.000Z","updated_at":"2025-08-25T11:38:48.000Z","dependencies_parsed_at":"2023-01-14T22:13:18.838Z","dependency_job_id":"8d64ee94-dfe6-4612-95c0-ff004da17c56","html_url":"https://github.com/mattdavis90/node-tado-client","commit_stats":{"total_commits":109,"total_committers":13,"mean_commits":8.384615384615385,"dds":"0.44036697247706424","last_synced_commit":"427b8e6c8452d9156e508adf8e7f401b56f6e062"},"previous_names":[],"tags_count":56,"template":false,"template_full_name":null,"purl":"pkg:github/mattdavis90/node-tado-client","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdavis90%2Fnode-tado-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdavis90%2Fnode-tado-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdavis90%2Fnode-tado-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdavis90%2Fnode-tado-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mattdavis90","download_url":"https://codeload.github.com/mattdavis90/node-tado-client/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattdavis90%2Fnode-tado-client/sbom","scorecard":{"id":625758,"data":{"date":"2025-08-11","repo":{"name":"github.com/mattdavis90/node-tado-client","commit":"059f964aaed7f80945e26290f090749761fa5719"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/docs.yaml:49","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yaml:13","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yaml:43","Warn: no topLevel permission defined: .github/workflows/docs.yaml:1","Warn: no topLevel permission defined: .github/workflows/main.yaml:1","Warn: no topLevel permission defined: .github/workflows/pkr.yaml:1","Warn: no topLevel permission defined: .github/workflows/publish.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":2,"reason":"Found 1/5 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/main.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/main.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/main.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/main.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/main.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/main.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkr.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/pkr.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/publish.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/mattdavis90/node-tado-client/publish.yaml/master?enable=pin","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T06:24:22.224Z","repository_id":32783850,"created_at":"2025-08-21T06:24:22.224Z","updated_at":"2025-08-21T06:24:22.224Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280094902,"owners_count":26271003,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-20T02:00:06.978Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["node","node-js","node-module","nodejs","nodejs-modules","tado","tado-api"],"created_at":"2025-02-11T09:02:21.993Z","updated_at":"2025-10-20T12:47:31.356Z","avatar_url":"https://github.com/mattdavis90.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# node-tado-client\n\n\u003e [!IMPORTANT]  \n\u003e Tado has changed how authentication works! They no longer accept\n\u003e username/password based authentication. As such, this library has switched to\n\u003e the Oauth device flow. This is effective as of v1.0.0. Please upgrade ASAP to\n\u003e avoid broken integrations\n\n[Documentation](https://mattdavis90.github.io/node-tado-client/)\n\nA Tado API client for Node\n\nBased on the work of SCPhillips on his\n[blog](http://blog.scphillips.com/posts/2017/01/the-tado-api-v2/)\n\n_Please note: This is based on reverse engineering the Tado Web App's API and\nhence may be unstable_\n\n_DEPRECATION notice: The Zone Overlay API calls are being deprecated, see below\nfor further information_\n\n## Usage\n\n```javascript\n// Import the Tado client\nconst { Tado } = require(\"node-tado-client\"); // or TadoX\n\n// Create a new Tado instance\nvar tado = new Tado();\n\n// Register a callback function for token changes\ntado.setTokenCallback(console.log);\n\n// Authenticate with the Tado Web API\n// The refreshToken is optional, if you have a previous session still active\nconst [verify, futureToken] = await tado.authenticate(\"refreshToken\");\nif (verify) {\n    console.log(\"------------------------------------------------\");\n    console.log(\"Device authentication required.