{"id":13519057,"url":"https://github.com/woocommerce/woocommerce","last_synced_at":"2026-01-19T12:00:52.777Z","repository":{"id":37270324,"uuid":"2179920","full_name":"woocommerce/woocommerce","owner":"woocommerce","description":"A customizable, open-source ecommerce platform built on WordPress. Build any commerce solution you can imagine.","archived":false,"fork":false,"pushed_at":"2026-01-16T18:30:59.000Z","size":863626,"stargazers_count":10140,"open_issues_count":2893,"forks_count":10735,"subscribers_count":537,"default_branch":"trunk","last_synced_at":"2026-01-16T23:19:14.494Z","etag":null,"topics":["automattic","ecommerce","ecommerce-platform","hacktoberfest","php","reactjs","woocommerce","wordpress"],"latest_commit_sha":null,"homepage":"https://woocommerce.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/woocommerce.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.txt","contributing":".github/CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2011-08-09T15:12:11.000Z","updated_at":"2026-01-16T17:05:15.000Z","dependencies_parsed_at":"2023-10-14T14:01:53.501Z","dependency_job_id":"b6044174-2d9d-4ba5-bd5f-51b0baf2ef95","html_url":"https://github.com/woocommerce/woocommerce","commit_stats":{"total_commits":54432,"total_committers":1668,"mean_commits":32.63309352517986,"dds":0.7975088183421517,"last_synced_commit":"4f9b530d12290a08ea8ad5531546f80435eeddbd"},"previous_names":["woothemes/woocommerce"],"tags_count":866,"template":false,"template_full_name":null,"purl":"pkg:github/woocommerce/woocommerce","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woocommerce%2Fwoocommerce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woocommerce%2Fwoocommerce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woocommerce%2Fwoocommerce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woocommerce%2Fwoocommerce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/woocommerce","download_url":"https://codeload.github.com/woocommerce/woocommerce/tar.gz/refs/heads/trunk","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woocommerce%2Fwoocommerce/sbom","scorecard":{"id":396770,"data":{"date":"2025-07-07","repo":{"name":"github.com/woocommerce/woocommerce","commit":"785af5e98057dcc3aef67047d633b013dda1ecbd"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":5.1,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact nightly not signed: https://api.github.com/repos/woocommerce/woocommerce/releases/25945111","Warn: release artifact 10.0.0-rc.2 not signed: https://api.github.com/repos/woocommerce/woocommerce/releases/228791573","Warn: release artifact 10.0.0-rc.1 not signed: https://api.github.com/repos/woocommerce/woocommerce/releases/227132511","Warn: release artifact 9.9.5 not signed: https://api.github.com/repos/woocommerce/woocommerce/releases/227113842","Warn: release artifact 9.9.4 not signed: https://api.github.com/repos/woocommerce/woocommerce/releases/225654565","Warn: release artifact nightly does not have provenance: https://api.github.com/repos/woocommerce/woocommerce/releases/25945111","Warn: release artifact 10.0.0-rc.2 does not have provenance: https://api.github.com/repos/woocommerce/woocommerce/releases/228791573","Warn: release artifact 10.0.0-rc.1 does not have provenance: https://api.github.com/repos/woocommerce/woocommerce/releases/227132511","Warn: release artifact 9.9.5 does not have provenance: https://api.github.com/repos/woocommerce/woocommerce/releases/227113842","Warn: release artifact 9.9.4 does not have provenance: https://api.github.com/repos/woocommerce/woocommerce/releases/225654565"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-live-branch.yml:34","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/changelog-auto-add.yml:28","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/cherry-pick.yml:145","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cherry-pick.yml:146","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:550","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:475","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:514","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:583","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/nightly-builds.yml:21","Info: jobLevel 'contents' permission set to 'read': .github/workflows/package-php-mirror.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/package-release.yml:21","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-assess-bundle-size.yml:46","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/pr-build-live-branch.yml:41","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-project-label.yml:16","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/prepare-package-release.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-build-zip-file.yml:173","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-build-zip-file.yml:222","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/release-cfe-cherry-pick.yml:129","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-cfe-cherry-pick.yml:130","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-cfe-cherry-pick.yml:27","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/release-cfe-cherry-pick.yml:28","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-code-freeze.yml:120","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-compile-changelog.yml:30","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/release-prr-cherry-pick.yml:165","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-prr-cherry-pick.yml:166","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-upload-to-wporg.yml:17","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-upload-to-wporg.yml:131","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-wc-beta-tester.yml:16","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/stalebot.