{"id":28425167,"url":"https://github.com/metamask/legacy-web3","last_synced_at":"2025-10-15T06:19:39.045Z","repository":{"id":42767256,"uuid":"266409997","full_name":"MetaMask/legacy-web3","owner":"MetaMask","description":"MetaMask's legacy window.web3","archived":false,"fork":false,"pushed_at":"2024-12-02T18:32:52.000Z","size":158,"stargazers_count":15,"open_issues_count":3,"forks_count":13,"subscribers_count":34,"default_branch":"main","last_synced_at":"2025-09-20T00:35:01.819Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MetaMask.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":"metamask","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2020-05-23T19:59:45.000Z","updated_at":"2025-08-07T03:07:11.000Z","dependencies_parsed_at":"2024-06-18T17:05:24.413Z","dependency_job_id":"f5d36065-1671-4b44-85a9-1918c5747109","html_url":"https://github.com/MetaMask/legacy-web3","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/MetaMask/legacy-web3","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Flegacy-web3","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Flegacy-web3/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Flegacy-web3/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Flegacy-web3/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MetaMask","download_url":"https://codeload.github.com/MetaMask/legacy-web3/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Flegacy-web3/sbom","scorecard":{"id":92949,"data":{"date":"2025-08-11","repo":{"name":"github.com/MetaMask/legacy-web3","commit":"bf27880114d8a5a0f54467ce45590fd0bc6eb5b0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":8,"reason":"Found 21/26 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.0.0 not signed: https://api.github.com/repos/MetaMask/legacy-web3/releases/36473197","Warn: release artifact v2.0.0 does not have provenance: https://api.github.com/repos/MetaMask/legacy-web3/releases/36473197"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/MetaMask/.github/SECURITY.md:1","Info: Found linked content: github.com/MetaMask/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/MetaMask/.github/SECURITY.md:1","Info: Found text in security policy: github.com/MetaMask/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"15 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-h452-7996-h45h","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-xwcq-pm8m-c4vf","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-27v7-qhfv-rqq8","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T08:15:18.536Z","repository_id":42767256,"created_at":"2025-08-15T08:15:18.536Z","updated_at":"2025-08-15T08:15:18.536Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279057961,"owners_count":26094842,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-15T02:00:07.814Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-05T10:36:26.413Z","updated_at":"2025-10-15T06:19:39.040Z","avatar_url":"https://github.com/MetaMask.png","language":"JavaScript","funding_links":["https://opencollective.com/metamask"],"categories":[],"sub_categories":[],"readme":"# @metamask/legacy-web3\n\nMetaMask's legacy `window.web3`.\n\n## Motivation\n\n_MetaMask **strongly** recommends that you [read our migration guide](https://docs.metamask.io/guide/provider-migration.html#replacing-window-web3) before using this package._\n_You should only rely on this package if you need a temporary fix or are no longer actively developing your web3 site._\n\nIn the near future, MetaMask will stop injecting `window.web3` into web pages.\n**When we do this, if your website relies on MetaMask's `window.web3` to function, it will break on that date unless you take action.**\nPlease refer to [the original announcement](https://medium.com/metamask/no-longer-injecting-web3-js-4a899ad6e59e) if you want to know why we're doing this.\n\nIf you do not wish to take either of the recommended migration paths, we provide this library as a drop-in replacement for our injected `window.web3`.\nSimply add it to your site using one of the methods outlined below, and your Ethereum functionality will continue to work after we stop injecting `window.web3`.\n\nYou can add this package before we stop injecting `window.web3`, without disrupting the Ethereum functionality of your website.\n\n## Disclaimer\n\nThis package is designed to emulate the functionality of our injected `window.web3`.\nThat said, we do not guarantee complete functional parity, and you may have to fix some bugs yourself.\nWe also make no guarantees about future maintenance of this package, and it is unlikely to support any new features added to [the MetaMask provider API](https://docs.metamask.io/guide/ethereum-provider.html).\n\n## Usage\n\nAs a `\u003cscript\u003e` in your web page:\n\n```html\n\u003chtml\u003e\n  \u003chead\u003e\n    \u003c!-- The legacy-web3 script must run BEFORE your other scripts. --\u003e\n    \u003cscript src=\"https://unpkg.com/@metamask/legacy-web3@latest/dist/metamask.web3.min.js\"\u003e\u003c/script\u003e\n    \u003c!-- Or: --\u003e\n    \u003cscript src=\"https://unpkg.com/@metamask/legacy-web3@latest/dist/metamask.web3.js\"\u003e\u003c/script\u003e\n    ...\n  \u003c/head\u003e\n  \u003cbody\u003e\n    ...\n  \u003c/body\u003e\n\u003c/html\u003e\n```\n\nOr add as a Node dependency:\n\n```shell\nyarn add @metamask/legacy-web3\n\n# or\n\nnpm install @metamask/legacy-web3\n```\n\n```javascript\nimport '@metamask/legacy-web3'\n\n// or\n\nrequire('@metamask/legacy-web3')\n\nconst { web3 } = window\nconst selectedAddress = web3.eth.defaultAccount\n```\n\n### Initialization Criteria\n\nThis package will only initialize `window.web3` under the following circumstances:\n\n- It detects an existing `window.ethereum`\n- It does **not** detect an existing `window.web3`\n\n`window.ethereum.isMetaMask` can be `true` or falsy.\nIf it is falsy and there is no existing `window.web3`, this package will initialize its `window.web3`, but there are no guarantees that it will work with non-MetaMask providers.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetamask%2Flegacy-web3","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmetamask%2Flegacy-web3","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetamask%2Flegacy-web3/lists"}