\");\n    console.log(\"Please visit the following website in a browser.\");\n    console.log(\"\");\n    console.log(`  ${verify.verification_uri_complete}`);\n    console.log(\"\");\n    console.log(\n        `Checks will occur every ${verify.interval}s up to a maximum of ${verify.expires_in}s`,\n    );\n    console.log(\"------------------------------------------------\");\n}\nawait futureToken;\n\n// Get the User's information\nconst me = await tado.getMe();\nconsole.log(me);\n```\n\nThis call will return something similar to the following Javascript object.\n\n```javascript\n{\n    \"name\": \"John Doe\",\n    \"email\": \"john_doe@gmail.com\",\n    \"username\": \"john_doe\",\n    \"id\": \"523acf000089\",\n    \"homes\": [\n        {\n            \"id\": 1907,\n            \"name\": \"Home\"\n        }\n    ],\n    \"locale\": \"en\",\n    \"mobileDevices\": [\n        {\n            \"name\": \"John's Phone\",\n            \"id\": 644583,\n            \"settings\": {\n                \"geoTrackingEnabled\": true\n            },\n            \"location\": {\n                \"stale\": false,\n                \"atHome\": true,\n                \"bearingFromHome\": {\n                    \"degrees\": 1.0228772862994653,\n                    \"radians\": 6.03530586900973365\n                },\n                \"relativeDistanceFromHomeFence\": 10\n            },\n            \"deviceMetadata\": {\n                \"platform\": \"Android\",\n                \"osVersion\": \"6.0.0\",\n                \"model\": \"Samsung Galaxy\",\n                \"locale\": \"en\"\n            }\n        }\n    ]\n}\n```\n\nThe following API calls are available\n\n```javascript\n/*********************/\n/* Authentication */\n/*********************/\ntado.authenticate(refreshToken?, interval?);\ntado.setTokenCallback(cb);\n\n/*********************/\n/* Low-level methods */\n/*********************/\ntado.apiCall(url, method = 'get', data = {});\n\n/****************************************/\n/* High-level methods (Tado and Tado-X) */\n/****************************************/\ntado.getMe();\ntado.getHome(home_id);\ntado.getWeather(home_id);\ntado.getInstallations(home_id);\ntado.getUsers(home_id);\ntado.getState(home_id);\ntado.getMobileDevices(home_id);\ntado.getMobileDevice(home_id, device_id);\ntado.getMobileDeviceSettings(home_id, device_id);\ntado.isAnyoneAtHome(home_id);\ntado.setPresence(home_id, presence);\ntado.updatePresence(home_id);\ntado.getAirComfort(home_id);\ntado.getEnergyIQ(home_id);\ntado.getEnergyIQTariff(home_id);\ntado.addEnergyIQTariff(home_id, unit, startDate, endDate, tariffInCents);\ntado.updateEnergyIQTariff(home_id, tariff_id, unit, startDate, endDate, tariffInCents);\ntado.getEnergyIQMeterReadings(home_id);\ntado.addEnergyIQMeterReading(home_id, date, reading);\ntado.deleteEnergyIQMeterReading(home_id, reading_id);\ntado.getEnergySavingsReport(home_id, year, month, countryCode); // countryCode should match home country, it can be retrieved from getHome(home_id).address.country\n\n/**********************************/\n/* High-level methods (Tado only) */\n/**********************************/\ntado.getZones(home_id);\ntado.getZoneState(home_id, zone_id);\ntado.getZoneCapabilities(home_id, zone_id);\ntado.getZoneOverlay(home_id, zone_id);\ntado.getZoneDayReport(home_id, zone_id, reportDate)\ntado.getTimeTables(home_id, zone_id);\ntado.getAwayConfiguration(home_id, zone_id);\ntado.getTimeTable(home_id, zone_id, timetable_id);\ntado.setWindowDetection(home_id, zone_id, enabled, timeout);\ntado.clearZoneOverlays(home_id, [zone_id, ...]);\ntado.setZoneOverlays(home_id, [overlays, ...], termination);\ntado.getZoneDefaultOverlay(home_id, zone_id);\ntado.setZoneDefaultOverlay(home_id, zone_id, overlay);\ntado.getDevices(home_id);\ntado.getDeviceTemperatureOffset(device_id);\ntado.setDeviceTemperatureOffset(device_id, temperatureOffset);\ntado.identifyDevice(device_id);\n\n/***********************************/\n/* High-level methods (TadoX