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/automate-team-review-assignment.yml:14","Info: found token with 'none' permissions: .github/workflows/build-live-branch.yml:1","Warn: no topLevel permission defined: .github/workflows/changelog-auto-add.yml:1","Info: found token with 'none' permissions: .github/workflows/cherry-pick.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: found token with 'none' permissions: .github/workflows/milestoned.yml:1","Info: found token with 'none' permissions: .github/workflows/nightly-builds.yml:1","Info: found token with 'none' permissions: .github/workflows/package-php-mirror.yml:1","Info: found token with 'none' permissions: .github/workflows/package-release.yml:1","Warn: no topLevel permission defined: .github/workflows/pr-assess-bundle-size.yml:1","Info: found token with 'none' permissions: .github/workflows/pr-build-live-branch.yml:1","Warn: no topLevel permission defined: .github/workflows/pr-highlight-changes.yml:1","Warn: no topLevel permission defined: .github/workflows/pr-highlight-rest-api-changes.yml:1","Info: found token with 'none' permissions: .github/workflows/pr-project-label.yml:1","Info: found token with 'none' permissions: .github/workflows/prepare-package-release.yml:1","Info: found token with 'none' permissions: .github/workflows/pull-request-post-merge-processing.yml:1","Info: found token with 'none' permissions: .github/workflows/release-build-zip-file.yml:1","Info: found token with 'none' permissions: .github/workflows/release-cfe-cherry-pick.yml:1","Info: found token with 'none' permissions: .github/workflows/release-cfe-prr-issue-validation.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-code-freeze.yml:8","Warn: no topLevel permission defined: .github/workflows/release-commits-and-contributors.yml:1","Warn: no topLevel permission defined: .github/workflows/release-compile-changelog.yml:1","Warn: no topLevel permission defined: .github/workflows/release-feature-highlights-notification.yml:1","Warn: no topLevel permission defined: .github/workflows/release-new-release-published.yml:1","Info: found token with 'none' permissions: .github/workflows/release-prr-cherry-pick.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-update-stable-tag.yml:21","Info: found token with 'none' permissions: .github/workflows/release-upload-to-wporg.yml:1","Info: found token with 'none' permissions: .github/workflows/release-wc-beta-tester.yml:1","Info: found token with 'none' permissions: .github/workflows/stalebot.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/storybook-pages.yml:9","Warn: no topLevel permission defined: .github/workflows/tests-canonical-extensions.yml:1","Warn: no topLevel permission defined: .github/workflows/tests-on-demand.yml:1","Warn: no topLevel permission defined: .github/workflows/tests-on-release.yml:1","Info: found token with 'none' permissions: .github/workflows/triage-replies.yml:1","Info: found token with 'none' permissions: .github/workflows/update-feedback-labels.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-live-branch.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/build-live-branch.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-live-branch.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/build-live-branch.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-auto-add.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/changelog-auto-add.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cherry-pick.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/cherry-pick.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:322: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:479: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:486: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:517: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:553: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:586: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:350: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:399: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/ci.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-builds.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/nightly-builds.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/package-release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/package-release.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-assess-bundle-size.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/pr-assess-bundle-size.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-build-live-branch.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/pr-build-live-branch.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-build-live-branch.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/pr-build-live-branch.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-build-live-branch.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/pr-build-live-branch.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-highlight-changes.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/pr-highlight-changes.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-project-label.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/pr-project-label.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-package-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/prepare-package-release.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-zip-file.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-build-zip-file.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-zip-file.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-build-zip-file.