{"id":31879395,"url":"https://github.com/stagehand-framework/stagehand","last_synced_at":"2025-10-13T00:28:57.607Z","repository":{"id":57369287,"uuid":"311777939","full_name":"stagehand-framework/stagehand","owner":"stagehand-framework","description":"Stagehand is an open-source drop-in solution for deploying and managing review apps for frontends","archived":false,"fork":false,"pushed_at":"2021-01-03T20:42:38.000Z","size":243,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-02T22:51:27.702Z","etag":null,"topics":["aws","cli","github-actions","service-worker","staging-environment"],"latest_commit_sha":null,"homepage":"https://stagehand-framework.github.io/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stagehand-framework.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-10T20:34:03.000Z","updated_at":"2025-04-22T02:29:47.000Z","dependencies_parsed_at":"2022-09-03T19:10:48.572Z","dependency_job_id":null,"html_url":"https://github.com/stagehand-framework/stagehand","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/stagehand-framework/stagehand","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stagehand-framework%2Fstagehand","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stagehand-framework%2Fstagehand/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stagehand-framework%2Fstagehand/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stagehand-framework%2Fstagehand/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stagehand-framework","download_url":"https://codeload.github.com/stagehand-framework/stagehand/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stagehand-framework%2Fstagehand/sbom","scorecard":{"id":845613,"data":{"date":"2025-08-11","repo":{"name":"github.com/stagehand-framework/stagehand","commit":"dc274eae58543733fe7974f6b5f554f0af465595"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99","Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4","Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T21:21:58.705Z","repository_id":57369287,"created_at":"2025-08-23T21:21:58.705Z","updated_at":"2025-08-23T21:21:58.705Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279013645,"owners_count":26085298,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cli","github-actions","service-worker","staging-environment"],"created_at":"2025-10-13T00:28:56.658Z","updated_at":"2025-10-13T00:28:57.583Z","avatar_url":"https://github.com/stagehand-framework.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"stagehand_logo-full.png\" width=\"500\" height=\"327\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eStagehand: Automated review apps for modern frontend applications\u003c/h1\u003e\n\u003ch2 align=\"center\"\u003eAll you need is an AWS account and a GitHub repo to get started\u003c/h2\u003e\n\nStagehand is a drop-in solution that provides review apps for modern\nfrontend applications. We are a framework that automatically manages\nreview apps for your application’s GitHub repository on your own cloud\ninfrastructure. We use AWS, GitHub Actions, and some Stagehand\nclient-side code to set-up, deploy, manage, and teardown review apps\nfor your frontend application.\n\nTo learn more, please read our [case study](http://stagehand-framework.github.io) or feel free to drop us a line!\n\n# Prerequisites\n\n- AWS Account\n- AWS CLI configured to your AWS Account\n  - For help, see this article: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html\n- GitHub Token\n  - Log into your GitHub Account\n  - Settings =\u003e Developer Settings =\u003e Personal Access Tokens =\u003e Generate new Token =\u003e Only provide access to Repositories\n- Node\n- NPM\n- Repository for static front-end application (ie Gatsby, Hugo, NextJS, React)\n\n# Installation\n\n- Run the install command: `npm i -g stagehand-framework`\n\n# Your First Stagehand Application\n\n- Navigate to the root of your local git repository, make sure that it is connected with a GitHub repository\n- Run `stagehand init`\n- Provide your GitHub Token (this token only needs to be provided the very first use)\n- A folder in your home directory `/ .stagehand` will be created to house your configuration and your application data for Stagehand\n\n### Setting Up your Github Actions\n\n- You will be prompted to provide:\n  - The name you wish to use\n  - The setup command your app uses (ie npm install, brew install hugo)\n  - The build command your app uses (ie npm run-script build, hugo)\n  - The directory that your app builds to (ie public, out, build)\n- This will create a `.github/workflow` directory in your repo for GitHub Actions.