{"id":18601559,"url":"https://github.com/peculiarventures/tl-create","last_synced_at":"2025-09-11T14:22:54.806Z","repository":{"id":1772340,"uuid":"44296139","full_name":"PeculiarVentures/tl-create","owner":"PeculiarVentures","description":"tl-create is a cross-platform command line tool to create a X.509 trust list from various trust stores. (Keywords: CABFORUM, eIDAS, WebPKI)","archived":false,"fork":false,"pushed_at":"2024-09-08T08:38:50.000Z","size":4484,"stargazers_count":32,"open_issues_count":24,"forks_count":7,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-09-02T13:27:29.153Z","etag":null,"topics":["apple","certificates","eutl","javascript","microsoft","mozilla","trust-stores","xades","xmldsig"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeculiarVentures.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-10-15T05:40:56.000Z","updated_at":"2025-01-23T01:27:07.000Z","dependencies_parsed_at":"2024-09-08T09:54:37.036Z","dependency_job_id":null,"html_url":"https://github.com/PeculiarVentures/tl-create","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/PeculiarVentures/tl-create","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ftl-create","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ftl-create/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ftl-create/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ftl-create/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeculiarVentures","download_url":"https://codeload.github.com/PeculiarVentures/tl-create/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ftl-create/sbom","scorecard":{"id":108803,"data":{"date":"2025-08-11","repo":{"name":"github.com/PeculiarVentures/tl-create","commit":"ed414ec7f54ccf8ce62bba0ae7c4b0038c473b76"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.4,"checks":[{"name":"Code-Review","score":5,"reason":"Found 5/9 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"20 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-wgrm-67xf-hhpq","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q","Warn: Project is vulnerable to: GHSA-crh6-fp67-6883"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T11:38:21.954Z","repository_id":1772340,"created_at":"2025-08-15T11:38:21.954Z","updated_at":"2025-08-15T11:38:21.954Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274654149,"owners_count":25325483,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-11T02:00:13.660Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apple","certificates","eutl","javascript","microsoft","mozilla","trust-stores","xades","xmldsig"],"created_at":"2024-11-07T02:08:43.985Z","updated_at":"2025-09-11T14:22:54.756Z","avatar_url":"https://github.com/PeculiarVentures.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tl-create\n\n[![license](https://img.shields.io/badge/license-MIT-green.svg?style=flat)](https://raw.githubusercontent.com/PeculiarVentures/tl-create/master/LICENSE)\n[![Build Status](https://travis-ci.org/PeculiarVentures/tl-create.svg?branch=master)](https://travis-ci.org/PeculiarVentures/tl-create)\n[![NPM version](https://badge.fury.io/js/tl-create.svg)](http://badge.fury.io/tl-create)\n\n[![NPM](https://nodei.co/npm-dl/tl-create.png?months=2\u0026height=2)](https://nodei.co/npm/tl-create/)\n\nA cross platform command line tool to create a X.509 trust list from various trust stores.\n\nThere are various organizations that produce lists of certificates that they believe should be trusted for one thing or another. These include:\n- Mozilla [list](http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1) \n- Microsoft [list](http://technet.microsoft.com/en-us/library/cc751157.aspx), \n- Apple [list](http://www.apple.com/certificateauthority/ca_program.html)\n- European Union \"Trust Service Providers\" [list](https://ec.europa.eu/digital-agenda/en/eu-trusted-lists-certification-service-providers)\n\nEach of these lists have their own formats, this tool parses the lists provided by these other organizations and extracts the certificates that meet the specified criteria (for \"email\" as an example) and produces a PEM certificate bag these certificates.