{"id":16485291,"url":"https://github.com/morganconrad/gitdir","last_synced_at":"2025-10-05T14:28:52.319Z","repository":{"id":71409811,"uuid":"105298190","full_name":"MorganConrad/gitdir","owner":"MorganConrad","description":"Get files from GitHub or GitLab repositories","archived":false,"fork":false,"pushed_at":"2017-10-31T14:26:35.000Z","size":20,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-09T05:13:08.642Z","etag":null,"topics":["github","gitlab","javascript"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MorganConrad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-29T17:13:16.000Z","updated_at":"2020-01-18T22:26:23.000Z","dependencies_parsed_at":"2023-03-07T14:00:19.953Z","dependency_job_id":null,"html_url":"https://github.com/MorganConrad/gitdir","commit_stats":{"total_commits":10,"total_committers":2,"mean_commits":5.0,"dds":0.09999999999999998,"last_synced_commit":"ec0f5bd2e2ebc54ffce0fcfdda4cfb0599a72181"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MorganConrad/gitdir","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MorganConrad%2Fgitdir","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MorganConrad%2Fgitdir/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MorganConrad%2Fgitdir/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MorganConrad%2Fgitdir/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MorganConrad","download_url":"https://codeload.github.com/MorganConrad/gitdir/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MorganConrad%2Fgitdir/sbom","scorecard":{"id":96059,"data":{"date":"2025-08-11","repo":{"name":"github.com/MorganConrad/gitdir","commit":"ec0f5bd2e2ebc54ffce0fcfdda4cfb0599a72181"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Code-Review","score":1,"reason":"Found 1/10 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T09:05:07.400Z","repository_id":71409811,"created_at":"2025-08-15T09:05:07.400Z","updated_at":"2025-08-15T09:05:07.400Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278465165,"owners_count":25991359,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","gitlab","javascript"],"created_at":"2024-10-11T13:25:13.356Z","updated_at":"2025-10-05T14:28:52.276Z","avatar_url":"https://github.com/MorganConrad.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://secure.travis-ci.org/MorganConrad/gitdir.png)](http://travis-ci.org/MorganConrad/gitdir)\n[![License](http://img.shields.io/badge/license-MIT-A31F34.svg)](https://github.com/MorganConrad/gitdir)\n[![NPM Downloads](http://img.shields.io/npm/dm/gitdir.svg)](https://www.npmjs.org/package/gitdir)\n[![Known Vulnerabilities](https://snyk.io/test/github/morganconrad/gitdir/badge.svg)](https://snyk.io/test/github/morganconrad/gitdir)\n[![Coverage Status](https://coveralls.io/repos/github/MorganConrad/gitdir/badge.svg)](https://coveralls.io/github/MorganConrad/gitdir)\n# gitdir\n\nJavascript / node.js code to read a single directory from a GitHub or GitLab repository.  All the files (not directories) and their contents, are returned in an array or map.  Useful if you want to grab a small part of some external repository for your project.\n\n## basic usage\n\n```\nvar gitdir = require('gitdir');\n...\ngitdir(repositoryName, directory, options, callback);\n```\n\n**repositoryName** combines the user and the repo, and the delimiter is important!\n * for GitHub use `JohnDoe/CoolRepository`\n * for GitLab, use `JohnDoe%2FCoolRepository`\n\ne.g.   to read the root directory of the [Github npm](https://github.com/npm/npm) repository,\n```javascript\n   gitdir(\"npm/npm\", \"\", {}, function(err, data) {\n      // data contains an array of objects with file information\n   });\n```\nFor GitHub, the file information is similar to what you'd get from [Get Contents](https://developer.github.com/v3/repos/contents/#get-contents)\n\n_e.g._ https://api.github.com/repos/{repositoryName}/contents/\n\nexcept:\n  1. Usually only files (not dirs) are included (see **options.keepAll** below)\n  2. A new field, \"contents\", has the contents of the file.