{"id":19674141,"url":"https://github.com/p3ol/buddy","last_synced_at":"2025-09-04T04:17:40.617Z","repository":{"id":37797859,"uuid":"218134925","full_name":"p3ol/buddy","owner":"p3ol","description":"🐕 Dead simple cross-domain iframe/window messaging","archived":false,"fork":false,"pushed_at":"2025-09-01T13:09:12.000Z","size":10289,"stargazers_count":9,"open_issues_count":11,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-01T15:12:16.559Z","etag":null,"topics":["iframe","popup","popup-messaging","popup-windows","post-message","post-messaging","promise"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p3ol.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-10-28T20:03:52.000Z","updated_at":"2025-08-26T13:26:13.000Z","dependencies_parsed_at":"2023-09-28T18:21:24.323Z","dependency_job_id":"614f6aec-e9af-4520-8440-f43f43a66db1","html_url":"https://github.com/p3ol/buddy","commit_stats":{"total_commits":929,"total_committers":6,"mean_commits":"154.83333333333334","dds":0.3756727664155005,"last_synced_commit":"cf8b5dc25ee37a4822c3a81882cdd39c4168ce87"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/p3ol/buddy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p3ol%2Fbuddy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p3ol%2Fbuddy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p3ol%2Fbuddy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p3ol%2Fbuddy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p3ol","download_url":"https://codeload.github.com/p3ol/buddy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p3ol%2Fbuddy/sbom","scorecard":{"id":716853,"data":{"date":"2025-08-11","repo":{"name":"github.com/p3ol/buddy","commit":"3b1cc5a07bb3678aaa09a52413e4ef5b40500ccc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.4,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/17 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/p3ol/buddy/codeql-analysis.yml/master?enable=pin","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (14) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T09:58:18.848Z","repository_id":37797859,"created_at":"2025-08-22T09:58:18.849Z","updated_at":"2025-08-22T09:58:18.849Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273549306,"owners_count":25125275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iframe","popup","popup-messaging","popup-windows","post-message","post-messaging","promise"],"created_at":"2024-11-11T17:17:24.016Z","updated_at":"2025-09-04T04:17:40.608Z","avatar_url":"https://github.com/p3ol.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"![CI](https://github.com/p3ol/buddy/workflows/CI/badge.svg)\n\n# 🐕 Buddy\n\n\u003e Dead simple cross-domain iframe messaging\n\n\n## Installation\n\n```bash\nyarn add @poool/buddy\n```\n\n\n## Usage with iFrames\n\n```javascript\nimport { on, send } from '@poool/buddy';\n\n// Register handler inside child window\non('getInfos', async event =\u003e {\n  console.log('You have a message from some window :', event.data);\n\n  // You can even pass methods to child window and retrieve its return value\n  // using promises or async/await:'\n  console.log(await event.data.someMethod());\n\n  // You can even send data back to parent, EVEN METHODS \\o/\n  // Parent will only have to await `send()` method promise to get the result\n  return { someOtherMethod: () =\u003e 30 };\n}, { source: someParentWindow });\n\n// And send some message from parent window\nsend(someChildWindow, 'getInfos', { infos: 'some string', someMethod: () =\u003e 25 }, { origin: '*' });\n```\n\nBuddy serializes all the primitive types (using `JSON.parse`) and even __methods__, using custom back \u0026 forth `Promise` logic.