\n  - If you need to alter your GitHub build process look for `create_review_app.yml` and `remove_review_app.yml`\n\n### Adding build time environment variables\n\n- First add each build time environment variables to your GitHub repository secrets\n  - Settings =\u003e Secrets\n- Next you must access each of those secrets in your build file\n- If you navigate to `.github/workflows/create_review_app` you will come across this code on line 35\n\n```\n####### Uncomment below to add env variables to use during build process #######\n####### Add \\n to the end of each secret to start a new line #######\n####### EXCEPT DO NOT add to the end of the last secret #######\n      # - name: create .env\n      #   run: echo -e \"\\\n      #     SECRET1=${{ secrets.YOUR_SECRET1 }}\\n\n      #     SECRET2=${{ secrets.YOUR_SECRET2 }}\" \u003e .env\n```\n\n- If you uncomment the last 4 lines you can add in your own secrets there to provide to a `.env` file at build time.\n\n##### _Some Examples:_\n\nOne secret named `API_KEY` and want to use a `.env.development` file:\n\n```\n- name: create .env\n  run: echo -e \"\\\n    API_KEY=${{ secrets.API_KEY }}\" \u003e .env.development\n```\n\nAn `API_KEY` and a `DB_PASSWORD` secret for a `.env` file:\n\n```\n- name: create .env\n  run: echo -e \"\\\n    DB_PASSWORD=${{ secrets.DB_PASSWORD }}\\n\n    API_KEY=${{ secrets.API_KEY }}\" \u003e .env\n```\n\nAn `API_KEY`, `DB_PASSWORD`, and `API_URL` secrets for a `.env.staging` file\n\n```\n- name: create .env\n  run: echo -e \"\\\n    DB_PASSWORD=${{ secrets.DB_PASSWORD }}\\n\n    API_URL=${{ secrets.API_URL }}\\n\n    API_KEY=${{ secrets.API_KEY }}\" \u003e .env.staging\n```\n\n### Setting Up Your Stagehand Dashboard\n\n- Stagehand needs two additional pieces of information to know how to handle routing:\n- If you app is a Single Page Application (ie React)\n- Or if you app has all of its static routes served from `path/index.html` as opposed to just `path.html`\n  - Gatsby uses this routing out of the box\n  - You can check your build folder (public, out, build) to see how your application handles routing\n- This will create the `.github/stagehand` folder where the html, javascript, and service worker files will live\n- We provide a basic dashboard overlay that will be visible from every page of your stagehand application\n  - It is an HTML wrapper around your entire application\n  - We provide a banner at the top of your page containing some metadata (Creation Time, branch that the PR was opened on, and owner of the repository)\n- If you wish to add to this dashboard you can alter the html and javascript that we provide out of the box.\n\n### Pushing Your `./github` folder to your GitHub Repostory\n\n- The last step is pushing your `./github` folder to your repository\n- You are now ready to start using Stagehand\n\n# Workflow\n\n- For every Pull Request you create, Stagehand will build and create a staging environment for you\n- Stagehand will also build additional staging environments for every commit or change you make to the existing Pull Request\n- You can compare multiple versions of your application to each other\n- When the Pull request is closed or merged Stagehand will destroy all the staging environments that existed from that Pull Request\n\n# Stagehand Commands\n\n### `stagehand init`\n\n- Run this command from the root of your repostory that is linked to a GitHub repository\n- Follow the prompts to create a new Stagehand application\n- See \"Your First Stagehand Application\" above for more details on this process\n\n### `stagehand list`\n\n- This will show all the Stagehand applications that you currently are involved with\n- Once you select a Stagehand application you will be shown a list of current staging environments that exist\n- Open them up by selecting and pressing enter.\n\n### `stagehand access`\n\n- Use this command to `VIEW`, `ADD`, or `REMOVE` access to one of your applications\n- `ADD` access lets other developers working on the same repository have access to the active staging environments\n- To `ADD` access you must have the user's AWS Account Email\n- The `ADD` command will return the name of the storage location of the staging environments\n\n### `stagehand add`\n\n- First you provide a user access to your Stagehand application using `stagehand access` =\u003e `ADD`\n- The user you provided access to must input the name of the storage location provided from the previous command\n- This will give you access to the application when you run `stagehand list`\n\n### `stagehand destroy`\n\n- First you select which Stagehand application you wish to remove\n- If you are the owner of the Stagehand application:\n  - This command will remove:\n    - Stagehand related files and folders from your repository\n    - AWS infrastructure\n    - Application data from the local datastore\n    - AWS Secrets from your GitHub repository\n- If you are not the owner of the application (it was added using `stagehand add`):\n  - This command will just remove application data from the local datastore\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstagehand-framework%2Fstagehand","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstagehand-framework%2Fstagehand","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstagehand-framework%2Fstagehand/lists"}