{"id":14007162,"url":"https://github.com/n4bb12/vercel-github-oauth-proxy","last_synced_at":"2026-02-14T21:13:51.506Z","repository":{"id":57159833,"uuid":"323732139","full_name":"n4bb12/vercel-github-oauth-proxy","owner":"n4bb12","description":"▲🔐 Protect a static website hosted on Vercel behind GitHub authentication.","archived":false,"fork":false,"pushed_at":"2025-12-12T12:45:35.000Z","size":320,"stargazers_count":32,"open_issues_count":1,"forks_count":17,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-14T03:12:40.778Z","etag":null,"topics":["github-oauth","vercel"],"latest_commit_sha":null,"homepage":"https://vercel-github-oauth-proxy.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/n4bb12.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-22T21:01:46.000Z","updated_at":"2025-12-12T12:45:40.000Z","dependencies_parsed_at":"2024-08-10T10:14:09.209Z","dependency_job_id":null,"html_url":"https://github.com/n4bb12/vercel-github-oauth-proxy","commit_stats":{"total_commits":30,"total_committers":1,"mean_commits":30.0,"dds":0.0,"last_synced_commit":"31d4074f397cdaca3cc1b3a91c59429302b9ae6a"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/n4bb12/vercel-github-oauth-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n4bb12%2Fvercel-github-oauth-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n4bb12%2Fvercel-github-oauth-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n4bb12%2Fvercel-github-oauth-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n4bb12%2Fvercel-github-oauth-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/n4bb12","download_url":"https://codeload.github.com/n4bb12/vercel-github-oauth-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n4bb12%2Fvercel-github-oauth-proxy/sbom","scorecard":{"id":672156,"data":{"date":"2025-08-11","repo":{"name":"github.com/n4bb12/vercel-github-oauth-proxy","commit":"b5b6b13bc4054647460beb65c363934a684ee92e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: ISC License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"29 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T20:29:43.416Z","repository_id":57159833,"created_at":"2025-08-21T20:29:43.416Z","updated_at":"2025-08-21T20:29:43.416Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29455735,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T15:52:44.973Z","status":"ssl_error","status_checked_at":"2026-02-14T15:52:11.208Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-oauth","vercel"],"created_at":"2024-08-10T10:01:52.392Z","updated_at":"2026-02-14T21:13:51.494Z","avatar_url":"https://github.com/n4bb12.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  ▲🔐 Vercel GitHub OAuth Proxy\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Protect a static website hosted on Vercel behind GitHub authentication.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.npmjs.com/package/vercel-github-oauth-proxy\"\u003e\n    \u003cimg alt=\"Version\" src=\"https://img.shields.io/npm/v/vercel-github-oauth-proxy?style=flat-square\u0026logo=npm\"\u003e\n  \u003c/a\u003e\n\n  \u003ca href=\"https://raw.githubusercontent.com/n4bb12/vercel-github-oauth-proxy/main/LICENSE\"\u003e\n    \u003cimg alt=\"License\" src=\"https://img.shields.io/badge/license-ISC-blue?style=flat-square\u0026logo=github\"\u003e\n  \u003c/a\u003e\n  \n  \u003ca href=\"https://github.com/n4bb12/vercel-github-oauth-proxy/issues/new/choose\"\u003e\n    \u003cimg alt=\"Issues\" src=\"https://img.shields.io/badge/github-create%20issue-brightgreen?style=flat-square\u0026logo=github\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n## Setup\n\n### Step 1 — Add the library\n\n```\nbun add vercel-github-oauth-proxy\n```\n\n### Step 2 — Create an API endpoint at `/api/index.ts`\n\n```ts\nimport { createLambdaProxyAuthHandler } from \"vercel-github-oauth-proxy\"\n\nexport default createLambdaProxyAuthHandler(config)\n```\n\n`config.cryptoSecret`\n\nThis is used to sign cookies.\n\n`config.staticDir`\n\nThe output directory of the static website.\n\n`config.sessionDurationSeconds`\n\nThe duration of the session in seconds. After this time, the user will need to\nre-authenticate.\n\n`config.githubOrgName`\n\nThe GitHub organization users need to be part of in order to be able to sign in.\n\nYou cannot use your personal GitHub account for this, you need an organization.\n\n`config.githubClientId`\n`config.githubClientSecret`\n\nThe id/secret pair of your GitHub OAuth app.\n\nCreate a new OAuth app at\n`https://github.com/organizations/{config.githubOrgName}/settings/applications/new`\n\n`config.githubOrgAdminToken`\n\nCreate a token with `read:org` permission at \u003chttps://github.com/settings/tokens\u003e.\n\nThe reason you need a token is that private org memberships can only be\ndetermined by making an authenticated API request.\n\nWe could request `read:org` scope during the OAuth flow and then use each user's\naccess token to determine org membership, but using this method means the user\nadditionally needs to request org access during or after the login flow and\nrequires an org admin to confirm. This makes this approach inconvenient for both\nthe users and the admin.\n\nTherefore we're using a separate org admin token to verify membership during\nlogin (org admins can see all users).\n\n### Step 3 — Create a `vercel.json`\n\n```json\n{\n  \"version\": 2,\n  \"routes\": [{ \"src\": \"/(.*)\", \"dest\": \"/api/index.ts\" }],\n  \"functions\": {\n    \"api/index.ts\": {\n      \"includeFiles\": \"static/**\"\n    }\n  }\n}\n```\n\nThis routes all traffic through the lambda endpoint.\n\nAdapt `includeFiles` to your public output folder. Including these files is\nrequired because the static website needs to be deployed as part of the lambda\nfunction, not the default build. See also these docs:\n\n- [functions](https://vercel.com/docs/projects/project-configuration#functions)\n- [size limits](https://vercel.com/docs/functions/serverless-functions/runtimes#size-limits).\n\n### Step 4 — Build\n\nIf you have an existing `build` script, rename it to `vercel-build` to build\nyour website as part of the lambda build instead of the normal build.\n\nMake sure to not keep the `build` script as it would result in duplicate work or\nmay break deployment entirely. For more information see\n[custom-build-step-for-node-js](https://vercel.com/docs/functions/serverless-functions/runtimes/node-js#custom-build-step-for-node.js).\n\n```json\n{\n  \"scripts\": {\n    \"vercel-build\": \"your website build command\"\n  }\n}\n```\n\n## Local development\n\nTo develop locally, run\n\n```\nbunx vercel dev\n```\n\nWhen developing locally, you'll need to update your GitHub OAuth app's redirect\nURL to `http://localhost:3000`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn4bb12%2Fvercel-github-oauth-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fn4bb12%2Fvercel-github-oauth-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn4bb12%2Fvercel-github-oauth-proxy/lists"}