\n\n## Usage with WebSockets\n\nBuddy can also be used with WebSockets, by using the `WebSocket` object as __both target and source__:\n\nOn the server:\n```javascript\nimport { createServer } from 'node:http';\n\nimport { on } from '@poool/buddy';\nimport { WebSocketServer } from 'ws';\n\nconst server = createServer();\nconst wss = new WebSocketServer({ server });\n\nwss.on('connection', ws =\u003e {\n  on('getInfos', async event =\u003e {\n    console.log('You have a message from some browser:', event.data);\n\n    return { someOtherMethod: () =\u003e 30 };\n  }, { source: ws, target: ws });\n});\n\nserver.listen(8080);\n```\n\nOn the client:\n```javascript\nimport { send } from '@poool/buddy';\n\nconst ws = new WebSocket('ws://localhost:8080');\nws.addEventListener('open', () =\u003e {\n  send(ws, 'getInfos', { infos: 'some string', someMethod: () =\u003e 25 }, {\n    source: ws, target: ws,\n  });\n});\n```\n\n\n## Configuration\n\nGlobal options can be updated using `setGlobalOptions` method:\n\n```javascript\nimport { setGlobalOptions } from '@poool/buddy';\n\nsetGlobalOptions({ logLevel: 0 });\n```\n\n### Options\n\n#### timeout\n- Type: `Number`\n- Default: `5000`\n\nMessage expiration time, after which an error will be thrown.\n\n#### logLevel\n- Type: `Number`\n- Default: `1`\n\nEither `0` (disabled), `1` (error), `2` (warn), `3` (info), `4` (debug), `5` (log)\n\n#### queue\n- Type: `Boolean`\n- Default: `false`\n\nIf `true`, messages will be queued until the target window is ready to receive them.\nNeeds to also be set inside the target window to trigger a ready event.\n\n#### serializers\n- Type: `Array\u003cBuddySerializer\u003e`\n- Default: `[]`\n\nCustom serializers to use to serialize/unserialize data.\nSee [serializers](#serializers) section for more details.\n\n## Documentation\n\n### on(name, callback, options)\n\n* `name` {`String`} Event name\n* `callback` {`Function`}\n  * `event` {`Object`}\n* `options` {`Object`}\n  * `source` {`Window` | `WebSocket`} Source window or websocket connection\n  * `origin` {`String`} Origin expected from source. `*` (default) or any other origin.\n  * `...globalOptions`\n\n### send(target, name, data, options)\n\n* `target` {`Window` | `WebSocket`} Target window or websocket connection\n* `name` {`String`} Event name\n* `data` {`Object`} Data to be serialized \u0026 sent to child\n* `options` {`Object`}\n  * `origin` {`String`} Origin expected from source. `*` (default) or any other origin.\n  * `pingBack` {`Boolean`} Mostly used internally. Whether sender should await a response from receiver or not. `true` (default) or `false`\n  * `...globalOptions`\n\n## Custom serializers\n\nBuddy uses `JSON.stringify` to send pre-serialized data to `.postMessage` (and `JSON.parse` to deserialize), allowing to automatically serialize primitive data like numbers or strings, and uses\ninternal serializers to pre-serialize more complex data like `Date`, `Error` or even `Function` and `Promise` objects.\n\nAlthough it cannot cover all the possible use cases, you can add your own serializers to handle custom data types.\nA serializer is a simple object with four methods: `serializable`, `serialize`, `unserializable` and `unserialize`.\n\n```javascript\n// Creating a custom serializer for Map objects\nconst mapSerializer = {\n  serializable: data =\u003e data instanceof Map,\n  serialize: data =\u003e ({ type: 'map', entries: Array.from(data.entries()) }),\n  unserializable: data =\u003e data.type === 'map' \u0026\u0026 data.entries,\n  unserialize: data =\u003e new Map(data.entries),\n};\n```\n\n⚠️ A custom serializer's `serializable`/`unserializable` methods returning true for any data will override all the other serializers, even internal ones, so be careful to only match the data you specifically want to serialize.\n\n## Contributing\n\n[![](https://contrib.rocks/image?repo=p3ol/buddy)](https://github.com/p3ol/buddy/graphs/contributors)\n\nPlease check the [CONTRIBUTING.md](https://github.com/p3ol/buddy/blob/master/CONTRIBUTING.md) doc for contribution guidelines.\n\n## Development\n\nInstall dependencies:\n\n```bash\nyarn install\n```\n\nRun examples at http://localhost:64000/ with webpack dev server:\n\n```bash\nyarn serve\n```\n\nAnd test your code:\n\n```bash\nyarn test\n```\n\n## License\n\nThis software is licensed under [MIT](https://github.com/p3ol/buddy/blob/master/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp3ol%2Fbuddy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp3ol%2Fbuddy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp3ol%2Fbuddy/lists"}