only) */\n/***********************************/\ntado.getRoomsAndDevice(home_id);\ntado.getRooms(home_id);\ntado.getRoomState(home_id, room_id);\ntado.resumeSchedule(home_id, room_id);\ntado.manualControl(home_id, room_id, power, temperature termination);\n\n/**********************************/\n/* Deprecated methods (Tado only) */\n/**********************************/\ntado.clearZoneOverlay(home_id, zone_id);\ntado.setZoneOverlay(home_id, zone_id, power, temperature, termination);\n```\n\n### Authentication Semantics\n\nThe new device flow could be slightly frustrating for headless apps so I've\ntried to cover all use cases and make the use as ergonomic as possible. The\n`authenticate` method below must be called before anything else\n\n```typescript\nasync authenticate(\n    refreshToken?: string,\n    timeout?: number,\n  ): Promise\u003c[DeviceVerification | undefined, Promise\u003cToken\u003e]\u003e {\n```\n\n- If a refresh token is provided\n    - Try to use it, otherwise revert to device auth flow\n    - If it works then return [undefined, Promise\u003cToken\u003e] - where the Promise\n      will immediately resolve\n- No refresh token provided\n    - Start a device auth flow\n    - Device auth flow will return the DeviceVerification object that has the\n      relevant URL, and a Promise\u003cToken\u003e that will resolve on successful\n      authentication. It uses a timeout of `Math.min(timeout, tado.expires_in)`\n\nAll auth errors should be identifiable now;\n\n- `NotAuthenticated` - if the authenticate method call wasn't made yet\n- `InvalidRefreshToken` - either the supplied refresh token has expired, was\n  incorrectly typed, or you haven't made an API call in the last 30 days (see\n  note 1 below)\n- `AuthTimeout` - you didn't hit the device auth URL quick enough\n\nThere's also now an example in `examples/auth.ts` because it may be a little\nfiddly.\n\n_Note 1. I haven't implemented any background polling to refresh the refresh\ntoken - you'll need to call the API once every 30 days (That's how long refresh\ntokens are currently useable)_\n\n### Setting Zone Overlays\n\nThe `setZoneOverlay` and `clearZoneOverlay` methods have been deprecated in favour of `setZoneOverlays` and `clearZoneOverlays` respectively.\n\nThe `setZoneOverlays` method takes an array of `overlays` in the form of\n\n```javascript\n{\n    zone_id: 123,           # Required\n    power: \"ON\",            # HEATING and AC\n    temperature: {          # HEATING and AC\n        celsius: 24,\n        fahrenheit: 75.2\n    },\n    mode: \"HEAT\",           # AC only\n    fanLevel: \"LEVEL1\",     # AC only\n    verticalSwing: \"OFF\",   # AC only\n    horizontalSwing: \"OFF\", # AC only\n    light: \"OFF\",           # AC only\n}\n```\n\nIt is not required to use upper case in the values, the library will convert the strings for you. It is also not required to supply both celsius and fahrenheit, the Tado API is able to convert for you.\n\nThe `termination` argument should be one of the following:\n\n- A positive integer - this will be interpreted as the number of seconds to set the overlay for\n- \"auto\" - this will put the overlay into \"TADO_MODE\"\n    - _Note: This uses the default termination type set on the zone_\n- \"next_time_block\" - overlay until the next scheduled event\n- Anything else - the overlay will exist indefinitely and will need manually clearing\n\n### Setting Geo Presence\n\nThe `setPresence` method call takes the following arguments\n\n- _presence_ - **home**, **away** or **auto**\n\n**Documentation of deprecated methods**\n\nThe `setZoneOverlay` method call takes the following arguments\n\n**Note:** It will automatically determine the type of system that it is affecting\n\n- _power_ - **on** or **off** (case insensitive) [**default:** off]\n- _temperature_ - _Integer_ temperature in Celsius, if affecting a HEATING system\n- _termination_ - _Integer_ , **auto**, **next_time_block**, or **manual** (case insensitive, integer denotes a timer in seconds) [**default:** manual]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattdavis90%2Fnode-tado-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmattdavis90%2Fnode-tado-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattdavis90%2Fnode-tado-client/lists"}