{"id":16155001,"url":"https://github.com/mweibel/connect-session-sequelize","last_synced_at":"2026-01-22T10:02:49.275Z","repository":{"id":7801018,"uuid":"9171327","full_name":"mweibel/connect-session-sequelize","owner":"mweibel","description":"Sequelize SessionStore for Express/Connect","archived":false,"fork":false,"pushed_at":"2025-11-26T13:14:23.000Z","size":772,"stargazers_count":214,"open_issues_count":0,"forks_count":78,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-11-29T10:55:48.133Z","etag":null,"topics":["database","express","nodejs","sequelize","sessions","sessionstorage"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mweibel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2013-04-02T13:54:43.000Z","updated_at":"2025-11-26T13:14:18.000Z","dependencies_parsed_at":"2025-11-28T21:08:38.157Z","dependency_job_id":null,"html_url":"https://github.com/mweibel/connect-session-sequelize","commit_stats":{"total_commits":148,"total_committers":42,"mean_commits":"3.5238095238095237","dds":0.5810810810810811,"last_synced_commit":"02452dd1023e9bb58da5b1ac13d7ee3ae8fc51c5"},"previous_names":[],"tags_count":45,"template":false,"template_full_name":null,"purl":"pkg:github/mweibel/connect-session-sequelize","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mweibel%2Fconnect-session-sequelize","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mweibel%2Fconnect-session-sequelize/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mweibel%2Fconnect-session-sequelize/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mweibel%2Fconnect-session-sequelize/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mweibel","download_url":"https://codeload.github.com/mweibel/connect-session-sequelize/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mweibel%2Fconnect-session-sequelize/sbom","scorecard":{"id":669807,"data":{"date":"2025-08-11","repo":{"name":"github.com/mweibel/connect-session-sequelize","commit":"4cfeb94bd4416a9c8bc42a9a276a2a834308c41f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.3,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/node.js.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":3,"reason":"Found 7/23 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"14 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mweibel/connect-session-sequelize/node.js.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mweibel/connect-session-sequelize/node.js.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T19:35:15.038Z","repository_id":7801018,"created_at":"2025-08-21T19:35:15.038Z","updated_at":"2025-08-21T19:35:15.038Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28661022,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["database","express","nodejs","sequelize","sessions","sessionstorage"],"created_at":"2024-10-10T01:19:27.664Z","updated_at":"2026-01-22T10:02:49.270Z","avatar_url":"https://github.com/mweibel.png","language":"JavaScript","readme":"# Connect Session Store using Sequelize\n\n[![Node.js CI](https://github.com/mweibel/connect-session-sequelize/actions/workflows/node.js.yml/badge.svg)](https://github.com/mweibel/connect-session-sequelize/actions/workflows/node.js.yml)\n\nconnect-session-sequelize is a SQL session store using [Sequelize.js](http://sequelizejs.com).\n\n# Installation\n\nPlease note that the most recent version requires **express 4.** If you use _express 3_ you should install version 0.0.5 and follow [the instructions in the previous README](https://github.com/mweibel/connect-session-sequelize/blob/7a446de5a7a2ebc562d288a22896d55f0fbe6e5d/README.md).\n\n```\n$ npm install connect-session-sequelize\n```\n\n# Options\n\n- `db` a successfully connected Sequelize instance\n- `table` _(optional)_ a table/model which has already been imported to your Sequelize instance, this can be used if you want to use a specific table in your db\n- `modelKey` _(optional)_ a string for the key in sequelize's models-object but it is also the name of the class to which it references (conventionally written in Camelcase) that's why it is \"Session\" by default if `table` is not defined.\n- `tableName` _(optional)_ a string for naming the generated table if `table` is not defined.\n  Default is the value of `modelKey`.\n- `extendDefaultFields` _(optional)_ a way add custom data to table columns. Useful if using a custom model definition\n- `disableTouch` _(optional)_ When true, the store will not update the db when receiving a touch() call. This can be useful in limiting db writes and introducing more manual control of session updates.