{"id":15068300,"url":"https://github.com/paulsmithkc/bassoon","last_synced_at":"2026-01-25T09:36:14.473Z","repository":{"id":42680894,"uuid":"318792558","full_name":"paulsmithkc/bassoon","owner":"paulsmithkc","description":"A simplified and optimized fork of oboejs. This package will allow you to easily and efficiently stream an array of JSON objects to your front-end.","archived":false,"fork":false,"pushed_at":"2023-12-13T14:07:23.000Z","size":848,"stargazers_count":2,"open_issues_count":7,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-23T20:54:54.596Z","etag":null,"topics":["ajax","bassoon","clarinet","expressjs","fetch","front-end","javascript","json","micro-library","nodejs","npm-module","npm-package","oboejs","sax-parser","stream","web-worker","xhttp","xhttprequest"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/bassoon","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paulsmithkc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-05T13:15:31.000Z","updated_at":"2024-11-26T17:10:09.000Z","dependencies_parsed_at":"2024-10-09T04:30:54.856Z","dependency_job_id":null,"html_url":"https://github.com/paulsmithkc/bassoon","commit_stats":{"total_commits":80,"total_committers":3,"mean_commits":"26.666666666666668","dds":"0.30000000000000004","last_synced_commit":"d5f7504f16064d4600bb4167170df2bdb71df97d"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/paulsmithkc/bassoon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulsmithkc%2Fbassoon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulsmithkc%2Fbassoon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulsmithkc%2Fbassoon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulsmithkc%2Fbassoon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paulsmithkc","download_url":"https://codeload.github.com/paulsmithkc/bassoon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulsmithkc%2Fbassoon/sbom","scorecard":{"id":723630,"data":{"date":"2025-08-11","repo":{"name":"github.com/paulsmithkc/bassoon","commit":"b0832d6c3f42c35841ffdd4195c9fc87998cd100"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/paulsmithkc/bassoon/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/paulsmithkc/bassoon/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/paulsmithkc/bassoon/codeql-analysis.yml/main?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 1.0.8 not signed: https://api.github.com/repos/paulsmithkc/bassoon/releases/44587118","Warn: release artifact 1.0.6 not signed: https://api.github.com/repos/paulsmithkc/bassoon/releases/35484086","Warn: release artifact 1.0.8 does not have provenance: https://api.github.com/repos/paulsmithkc/bassoon/releases/44587118","Warn: release artifact 1.0.6 does not have provenance: https://api.github.com/repos/paulsmithkc/bassoon/releases/35484086"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"17 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T12:07:40.128Z","repository_id":42680894,"created_at":"2025-08-22T12:07:40.128Z","updated_at":"2025-08-22T12:07:40.128Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28750875,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T09:00:19.176Z","status":"ssl_error","status_checked_at":"2026-01-25T09:00:04.131Z","response_time":113,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ajax","bassoon","clarinet","expressjs","fetch","front-end","javascript","json","micro-library","nodejs","npm-module","npm-package","oboejs","sax-parser","stream","web-worker","xhttp","xhttprequest"],"created_at":"2024-09-25T01:33:43.332Z","updated_at":"2026-01-25T09:36:14.458Z","avatar_url":"https://github.com/paulsmithkc.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bassoon.js\nA simplified and optimized fork of [oboejs.](http://oboejs.com/) This package will allow you to easily and efficiently stream an array of JSON objects to your front-end.\n\n## Install w/ Express\nFirst install the npm package.\n```\nnpm install bassoon\n```\nThen serve the built script files up.\n```\napp.use('/bassoon', express.static('node_modules/bassoon/dist'));\n```\nAnd finally link the script in your HTML/view.\n```\n\u003cscript src=\"/bassoon/bassoon.min.js\"\u003e\u003c/script\u003e\n```\n\n## Basic Usage\nTo stream an array of JSON objects subscribe to the **data,** **end,** and **error** events.\n\n```\nbassoon('/api/example/list')\n  .on('data', (data) =\u003e { /* object received... */ }))\n  .on('end', (evt) =\u003e { /* end of stream... */ })\n  .on('error', (err) =\u003e { /* error occurred, stream stopped... */ });\n```\n\n- The **data** event is fired every time an object is parsed from the response.\n- The **end** event is fired once the response is fully loaded.\n- The **error** event is fired if anything goes wrong.\n\n## Advanced Usage\nA variety of arguments can be passed to bassoon as well.\n\n```\nbassoon({\n  url: '/api/example/list',\n  method: 'GET',\n  withCredentials: false,\n  chunkSize: 10,\n})\n  .on('data', (data) =\u003e { /* object received... */ }))\n  .on('end', (evt) =\u003e { /* end of stream... */ })\n  .on('error', (err) =\u003e { /* error occurred, stream stopped... */ });\n```\n\n- **url** the URL of the JSON resource to be retrieved and processed incrementally.\n- **method** the HTTP verb to retrieve the resource with (\"GET\" by default)\n- **withCredentials** passed to [xhr.withCredentials](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials) (false by default)\n- **chunkSize** Rather than triggering a data event for each object, group them into chunks and send each chunk as an array. chunkSize specifies the maximum size for each chunk, but chunks may be smaller than the chunkSize. (chunking disabled by default)\n- **worker** Offload the work to web worker. (default false)\n- **workerPath** Path to worker script file. (default \"/bassoon/bassoon.worker.js\")\n- **verbose** Enable verbose logging. (default false)\n\n## Web Worker\nFor better performance bassoon can stream data using the provided web worker script.\n\n```\nbassoon({ url: '/api/example/list', worker: true })\n  .on('data', (data) =\u003e { /* object received... */ }))\n  .on('end', (evt) =\u003e { /* end of stream... */ })\n  .on('error', (err) =\u003e { /* error occurred, stream stopped... */ });\n```\n\n## Related\n- [Why Oboe.js?](http://oboejs.com/why)\n- [Node.js Streams (for server-side streaming)](https://nodejs.dev/learn/nodejs-streams)\n- [Streaming Data with XHR API](https://hpbn.co/xmlhttprequest/#streaming-data-with-xhr)\n- [Oracle Docs: Parsing an XML file using SAX](https://docs.oracle.com/javase/tutorial/jaxp/sax/parsing.html)\n- [npm oboe](https://www.npmjs.com/package/oboe)\n- [npm clarinet](https://www.npmjs.com/package/clarinet)\n- [npm sax](https://www.npmjs.com/package/sax)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulsmithkc%2Fbassoon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaulsmithkc%2Fbassoon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulsmithkc%2Fbassoon/lists"}