{"id":13556112,"url":"https://github.com/sockethub/sockethub","last_synced_at":"2026-01-21T19:02:50.587Z","repository":{"id":5964091,"uuid":"7185527","full_name":"sockethub/sockethub","owner":"sockethub","description":"A multi-protocol gateway for the Web using ActivityStream messages.","archived":false,"fork":false,"pushed_at":"2026-01-17T22:30:42.000Z","size":13725,"stargazers_count":393,"open_issues_count":47,"forks_count":42,"subscribers_count":22,"default_branch":"master","last_synced_at":"2026-01-17T22:56:30.068Z","etag":null,"topics":["activity-object","activity-stream","irc","javascript","messaging","nodejs","polyglot","proxy","redis","rss","socket-io","sockethub","unhosted","websockets","xmpp"],"latest_commit_sha":null,"homepage":"http://sockethub.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sockethub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2012-12-16T00:14:22.000Z","updated_at":"2026-01-17T20:10:21.000Z","dependencies_parsed_at":"2026-01-17T14:05:41.984Z","dependency_job_id":null,"html_url":"https://github.com/sockethub/sockethub","commit_stats":{"total_commits":2870,"total_committers":21,"mean_commits":"136.66666666666666","dds":"0.14111498257839716","last_synced_commit":"40ccb294c4ce8e70416c83f8c0cdc64225354c28"},"previous_names":[],"tags_count":166,"template":false,"template_full_name":null,"purl":"pkg:github/sockethub/sockethub","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sockethub%2Fsockethub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sockethub%2Fsockethub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sockethub%2Fsockethub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sockethub%2Fsockethub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sockethub","download_url":"https://codeload.github.com/sockethub/sockethub/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sockethub%2Fsockethub/sbom","scorecard":{"id":835625,"data":{"date":"2025-08-11","repo":{"name":"github.com/sockethub/sockethub","commit":"928591bbe1b036674d9eaf424c5cc8bbf89a55ba"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":2,"reason":"3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 9/17 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/compliance.yml:1","Warn: no topLevel permission defined: .github/workflows/integration.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/compliance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/compliance.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/compliance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/compliance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/compliance.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/compliance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/compliance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/compliance.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/compliance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/integration.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/integration.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/sockethub/sockethub/integration.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:3","Warn: containerImage not pinned by hash: Dockerfile:7","Warn: containerImage not pinned by hash: Dockerfile:15","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T18:57:32.454Z","repository_id":5964091,"created_at":"2025-08-23T18:57:32.454Z","updated_at":"2025-08-23T18:57:32.454Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28640107,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T18:04:35.752Z","status":"ssl_error","status_checked_at":"2026-01-21T18:03:55.054Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["activity-object","activity-stream","irc","javascript","messaging","nodejs","polyglot","proxy","redis","rss","socket-io","sockethub","unhosted","websockets","xmpp"],"created_at":"2024-08-01T12:03:38.339Z","updated_at":"2026-01-21T19:02:50.581Z","avatar_url":"https://github.com/sockethub.png","language":"TypeScript","readme":"# Sockethub\n\n[![Sockethub](https://sockethub.org/res/img/sockethub-logo.svg)](https://sockethub.org)\n\nA protocol gateway for the web.\n\n[![Compliance](https://github.com/sockethub/sockethub/actions/workflows/compliance.yml/badge.svg)](https://github.com/sockethub/sockethub/actions/workflows/compliance.yml)\n[![CodeQL](https://github.com/sockethub/sockethub/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/sockethub/sockethub/actions/workflows/codeql-analysis.yml)\n[![Release](https://img.shields.io/npm/v/sockethub.svg?style=flat)](https://github.com/sockethub/sockethub/releases)\n\n## About\n\nSockethub is a translation layer for web applications to communicate with\nother protocols and services that are traditionally either inaccessible or\nimpractical to use from in-browser JavaScript.