\n\n# Usage\n\nWith connect\n\n```javascript\nconst connect = require(\"connect\");\n// for express, just call it with 'require('connect-session-sequelize')(session.Store)'\nconst SequelizeStore = require(\"connect-session-sequelize\")(\n  connect.session.Store\n);\n\nconnect().use(\n  connect.session({\n    store: new SequelizeStore(options),\n    secret: \"CHANGEME\",\n  })\n);\n```\n\nWith express 4:\n\n```javascript\n// load dependencies\nvar express = require(\"express\");\nvar Sequelize = require(\"sequelize\");\nvar session = require(\"express-session\");\n\n// initalize sequelize with session store\nvar SequelizeStore = require(\"connect-session-sequelize\")(session.Store);\n\n// create database, ensure 'sqlite3' in your package.json\nvar sequelize = new Sequelize(\"database\", \"username\", \"password\", {\n  dialect: \"sqlite\",\n  storage: \"./session.sqlite\",\n});\n\n// configure express\nvar app = express();\napp.use(\n  session({\n    secret: \"keyboard cat\",\n    store: new SequelizeStore({\n      db: sequelize,\n    }),\n    resave: false, // we support the touch method so per the express-session docs this should be set to false\n    proxy: true, // if you do SSL outside of node.\n  })\n);\n// continue as normal\n```\nIf you want SequelizeStore to create/sync the database table for you, you can call `sync()` against an instance of `SequelizeStore` along with [options](https://sequelize.org/master/class/lib/model.js~Model.html#static-method-sync) if needed. This will run a sequelize `sync()` operation on the model for an initialized SequelizeStore object :\n\n```javascript\nvar myStore = new SequelizeStore({\n  db: sequelize,\n});\napp.use(\n  session({\n    secret: \"keyboard cat\",\n    store: myStore,\n    resave: false,\n    proxy: true,\n  })\n);\n\nmyStore.sync();\n```\n\n# Session expiry\n\nSession records are automatically expired and removed from the database on an interval. The `cookie.expires` property is used to set session expiry time. If that property doesn't exist, a default expiry of 24 hours is used. Expired session are removed from the database every 15 minutes by default. That interval as well as the default expiry time can be set as store options:\n\n```javascript\nnew SequelizeStore({\n  ...\n  checkExpirationInterval: 15 * 60 * 1000, // The interval at which to cleanup expired sessions in milliseconds.\n  expiration: 24 * 60 * 60 * 1000  // The maximum age (in milliseconds) of a valid session.\n});\n```\n\n## Expiration interval cleanup: `stopExpiringSessions`\n\nAs expirations are checked on an interval timer, `connect-session-sequelize` can keep your process from exiting. This can be problematic e.g. in testing when it is known that the application code will no longer be used, but the test script never terminates. If you know that the process will no longer be used, you can manually clean up the interval by calling the `stopExpiringSessions` method:\n\n```js\n// assuming you have set up a typical session store, for example:\nvar myStore = new SequelizeStore({\n  db: sequelize,\n});\n\n// you can stop expiring sessions (cancel the interval). Example using Mocha:\nafter(\"clean up resources\", () =\u003e {\n  myStore.stopExpiringSessions();\n});\n```\n\n# Add custom field(s) as a column\n\nThe `extendDefaultFields` can be used to add custom fields to the session table. These fields will be read-only as they will be inserted only when the session is first created as `defaults`. Make sure to return an object which contains unmodified `data` and `expires` properties, or else the module functionality will be broken:\n\n```javascript\nsequelize.define(\"Session\", {\n  sid: {\n    type: Sequelize.STRING,\n    primaryKey: true,\n  },\n  userId: Sequelize.STRING,\n  expires: Sequelize.DATE,\n  data: Sequelize.TEXT,\n});\n\nfunction extendDefaultFields(defaults, session) {\n  return {\n    data: defaults.data,\n    expires: defaults.expires,\n    userId: session.userId,\n  };\n}\n\nvar store = new SequelizeStore({\n  db: sequelize,\n  table: \"Session\",\n  extendDefaultFields: extendDefaultFields,\n});\n```\n\n# Contributing/Reporting Bugs\n\nTry to replicate your issue using [mweibel/connect-session-sequelize-example](https://github.com/mweibel/connect-session-sequelize-example/) and add that as a link to your issue.\n\nThis way it's much simpler to reproduce and help you.\n\n# License\n\nMIT\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmweibel%2Fconnect-session-sequelize","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmweibel%2Fconnect-session-sequelize","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmweibel%2Fconnect-session-sequelize/lists"}