{"id":18914297,"url":"https://github.com/tolstoyevsky/shirow","last_synced_at":"2026-02-13T13:01:42.681Z","repository":{"id":29696007,"uuid":"122116204","full_name":"tolstoyevsky/shirow","owner":"tolstoyevsky","description":"An RPC server framework based on top of Tornado","archived":false,"fork":false,"pushed_at":"2023-08-14T22:13:36.000Z","size":136,"stargazers_count":1,"open_issues_count":4,"forks_count":1,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-10-27T22:51:24.785Z","etag":null,"topics":["django","jwt-authentication","python","python3","rpc-server","shirow","tornado-framework","websocket"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tolstoyevsky.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.md","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-19T20:24:05.000Z","updated_at":"2025-03-21T23:03:05.000Z","dependencies_parsed_at":"2024-12-31T14:45:47.248Z","dependency_job_id":null,"html_url":"https://github.com/tolstoyevsky/shirow","commit_stats":{"total_commits":138,"total_committers":7,"mean_commits":"19.714285714285715","dds":"0.24637681159420288","last_synced_commit":"d862140c4bf72da2222248fdb9c536ca843e5fdb"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tolstoyevsky/shirow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tolstoyevsky%2Fshirow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tolstoyevsky%2Fshirow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tolstoyevsky%2Fshirow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tolstoyevsky%2Fshirow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tolstoyevsky","download_url":"https://codeload.github.com/tolstoyevsky/shirow/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tolstoyevsky%2Fshirow/sbom","scorecard":{"id":891721,"data":{"date":"2025-08-11","repo":{"name":"github.com/tolstoyevsky/shirow","commit":"d862140c4bf72da2222248fdb9c536ca843e5fdb"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/jobs.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jobs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/tolstoyevsky/shirow/jobs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jobs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tolstoyevsky/shirow/jobs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jobs.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/tolstoyevsky/shirow/jobs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jobs.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/tolstoyevsky/shirow/jobs.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/jobs.yml:46","Warn: pipCommand not pinned by hash: .github/workflows/jobs.yml:49","Warn: npmCommand not pinned by hash: .github/workflows/jobs.yml:25","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2022-202 / GHSA-ffqj-6fqr-9h24","Warn: Project is vulnerable to: GHSA-753j-mpmx-qq6g","Warn: Project is vulnerable to: GHSA-7cx3-6m66-7c5m","Warn: Project is vulnerable to: GHSA-8w49-h785-mj3c","Warn: Project is vulnerable to: PYSEC-2023-75 / GHSA-hj3f-6gcp-jg8j","Warn: Project is vulnerable to: GHSA-qppv-j76h-2rpx","Warn: Project is vulnerable to: GHSA-w235-7p84-xx57"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T12:06:02.960Z","repository_id":29696007,"created_at":"2025-08-24T12:06:02.961Z","updated_at":"2025-08-24T12:06:02.961Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29407019,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-13T06:24:03.484Z","status":"ssl_error","status_checked_at":"2026-02-13T06:23:12.830Z","response_time":78,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django","jwt-authentication","python","python3","rpc-server","shirow","tornado-framework","websocket"],"created_at":"2024-11-08T10:10:56.374Z","updated_at":"2026-02-13T13:01:42.659Z","avatar_url":"https://github.com/tolstoyevsky.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![build](https://github.com/tolstoyevsky/shirow/actions/workflows/jobs.yml/badge.svg)](https://github.com/tolstoyevsky/shirow/actions)\n[![pypi](https://img.shields.io/pypi/v/shirow.svg)](https://pypi.org/project/shirow/)\n[![npm](https://badge.fury.io/js/shirow.svg?style=flat)](https://npmjs.org/package/shirow)\n\n# Shirow\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"/logo/400x232.png\" alt=\"Shirow\"\u003e\n\u003c/p\u003e\n\nShirow is an RPC server framework based on top of [Tornado](http://tornadoweb.org/en/stable/). It relies on the WebSocket protocol for transport and uses JSON-messages as payload.\n\nThe primary goal of Shirow is to simplify creating microservices using Tornado, allowing clients to leverage some of the Django facilities such as the [Django authentication system](https://docs.djangoproject.com/en/2.2/topics/auth/). Thus, Shirow might help with the task of creating (micro)services which require the clients to be authenticated via the Django authentication system.\n\nThe project was named after Masamune Shirow, a mangaka who is best known for such mangas as [Black Magic](https://en.wikipedia.org/wiki/Black_Magic_(manga)), [Appleseed](https://en.wikipedia.org/wiki/Appleseed_(manga)) and [Ghost in the Shell](https://en.wikipedia.org/wiki/Ghost_in_the_Shell_(manga)).\n\n## Features\n\n* Each (micro)service built using Shirow is an RPC server that relies on the WebSocket protocol for transport and uses JSON-messages as payload.\n* Shirow expands the [Tornado implementation of the WebSocket protocol](https://www.tornadoweb.org/en/stable/websocket.html) with an JWT-based authentication layer. So, a client has to pass a valid JWT token to the RPC server, which was received after a successful authentication procedure, to prove Shirow that it's an authenticated.\n* Shirow is fully compatible with the JWT tokens provided by [Simple JWT](https://github.com/SimpleJWT/django-rest-framework-simplejwt), a JSON Web Token authentication plugin for the Django REST Framework. The main requirement to JWT tokens is they must contain the following fields:\n  * `user_id`: the id of the user the the request was sent on behalf of;\n  * `exp`: the expiration time stored as an absolute Unix timestamp.\n* The clients can be written in JavaScript using the Shirow NPM package.\n\n## Authors\n\nSee [AUTHORS](AUTHORS.md).\n\n## Licensing\n\nShirow is available under the [Apache License, Version 2.0](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftolstoyevsky%2Fshirow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftolstoyevsky%2Fshirow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftolstoyevsky%2Fshirow/lists"}