\n\nBuilt with modern TypeScript and powered by Bun, Sockethub is organized as a\nmonorepo containing multiple packages that work together to provide a robust,\nextensible platform gateway.\n\nUsing [ActivityStreams](https://www.w3.org/TR/activitystreams-core/) (AS) objects to pass messages\nto and from the web app, Sockethub acts as a smart proxy server/agent, which\ncan maintain state, and connect to sockets, endpoints, and networks that would\notherwise, be restricted from an application running in the browser.\n\nOriginally inspired as a sister project to\n[RemoteStorage](https://remotestorage.io), and assisting in the development of\n[unhosted](http://unhosted.org) and [noBackend](http://nobackend.org)\napplications, Sockethub's functionality can also fit into a more traditional\ndevelopment stack, removing the need for custom code to handle various protocol\nspecifics at the application layer.\n\nExample uses of Sockethub include:\n\n* **Chat protocols**: XMPP, IRC\n\n* **Feed processing**: RSS, Atom feeds\n\n* **Metadata discovery**: Link preview generation, metadata extraction\n\n* **Protocol translation**: Converting between web-friendly ActivityStreams and traditional protocols\n\n*Additional protocols like SMTP, IMAP, Nostr, and others can be implemented as custom platforms.*\n\nThe architecture of Sockethub is extensible and supports easy implementation\nof additional 'platforms' to carry out tasks.\n\n## Architecture\n\nSockethub uses a multi-process architecture for stability and isolation:\n\n* **Main Server** (`packages/server/`) - Socket.IO connections, middleware\n  pipeline for validation and routing\n* **Platform Processes** - Each protocol (IRC, XMPP, Feeds) runs as an\n  isolated child process\n* **Job Queue** - Redis-backed BullMQ ensures reliable message delivery\n  between server and platforms\n* **Data Layer** - Encrypted credential storage and session management in Redis\n* **ActivityStreams** - Uniform message format for all platform communication\n\n**Request Flow:**\n\n1. Client connects via Socket.IO\n2. Messages validated through middleware pipeline\n3. Credentials encrypted and stored per-session in Redis\n4. Messages queued to appropriate platform instance\n5. Platform processes handle protocol-specific logic\n6. Responses sent back through Socket.IO\n\nFor detailed architecture documentation, see [Architecture Overview](docs/architecture/overview.md).\n\n## Documentation\n\n* **[Documentation Hub](docs/README.md)** - Complete documentation index and guides\n* **[Getting Started](docs/getting-started/installation.md)** - Installation and quick start\n* **[Client Library](docs/client/README.md)** - Browser client library usage\n* **[Platform Development](docs/platform-development/creating-platforms.md)** - Creating custom platforms\n* **[Architecture](docs/architecture/overview.md)** - Technical architecture overview\n* **[Deployment](docs/deployment/server-config.md)** - Production deployment guides\n\n## Features\n\nWe use ActivityStreams to map the various actions of a platform to a set of AS\n'@type's which identify the underlying action. For example, using the XMPP\nplatform, a friend request/accept cycle would use the activity stream types\n'request-friend', 'remove-friend', 'make-friend'.\n\n## Platforms\n\nMaking a platform is as simple as creating a platform module that defines a\nschema and a series of functions that map to ActivityStream verbs. Each platform\ncan be enabled/disabled in the `config.json`.\n\n### Currently Implemented Platforms\n\n* **[Feeds](packages/platform-feeds)** - RSS and Atom feed processing\n* **[IRC](packages/platform-irc)** - Internet Relay Chat protocol support  \n* **[XMPP](packages/platform-xmpp)** - Extensible Messaging and Presence Protocol\n* **[Metadata](packages/platform-metadata)** - Link preview and metadata extraction\n\n### Development Reference\n\n* **[Dummy](packages/platform-dummy)** - Example platform implementation for developers\n\nFor platform development guidance, see the [Platform Development documentation](packages/platform-dummy/README.md).\n\n## Quick Start\n\n**Note:** This is a monorepo using Bun workspaces managed by Lerna Lite.\n\n### Prerequisites\n\n* **Bun** v1.2+ (Node.js runtime and package manager)\n* **Redis** server (for data layer and job queue)\n\n### Installation \u0026 Development\n\n```bash\n# Install dependencies\nbun install\n\n# Start Redis (required for data layer)\n# - Using Docker: docker run -d -p 6379:6379 redis:alpine\n# - Using system package manager: brew install redis \u0026\u0026 brew services start redis\n\n# Build and start development server with examples\nbun run dev\n```\n\nBrowse to `http://localhost:10550` to try the interactive examples.