\n\nFor example to extract the roots that are trusted for email, code and web from both the EU Trust List and the Mozilla list the command would look like this:\n\n```\nnode src/bin/tl-create.js --eutl --mozilla --for 'EMAIL_PROTECTION,CODE_SIGNING' --format pem roots.pem\n```\n\nThis would produce a file that looked something like this:\n```\n Country: UK\n Operator: European Commission\n Source: EUTL\n -----BEGIN CERTIFICATE-----\n ...\n ...\n -----END CERTIFICATE-----\n Operator: DigiCert, Inc\n For: email, www, code\n Source: Mozilla\n -----BEGIN CERTIFICATE-----\n ...\n ...\n -----END CERTIFICATE-----\n```\n## Usage\n### Extract all Microsoft Roots\n```\nnode src/bin/tl-create.js --microsoft --format pem roots.pem\n```\n\n#### Valid Microsoft trust purposes \n```\n  SERVER_AUTH\n  CLIENT_AUTH\n  CODE_SIGNING\n  EMAIL_PROTECTION\n  IPSEC_END_SYSTEM\n  IPSEC_TUNNEL\n  IPSEC_USER\n  TIME_STAMPING\n  OCSP_SIGNING\n  IPSEC_PROTECTION\n  DOCUMENT_SIGNING\n  EFS_CRYPTO\n```\n\n### Extract all Mozilla Roots\n```\nnode src/bin/tl-create.js --mozilla --format pem roots.pem\n```\n\n#### Valid Mozilla trust purposes \n```\n  DIGITAL_SIGNATURE\n  NON_REPUDIATION\n  KEY_ENCIPHERMENT\n  DATA_ENCIPHERMENT\n  KEY_AGREEMENT\n  KEY_CERT_SIGN\n  CRL_SIGN\n  SERVER_AUTH\n  CLIENT_AUTH\n  CODE_SIGNING\n  EMAIL_PROTECTION\n  IPSEC_END_SYSTEM\n  IPSEC_TUNNEL\n  IPSEC_USER\n  TIME_STAMPING\n  STEP_UP_APPROVED\n```\n\n### Extract all Apple Roots\n```\nnode src/bin/tl-create.js --apple --format pem roots.pem\n```\n\n### Extract all AATL Roots\n```\nnode src/bin/tl-create.js --aatl --format pem roots.pem\n```\n\n#### Valid AATL trust purposes \n```\n  ROOT\n  CERTIFIED_DOCUMENTS\n  DYNAMIC_CONTENT\n  JAVASCRIPT\n```\n\n### Extract all EUTL Roots\n```\nnode src/bin/tl-create.js --eutl --format pem roots.pem\n```\n\n### Extract only SERVER_AUTH certificates from Mozilla and Microsoft\n\n```\nnode src/bin/tl-create.js --mozilla --microsoft --for \"SERVER_AUTH\" --format pem roots.pem\n```\n\n**NOTE**: The default is ALL purposes \n\n### Available output formats \n```\njs\npkijs\npem\nfiles\n```\n\nThe \"files\" format is intended to store all certificates in separate files under specific directory. For example if a certificate exists in Mozilla Trust List and has \"SubjectKeyIdentifier\" equal to \"ABABABABABABABBB\" the certificate content would be stored under \"mozilla/ABABABABABABABBB\". So, for Mozilla Trust List root directory would be \"mozilla\", for Microsoft - \"microsoft\", for Apple - \"apple\", for Cisco - \"cisco\".\n\n**NOTE**: Default output format is 'js'\n\n## Install\n\n```\ngit clone https://github.com/PeculiarVentures/tl-create.git\ncd tl-create\nnpm install -g\n``` \n\n\n## Bug Reporting\nPlease report bugs either as pull requests or as issues in the issue tracker. tl-create has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.\n\n## TODO\n* Add the [Oracle Root Program](http://www.oracle.com/technetwork/java/javase/javasecarootcertsprogram-1876540.html)\n\n## Related\n- [CommanderJS](https://github.com/tj/commander.js)\n- [PKIjs](https://pkijs.org)\n- [CATT](https://github.com/kirei/catt)\n- [tlbrowser](http://tlbrowser.tsl.website)\n- [autoroot update](https://unmitigatedrisk.com/?p=259)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeculiarventures%2Ftl-create","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeculiarventures%2Ftl-create","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeculiarventures%2Ftl-create/lists"}