{"id":18788104,"url":"https://github.com/thdk/is-affected","last_synced_at":"2026-05-01T12:32:39.355Z","repository":{"id":54641630,"uuid":"336530837","full_name":"thdk/is-affected","owner":"thdk","description":"Build optimisation tool to run commands on feature branches only if they affect files matching a given glob.","archived":false,"fork":false,"pushed_at":"2021-08-30T06:45:53.000Z","size":558,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-02-07T23:34:04.994Z","etag":null,"topics":["build-optimizer","build-tool","git","node","nodegit"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thdk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-06T12:19:43.000Z","updated_at":"2021-08-30T06:45:56.000Z","dependencies_parsed_at":"2022-08-13T22:31:14.639Z","dependency_job_id":null,"html_url":"https://github.com/thdk/is-affected","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/thdk/is-affected","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thdk%2Fis-affected","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thdk%2Fis-affected/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thdk%2Fis-affected/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thdk%2Fis-affected/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thdk","download_url":"https://codeload.github.com/thdk/is-affected/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thdk%2Fis-affected/sbom","scorecard":{"id":876954,"data":{"date":"2025-08-11","repo":{"name":"github.com/thdk/is-affected","commit":"d61ab121fc1489b4006eec128c89440b7a334a97"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.4,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: docker-images/node-git/Dockerfile:1: pin your Docker image by updating node:14-alpine to node:14-alpine@sha256:434215b487a329c9e867202ff89e704d3a75e554822e07f3e0c0f9e606121b33","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"35 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-px4h-xg32-q955","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx","Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T06:24:36.974Z","repository_id":54641630,"created_at":"2025-08-24T06:24:36.974Z","updated_at":"2025-08-24T06:24:36.974Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32497812,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["build-optimizer","build-tool","git","node","nodegit"],"created_at":"2024-11-07T20:57:34.079Z","updated_at":"2026-05-01T12:32:39.323Z","avatar_url":"https://github.com/thdk.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# is-affected\n\nBuild optimisation tool to run commands on feature branches only if they affect files matching a given glob.\n\n![Cloud Build](https://storage.googleapis.com/includr-badges/builds/is-affected/branches/master.svg)\n\n## CLI\n\n```shell\nUsage: is-affected [options]\n\nruns command only if the git diff since the fork point from master branch contains files matching glob\n\nOptions:\n  -V, --version           output the version number\n  --pattern [pattern...]  provide one or more patterns to check file paths from git diff against\n  --repo \u003crepo\u003e           git directory (default: \"./\")\n  --cmd \u003ccmd\u003e             the command to be run if diff matches glob\n  --cwd \u003ccwd\u003e             working directory to be used to run command\n  --main \u003cmainBranch\u003e     name of the main branch of your repo, used when no --since is provided to find the merge base commit (default: \"origin/master\")\n  --since \u003csince\u003e         commit to diff with\n  -h, --help              display help for command\n```\n\n**Example**\n\nTo run `npm run build` only if the git diff between your current branch head and the base commit on the master branch contains files matching glob `app/client/**`.\n\n```shell\nnpx is-affected --pattern app/client/** --cmd \"npm run build\" --cwd \"app/client\"\n```\n\n## Javascript API\n\n```javascript\nconst { isAffected, exec } = require(\"is-affected\");\n\nconst build = async () =\u003e {\n\tconst shouldBuild = await isAffected(\n\t\t\"app/client/**\",\n\t);\n\n\tif (shouldBuild) {\n\t\tawait exec(\"npm run build\", \"app/client\");\n\t}\n};\n\nbuild();\n```\n\nor with options object (using defaults here):\n```javascript\nconst shouldBuild = await isAffected(\n\t\t\"app/client/**\", // see match patterns below\n\t\t{\n\t\t\trepo: \"./\",\n\t\t\tcmd: \"npm run build\",\n\t\t\tcwd: process.cwd(),\n\t\t\tmainBranch: \"origin/master\",\n\t\t\tsince: undefined,\n\t\t},\n\t);\n```\n\n## Match patterns\n\nA match means that the git diff contains paths that match the pattern and your code is 'affected'.\n\n### Negated pattern\nYou can use a negated pattern: `!src/scripts`\n\nThis will ignore changes in the `src/scripts` folder. If your diff contains only changes in `src/scripts` then your code will not be marked as 'affected'.\n\n### Multiple patterns\n\nA normal pattern (aka non negated) will add paths to the match list. Negated patterns will remove paths from the list. Your code is 'affected' when the list is not empty after the last pattern has been evaluated.\n\n```javascript\nconst shouldBuild = await isAffected([\n    \t'src/**',\n    \t'!src/tests/**',\n]);\n```\n\nor using cli:\n```\nnpx is-affected --pattern src/** !src/tests/**\n```\n\nNote that if your shell is automatically expanding glob patterns you should escape the asterix:\n\n```\nnpx is-affected --pattern src/\\** !src/tests/\\**\n```\n\nThe above example will monitor all paths in the `src` folder except for those in the `tests` subfolder.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthdk%2Fis-affected","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthdk%2Fis-affected","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthdk%2Fis-affected/lists"}