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-zip-file.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-build-zip-file.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build-zip-file.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-build-zip-file.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cfe-cherry-pick.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-cfe-cherry-pick.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-code-freeze.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-code-freeze.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-code-freeze.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-code-freeze.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-code-freeze.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-code-freeze.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-commits-and-contributors.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-commits-and-contributors.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-commits-and-contributors.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-commits-and-contributors.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-commits-and-contributors.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-commits-and-contributors.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-commits-and-contributors.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-commits-and-contributors.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-compile-changelog.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-compile-changelog.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-new-release-published.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-new-release-published.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-prr-cherry-pick.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-prr-cherry-pick.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-stable-tag.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-update-stable-tag.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-update-stable-tag.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-update-stable-tag.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-wc-beta-tester.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-wc-beta-tester.yml/trunk?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-wc-beta-tester.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/release-wc-beta-tester.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stalebot.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/stalebot.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stalebot.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/stalebot.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage-replies.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/triage-replies.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage-replies.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/triage-replies.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage-replies.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/triage-replies.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage-replies.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/triage-replies.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage-replies.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/triage-replies.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage-replies.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/triage-replies.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage-replies.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/woocommerce/woocommerce/triage-replies.yml/trunk?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/scripts/run-metrics.sh:41","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:608","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:616","Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:526","Warn: npmCommand not pinned by hash: .github/workflows/pr-assess-bundle-size.yml:62","Warn: npmCommand not pinned by hash: .github/workflows/release-code-freeze.yml:25","Warn: npmCommand not pinned by hash: .github/workflows/release-feature-highlights-notification.yml:17","Info:  64 out of 119 GitHub-owned GitHubAction dependencies pinned","Info:  42 out of  43 third-party GitHubAction dependencies pinned","Info:   0 out of   7 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"81 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-47f6-5gq3-vx9c","Warn: Project is vulnerable to: GHSA-v9qv-c7wm-wgmf","Warn: Project is vulnerable to: GHSA-qq5c-677p-737q","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-x4c5-c7rf-jjgv","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58","Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-8gh8-hqwg-xf34","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-j383-35pm-c5h4","Warn: Project is vulnerable to: GHSA-rm36-94g8-835r","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-m5qc-5hw7-8vg7","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c","Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T19:12:25.857Z","repository_id":37270324,"created_at":"2025-08-18T19:12:25.858Z","updated_at":"2025-08-18T19:12:25.858Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28567861,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T08:53:44.001Z","status":"ssl_error","status_checked_at":"2026-01-19T08:52:40.245Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automattic","ecommerce","ecommerce-platform","hacktoberfest","php","reactjs","woocommerce","wordpress"],"created_at":"2024-08-01T05:01:53.256Z","updated_at":"2026-01-19T12:00:52.747Z","avatar_url":"https://github.com/woocommerce.png","language":"PHP","funding_links":[],"categories":["PHP","前端开发框架及项目","Wordpress+WooCommerce","hacktoberfest","Bonus: Studentisches Start-Up (Software-Entwicklung)"],"sub_categories":["其他_文本生成、文本对话"],"readme":"# WooCommerce Monorepo\n\n![WooCommerce](https://woocommerce.com/wp-content/themes/woo/images/logo-woo@2x.png)\n\nWelcome to the WooCommerce monorepo on GitHub. Here you can find all of the plugins, packages, and tools used in the development of the core WooCommerce plugin as well as WooCommerce extensions. You can browse the source, look at open issues, contribute code, and keep tracking of ongoing development.