\n\n\nExample for a single file `npm/npm/LICENSE`  (contents truncated for this example)\n\n```\n{\n   \"name\": \"LICENSE\",\n   \"path\": \"LICENSE\",\n   \"sha\": \"0b6c2287459632e4aaf63bd7d53eb9ba054b57ea\",\n   \"size\": 9742,\n   \"url\": \"https://api.github.com/repos/npm/npm/contents/LICENSE?ref=latest\",\n   \"html_url\": \"https://github.com/npm/npm/blob/latest/LICENSE\",\n   \"git_url\": \"https://api.github.com/repos/npm/npm/git/blobs/0b6c2287459632e4aaf63bd7d53eb9ba054b57ea\",\n   \"download_url\": \"https://raw.githubusercontent.com/npm/npm/latest/LICENSE\",\n   \"type\": \"file\",\n   \"_links\": {\n      \"self\": \"https://api.github.com/repos/npm/npm/contents/LICENSE?ref=latest\",\n      \"git\": \"https://api.github.com/repos/npm/npm/git/blobs/0b6c2287459632e4aaf63bd7d53eb9ba054b57ea\",\n      \"html\": \"https://github.com/npm/npm/blob/latest/LICENSE\"\n   },\n   \"contents\": \"The npm application\\nCopyright (c) npm, Inc. ...\"\n}\n```\n\nFor GitLab, the information is similar to what you'd get from [List repository tree](https://docs.gitlab.com/ce/api/repositories.html#list-repository-tree)\n\n_e.g._ https://gitlab.com/api/v4/projects/{repositoryName}/repository/tree?private_token={options.private_token}\u0026ref={options.branch}, with the addition of a contents and a download_url, which was used to fetch the contents.\n\ne.g. `gitlab-com%2Fwww-gitlab-com/LICENCE`, you get:\n\n```\n{\n   \"id\": \"e186012554b42685b8e3b9bd52f3658f2d1d215c\",\n   \"name\": \"LICENCE\",\n   \"type\": \"blob\",\n   \"path\": \"LICENCE\",\n   \"mode\": \"100644\",\n   \"download_url\":\"https://gitlab.com/api/v4/projects/gitlab-com%2Fwww-gitlab-com/repository/files/LICENCE/raw?private_token=\u0026ref=master\",\n   \"contents\": \"Copyright (c) GitLab B.V. \\n\"\n}\n```\n\n## Options\n\n|Option | Default | Notes |\n|:------|:--------|:------|\n|gitlab, GitLab    | false| false =\u003e GitHub|\n|body_key          | \"contents\" | name of the new key holding the file contents (\"body\") |\n|blob              | false    | GitLab only.  Get content from [blob](https://docs.gitlab.com/ce/api/repositories.html#get-a-blob-from-repository) `blobs/:sha` instead of [raw file](https://docs.gitlab.com/ce/api/repository_files.html#get-raw-file-from-repository) `files/:file_path`\n|branch            | \"master\" | note - not tested much yet...|\n|deleteDownloadURL | false    | delete the download URL from the data, in case in contains a private_token |\n|fileFilter        | null     | see below|\n|gitlab_API_root   | \"https://gitlab.com/api/v4\" | change if you have your own GitLab server |\n|github_API_root   | \"https://api.github.com\" | change if you have your own GitHub server |\n|keepAll           | false    | keep all results (including directories).  Normally only files are kept. |\n|map               |  false   | if true, return a map (with key = path) instead of array of file information |\n|private_token     |  \"\"      | needed if you are fetching a private repository |\n|recur             |  false   |  not yet supported |\n|user_agent        | \"github.com/MorganConrad/gitdir\" | required for the API call, be polite |\n\n\n\n**options.fileFilter** determines which files will be included\n - if missing, include all files, except those ending in \".jar\".\n - if a string or Regex, only include matching filePaths.\n - if a user-provided-function, include the file when `filter(filePath, fileInfo)` returns true.  _e.g._ If you want to use [multimatch](https://www.npmjs.com/package/multimatch)\n\n\n### Caveats, TODOs\n\n  1. the private_token is a security weakness, and, even worse, may appear in the results.\n   - You should probably use the deleteDownloadURL option.\n   - Haven't tried it with GitHub cause I don't have any private repos there.\n   - For GitLab, you should use a more granular [\"Personal Access Token\"](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) instead.\n  2. Branch isn't well tested.\n  3. Recursion into directories might be added later.\n  4. Not sure about encoding for non-text contents.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorganconrad%2Fgitdir","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmorganconrad%2Fgitdir","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorganconrad%2Fgitdir/lists"}