\n\n### Production\n\n```bash\n# Build for production\nbun run build\n\n# Start production server (examples disabled)\nbun run start\n```\n\n### Development Commands\n\n```bash\n# Testing\nbun test                    # Run unit tests across all packages\nbun run integration         # Run both Redis and browser integration tests\nbun run integration:redis   # Run Redis integration tests with Docker\nbun run integration:browser # Run browser integration tests with Docker\n\n# Code Quality\nbun run lint                # Run Biome linter and markdown lint\nbun run lint:fix           # Auto-fix linting issues\n\n# Maintenance\nbun run clean              # Clean build artifacts\nbun run clean:deps         # Clean dependencies and node_modules\n\n# Docker\nbun run docker:start       # Start Prosody and Sockethub services\nbun run docker:start:redis # Start only Redis service\nbun run docker:stop        # Stop all Docker services\n```\n\n### Environment Variables\n\nFor debugging and configuration options, see the [Server package documentation](packages/server/README.md#environment-variables).\n\n**Debug logging:**\n\n```bash\nDEBUG=sockethub* bun run dev\n```\n\n## Packages\n\n### Core Infrastructure\n\n* **[sockethub](packages/sockethub)** - Main package and configuration\n* **[@sockethub/server](packages/server)** - Core server implementation with Socket.IO interface\n* **[@sockethub/data-layer](packages/data-layer)** - Redis-based job queue and credential storage\n* **[@sockethub/schemas](packages/schemas)** - ActivityStreams validation and TypeScript types\n* **[@sockethub/client](packages/client)** - Browser client library for connecting to Sockethub\n\n### Interactive Demos\n\n* **[@sockethub/examples](packages/examples)** - Interactive web examples and demos\n\n### Platform Implementations\n\n* **[@sockethub/platform-dummy](packages/platform-dummy)** - Example platform for development reference\n* **[@sockethub/platform-feeds](packages/platform-feeds)** - RSS and Atom feed processing\n* **[@sockethub/platform-irc](packages/platform-irc)** - IRC protocol support\n* **[@sockethub/platform-metadata](packages/platform-metadata)** - Link preview and metadata extraction\n* **[@sockethub/platform-xmpp](packages/platform-xmpp)** - XMPP protocol support\n\n### Utilities\n\n* **[@sockethub/activity-streams](packages/activity-streams)** - ActivityStreams object utilities\n* **[@sockethub/crypto](packages/crypto)** - Cryptographic utilities for secure storage\n* **[@sockethub/irc2as](packages/irc2as)** - IRC to ActivityStreams translation\n\n## Contributing\n\n### Key Files to Understand\n\n* `packages/sockethub/sockethub.config.json` - Main configuration file\n* `packages/server/src/sockethub.ts` - Main server class handling Socket.IO\n  connections\n* `packages/server/src/platform-instance.ts` - Platform process management\n* `packages/server/src/middleware/` - Request processing pipeline\n* `packages/data-layer/src/job-queue.ts` - Redis-based job queue (BullMQ)\n* `packages/data-layer/src/credentials-store.ts` - Encrypted credential storage\n* `packages/platform-*/` - Individual protocol implementations\n\n### Creating a New Platform\n\nEach platform must:\n\n1. Implement the `PlatformInterface` from `@sockethub/schemas`\n2. Define a schema with supported message types and credential requirements\n3. Run as an isolated child process (managed by the server)\n4. Translate between protocol-specific messages and ActivityStreams objects\n\nSee the [Platform Development documentation](docs/platform-development/creating-platforms.md)\nand [Dummy platform](packages/platform-dummy) for a complete reference\nimplementation.\n\n### Architectural Patterns to Follow\n\n* **Process Isolation**: Platforms run as separate child processes for stability\n* **Job Queue**: All platform communication goes through Redis-backed BullMQ\n* **Middleware Pipeline**: Requests flow through validation, credential storage,\n  and routing\n* **Session Management**: Credentials are encrypted per-session and isolated per\n  connection\n* **ActivityStreams**: Use ActivityStreams objects as the uniform message format\n\n## Credits\n\nProject created and maintained by [Nick Jennings](http://github.com/silverbucket)\n\nLogo design by [Jan-Christoph Borchardt](http://jancborchardt.net)\n\nSponsored by [NLNET](http://nlnet.nl)\n\n[![NLNET Logo](http://sockethub.org/res/img/nlnet-logo.svg)](http://nlnet.nl)\n","funding_links":[],"categories":["JavaScript","TypeScript","nodejs"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsockethub%2Fsockethub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsockethub%2Fsockethub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsockethub%2Fsockethub/lists"}