\n\nWe recommend all developers follow the [WooCommerce development blog](https://developer.woocommerce.com/blog/) to stay up to date with everything happening in the project. You can also [follow @DevelopWoo](https://x.com/DevelopWoo) on X (formerly Twitter) for the latest development updates.\n\n## Getting Started\n\nTo get up and running within the WooCommerce Monorepo, you will need to make sure that you have installed all of the prerequisites.\n\n### Prerequisites\n\n-   [NVM](https://github.com/nvm-sh/nvm#installing-and-updating): While you can always install Node through other means, we recommend using NVM to ensure you're aligned with the version used by our development teams. Our repository contains [an `.nvmrc` file](.nvmrc) which helps ensure you are using the correct version of Node.\n-   [PNPM](https://pnpm.io/installation): Our repository utilizes PNPM to manage project dependencies and run various scripts involved in building and testing projects.\n-   [PHP 7.4+](https://www.php.net/manual/en/install.php): WooCommerce Core currently requires PHP version 7.4 or higher. It is also needed to run Composer and various project build scripts. See [troubleshooting](DEVELOPMENT.md#troubleshooting) for troubleshooting problems installing PHP.\n-   [Composer](https://getcomposer.org/doc/00-intro.md): We use Composer to manage all of the dependencies for PHP packages and plugins.\n\nNote: A POSIX-compliant operating system (e.g., Linux, macOS) is assumed. If you're working on a Windows machine, the recommended approach is to use [WSL](https://learn.microsoft.com/en-us/windows/wsl/install) (available since Windows 10).\n\nOnce you've installed all prerequisites, the following will prepare all of the build outputs necessary for development:\n\n```bash\n# Ensure that the correct version of Node is installed and being used\nnvm install\n# Install the PHP and Composer dependencies for all of the plugins, packages, and tools\npnpm install -frozen-lockfile\n# Build all of the plugins, packages, and tools in the monorepo\npnpm build\n```\n\n## Repository Structure\n\nEach plugin, package, and tool has its own `package.json` file containing project-specific dependencies and scripts. Most projects also contain a `README.md` file with any project-specific setup instructions and documentation.\n\n-   [**Plugins**](plugins): Our repository contains plugins that relate to or otherwise aid in the development of WooCommerce.\n    -   [**WooCommerce Core**](plugins/woocommerce): The core WooCommerce plugin is available in the plugins directory.\n-   [**Packages**](packages): Contained within the packages directory are all of the [PHP](packages/php) and [JavaScript](packages/js) provided for the community. Some of these are internal dependencies and are marked with an `internal-` prefix.\n-   [**Tools**](tools): We also have a growing number of tools within our repository. Many of these are intended to be utilities and scripts for use in the monorepo, but, this directory may also contain external tools.\n\nIf you'd like to learn more about how our monorepo works, [please check out this guide here](tools/README.md).\n\n## Reporting Security Issues\n\nTo disclose a security issue to our team, [please submit a report via HackerOne here](https://hackerone.com/automattic/).\n\n## Support\n\nThis repository is not suitable for support. Please don't use our issue tracker for support requests, but for core WooCommerce issues only. Support can take place through the appropriate channels:\n\n-   If you have a problem, you may want to start with the [self help guide](https://woocommerce.com/document/woocommerce-self-service-guide/).\n-   The [WooCommerce.com premium support portal](https://woocommerce.com/contact-us/) for customers who have purchased themes or extensions.\n-   [Our community forum on wp.org](https://wordpress.org/support/plugin/woocommerce) which is available for all WooCommerce users.\n-   [The Official WooCommerce Facebook Group](https://www.facebook.com/groups/advanced.woocommerce).\n-   For customizations, you may want to check our list of [WooExperts](https://woocommerce.com/experts/) or [Codeable](https://codeable.io/).\n\nNOTE: Unfortunately, we are unable to honor support requests in issues on this repository; as a result, any requests submitted in this manner will be closed.\n\n## Community\n\nFor peer to peer support, real-time announcements, and office hours, please [join our slack community](https://woocommerce.com/community-slack/)!\n\n## Contributing to WooCommerce\n\nAs an open source project, we rely on community contributions to continue to improve WooCommerce. To contribute, please follow the pre-requisites above and visit our [Contributing to Woo](https://developer.woocommerce.com/docs/contribution/contributing/) doc for more links and contribution guidelines.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwoocommerce%2Fwoocommerce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwoocommerce%2Fwoocommerce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwoocommerce%2Fwoocommerce/lists"}