{"id":15011831,"url":"https://github.com/mjancarik/merkur","last_synced_at":"2026-03-03T11:15:01.075Z","repository":{"id":39972783,"uuid":"244752248","full_name":"mjancarik/merkur","owner":"mjancarik","description":"tiny extensible javascript library for front-end microservices","archived":false,"fork":false,"pushed_at":"2025-07-24T13:48:45.000Z","size":11083,"stargazers_count":48,"open_issues_count":0,"forks_count":8,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-08-08T19:33:55.975Z","etag":null,"topics":["hyperhtml","javascript","merkur","microfrontends","microservices","microservices-architecture","nodejs","preact","react","svelte","uhtml"],"latest_commit_sha":null,"homepage":"https://merkur.js.org/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mjancarik.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-03-03T22:10:40.000Z","updated_at":"2025-07-24T13:48:50.000Z","dependencies_parsed_at":"2023-10-13T18:08:43.010Z","dependency_job_id":"64554bf2-9ea0-4e37-b00e-4771d686f8fd","html_url":"https://github.com/mjancarik/merkur","commit_stats":{"total_commits":570,"total_committers":20,"mean_commits":28.5,"dds":"0.33684210526315794","last_synced_commit":"ef1b38f23e43e2fd7ef6a2bec680fb40a2de3715"},"previous_names":[],"tags_count":145,"template":false,"template_full_name":null,"purl":"pkg:github/mjancarik/merkur","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mjancarik%2Fmerkur","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mjancarik%2Fmerkur/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mjancarik%2Fmerkur/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mjancarik%2Fmerkur/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mjancarik","download_url":"https://codeload.github.com/mjancarik/merkur/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mjancarik%2Fmerkur/sbom","scorecard":{"id":651306,"data":{"date":"2025-08-11","repo":{"name":"github.com/mjancarik/merkur","commit":"fd8d7070bbab4afcb55990e1c253a5aea487c6f0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Code-Review","score":2,"reason":"Found 5/17 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/mjancarik/merkur/ci.yml/master?enable=pin","Warn: npmCommand not pinned by hash: utils/CIRelease.sh:17","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:34","Info:   0 out of  17 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   3 out of   5 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"20 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-jxhc-q857-3j6g","Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8","Warn: Project is vulnerable to: GHSA-5866-49gr-22v4","Warn: Project is vulnerable to: GHSA-8cr8-4vfw-mr7h","Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6","Warn: Project is vulnerable to: GHSA-vg3r-rm7w-2xgh","Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3","Warn: Project is vulnerable to: GHSA-5cm2-9h8c-rvfx","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m","Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-8266-84wp-wv5c","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T13:34:30.917Z","repository_id":39972783,"created_at":"2025-08-21T13:34:30.918Z","updated_at":"2025-08-21T13:34:30.918Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271604713,"owners_count":24788759,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-22T02:00:08.480Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hyperhtml","javascript","merkur","microfrontends","microservices","microservices-architecture","nodejs","preact","react","svelte","uhtml"],"created_at":"2024-09-24T19:41:46.627Z","updated_at":"2026-02-23T11:42:38.377Z","avatar_url":"https://github.com/mjancarik.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://merkur.js.org/docs/getting-started\" title=\"Getting started\"\u003e\n    \u003cimg src=\"https://raw.githubusercontent.com/mjancarik/merkur/master/images/merkur-logo.png\" width=\"100px\" height=\"100px\" alt=\"Merkur illustration\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n# Merkur\n\n[![Build Status](https://github.com/mjancarik/merkur/workflows/CI/badge.svg)](https://github.com/mjancarik/merkur/actions/workflows/ci.yml)\n[![NPM package version](https://img.shields.io/npm/v/@merkur/core/latest.svg)](https://www.npmjs.com/package/@merkur/core)\n![npm bundle size (scoped version)](https://img.shields.io/bundlephobia/minzip/@merkur/core/latest)\n[![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier)\n\nThe [Merkur](https://merkur.js.org/) is tiny extensible javascript library for front-end microservices(micro frontends). It allows by default server side rendering for loading performance boost. You can connect it with other frameworks or languages because merkur defines easy API. You can use one of six predefined template's library [Preact](https://preactjs.com/), [µhtml](https://github.com/WebReflection/uhtml#readme), [Svelte](https://svelte.dev/) and [vanilla](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals) but you can easily extend for others.\n\n## Features\n - Flexible templating engine\n - Usable with all tech stacks\n - SSR-ready by default\n - Easy extensible with plugins\n - Tiny - 1 KB minified + gzipped \n\n## Getting started\n\n```bash\nnpx @merkur/create-widget \u003cname\u003e\n\ncd name\n\nnpm run dev // Point your browser at http://localhost:4444/\n```\n![alt text](https://raw.githubusercontent.com/mjancarik/merkur/master/images/hello-widget.png \"Merkur example, hello widget\")\n## Documentation\n\nTo check out [live demo](https://merkur.js.org/demo) and [docs](https://merkur.js.org/docs), visit [https://merkur.js.org](https://merkur.js.org).\n\n## Contribution\n\nContribute to this project via [Pull-Requests](https://github.com/mjancarik/merkur/pulls).\n\nWe are following [Conventional Commits Specification](https://www.conventionalcommits.org/en/v1.0.0/#summary). To simplify the commit process, you can use `npm run commit` command. It opens an interactive interface, which should help you with commit message composition.\n\n\n### Release\n\nTo release a version you must have the right permissions, please contact one of the repo maintainers.\n\n\n#### Regular version release\n\nTo do a regular release, in the root of the monorepo run:\n\n```\nnpm run release\n```\n\n#### RC (preversion) release\n\n1. From the specific package directory, use this `lerna version` command to bump package versions:\n  ```\n  npx lerna version \u003cpreminor | prepatch | prerelease\u003e --no-git-tag-version --no-push\n  // prerelease increments the pre* version's last number, e.g. v0.44.0-rc.0 =\u003e v0.44.0-rc.1\n  ```\n  - alternatively, manually change the version in the package's `package.json` and in `lerna.json`, and run `npm install` from the root of the monorepo.\n2. Restore all files not related to the package you intend to release. These files should remain:\n  - the package's own `package.json`\n  - `lerna.json` (otherwise lerna will stop incrementing the pre-version's number, for some reason)\n  - `package-lock.json`\n3. Commit the changes (must still be a conventional commit. Suggested: `chore(release): publish`). \n4. Tag the commit with the version (e.g. `v0.44.0-rc.0`). \n5. Push the commit to the repo.\n6. Push the tag to the repo: `git push origin tag \u003ctagname\u003e` (e.g. `git push origin tag v0.44.0-rc.0`).\n\nThe packages are released from a GitHub Action that is triggered when a new version tag is pushed to the repository.\n\nBefore the actual release, it's safer to return all version numbers to the last stable version. Another option is to release from a separate branch, so your feature branch stays clean.\n\n---\n\nThank you to all the people who already contributed to Merkur!\n\n\u003ca href=\"https://github.com/mjancarik/merkur/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=mjancarik/merkur\" /\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmjancarik%2Fmerkur","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmjancarik%2Fmerkur","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmjancarik%2Fmerkur/lists"}