{"id":47115242,"url":"https://github.com/toppymicroservices/workspace-guard","last_synced_at":"2026-04-18T12:06:09.323Z","repository":{"id":343993709,"uuid":"1180010315","full_name":"ToppyMicroServices/workspace-guard","owner":"ToppyMicroServices","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-28T02:37:54.000Z","size":600,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-28T07:41:41.552Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ToppyMicroServices.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":"SUPPORT.md","governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-03-12T15:55:34.000Z","updated_at":"2026-03-28T02:36:46.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ToppyMicroServices/workspace-guard","commit_stats":null,"previous_names":["toppymicroservices/workspace-guard"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/ToppyMicroServices/workspace-guard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToppyMicroServices%2Fworkspace-guard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToppyMicroServices%2Fworkspace-guard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToppyMicroServices%2Fworkspace-guard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToppyMicroServices%2Fworkspace-guard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ToppyMicroServices","download_url":"https://codeload.github.com/ToppyMicroServices/workspace-guard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToppyMicroServices%2Fworkspace-guard/sbom","scorecard":{"id":1245329,"data":{"date":"2026-03-28T02:37:04Z","repo":{"name":"github.com/ToppyMicroServices/workspace-guard","commit":"62d395459792b52b32e2dedc9d2a989857c17c04"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":7.3,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Code-Review","score":0,"reason":"Found 0/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:20","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:21","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/daily-release.yml:21","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/daily-release.yml:22","Info: jobLevel 'security-events' permission set to 'read': .github/workflows/daily-release.yml:23","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/build.yml:12","Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:12","Info: topLevel 'security-events' permission set to 'read': .github/workflows/daily-release.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/daily-release.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/security.yml:12"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  15 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 third-party GitHubAction dependencies pinned","Info:   5 out of   5 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (19) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: TypeScriptPropertyBasedTesting integration found: tests/escapeFolder.test.ts:3","Info: TypeScriptPropertyBasedTesting integration found: tests/escapeFolder.test.ts:3"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.1.15 not signed: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/299684075","Warn: release artifact v0.1.14 not signed: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/298762529","Warn: release artifact v0.1.13 not signed: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/297781825","Warn: release artifact v0.1.12 not signed: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/297517023","Warn: release artifact v0.1.15 does not have provenance: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/299684075","Warn: release artifact v0.1.14 does not have provenance: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/298762529","Warn: release artifact v0.1.13 does not have provenance: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/297781825","Warn: release artifact v0.1.12 does not have provenance: https://api.github.com/repos/ToppyMicroServices/workspace-guard/releases/297517023"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: found contributions from: toppymicroservices"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"19 out of 19 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-03-28T07:42:22.681Z","repository_id":343993709,"created_at":"2026-03-28T07:42:22.720Z","updated_at":"2026-03-28T07:42:22.720Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290742,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-12T18:52:05.748Z","updated_at":"2026-04-01T18:04:28.677Z","avatar_url":"https://github.com/ToppyMicroServices.png","language":"TypeScript","readme":"# Workspace Guard\n\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ToppyMicroServices/workspace-guard/badge)](https://securityscorecards.dev/viewer/?uri=github.com/ToppyMicroServices/workspace-guard)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12215/badge)](https://www.bestpractices.dev/projects/12215)\n\nPrevent accidental home-directory opens in VS Code and review risky repository trust surfaces before trusting a repository.\n\nPrivacy-first and offline-first by default: installing and using the extension does not send telemetry, phone home, or require remote access. Only the optional `--resolve-external-workflows` scan mode fetches external workflow files.\n\n## Quick Start\n\n1. Install Workspace Guard in VS Code.\n2. Leave the default `Redirect` mode on, or change it from the `WG:` status bar control.\n3. Open the `Workspace Guard Review` section in Explorer for a lightweight repository review tree inside VS Code, then click any finding for remediation guidance.\n4. Use the filter and export actions in that view if you want to focus on one severity or share the review as JSON or Markdown.\n5. Run `Workspace Guard: Review Repository Trust Surfaces` from the Command Palette if you want the same review in the output panel.\n6. If you want to inspect a repository from the terminal, run `workspace-guard-scan` in that repository.\n\n## Optional CLI\n\n```bash\nnpx homeguard-code ~\nnpx workspace-guard-scan .\n```\n\nUse `homeguard-code` if you want the `code` command to check risky paths before opening VS Code. Use `workspace-guard-scan` if you want a quick safety review of a repository's `.github`, `.vscode`, multi-root `.code-workspace`, `.devcontainer`, extension recommendation, AI/MCP, and LaTeX trust surfaces before you trust it.\n\nIf you want the scanner to inspect external reusable workflows as well, add `--resolve-external-workflows`. That mode is opt-in because it fetches the referenced workflow files.\n\nProject docs: [External interface](https://github.com/ToppyMicroServices/workspace-guard/blob/main/docs/external-interface.md) · [Contributing](https://github.com/ToppyMicroServices/workspace-guard/blob/main/CONTRIBUTING.md) · [Support](https://github.com/ToppyMicroServices/workspace-guard/blob/main/SUPPORT.md) · [Security](https://github.com/ToppyMicroServices/workspace-guard/blob/main/.github/SECURITY.md) · [OpenSSF readiness](https://github.com/ToppyMicroServices/workspace-guard/blob/main/docs/openssf-best-practices.md)\n\nDisclaimer: Workspace Guard reduces common VS Code workspace and repository-trust mistakes, but it is not a sandbox, malware scanner, or guarantee against all unsafe repositories, extensions, or user actions.\n\n© 2026 ToppyMicroServices OÜ — Registry code 16551297 — Tallinn, Estonia.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoppymicroservices%2Fworkspace-guard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftoppymicroservices%2Fworkspace-guard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoppymicroservices%2Fworkspace-guard/lists"}