Gathering detailed insights and metrics for @commercetools/ts-client
Gathering detailed insights and metrics for @commercetools/ts-client
The e-commerce SDK from commercetools for JavaScript written in TypeScript.
Installations
npm install @commercetools/ts-clientDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, UMD
Min. Node Version
>=18
Node Version
22.15.0
NPM Version
10.9.2
Releases
275
@commercetools/ts-client@4.1.0
@commercetools/ts-client@4.1.0
Updated on Jul 16, 2025
@commercetools/ts-client@4.0.1
@commercetools/ts-client@4.0.1
Updated on Jul 11, 2025
@commercetools/importapi-sdk@6.5.0
@commercetools/importapi-sdk@6.5.0
Updated on Jul 09, 2025
@commercetools/platform-sdk@8.12.1
@commercetools/platform-sdk@8.12.1
Updated on Jul 09, 2025
@commercetools/ts-client@4.0.0
@commercetools/ts-client@4.0.0
Updated on Jul 09, 2025
@commercetools/history-sdk@5.4.1
@commercetools/history-sdk@5.4.1
Updated on Jul 09, 2025
Languages
3
TypeScript
JavaScript
Makefile
TypeScript (99.85%)
JavaScript (0.12%)
Makefile (0.03%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
56 Stars
1,120 Commits
27 Forks
41 Watchers
17 Branches
342 Contributors
Updated on Jul 16, 2025
Maintainers
6
Package Meta Information
Latest Version
4.1.0
Package Id
@commercetools/ts-client@4.1.0
Unpacked Size
324.16 kB
Size
76.57 kB
File Count
49
NPM Version
10.9.2
Node Version
22.15.0
Published on
Jul 16, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
5
Commercetools Composable Commerce (Improved) TypeScript SDK client
This is the new and improved Typescript SDK client.
Usage examples
1npm install --save @commercetools/ts-client 2npm install --save @commercetools/platform-sdk 3 4or 5 6yarn add @commercetools/ts-client 7yarn add @commercetools/platform-sdk
1import { 2 type Next, 3 type HttpMiddlewareOptions, 4 type AuthMiddlewareBaseOptions, 5 type ClientRequest, 6 type MiddlewareRequest, 7 type MiddlewareResponse, 8 type Client, 9 createHttpMiddleware, 10 createConcurrentModificationMiddleware, 11 createAuthMiddlewareForClientCredentialsFlow, 12 ClientBuilder, 13} from '@commercetools/ts-client' 14import { createApiBuilderFromCtpClient } from '@commercetools/platform-sdk' 15 16const projectKey = 'mc-project-key' 17const authMiddlewareOptions = { 18 host: 'https://auth.europe-west1.gcp.commercetools.com', 19 projectKey, 20 credentials: { 21 clientId: 'mc-client-id', 22 clientSecret: 'mc-client-secrets', 23 }, 24 oauthUri: '/oauth/token', // - optional: custom oauthUri 25 scopes: [`manage_project:${projectKey}`], 26 httpClient: fetch, 27} 28 29const httpMiddlewareOptions = { 30 host: 'https://api.europe-west1.gcp.commercetools.com', 31 httpClient: fetch, 32} 33 34const retryOptions = { 35 maxRetries: 3, 36 retryDelay: 200, 37 backoff: true, 38 retryCodes: [503], 39} 40 41const loggerFn = (response) => { 42 // log response object 43 console.log(response) 44} 45 46// custom middleware 47function middleware(options) { 48 return (next: Next) => 49 async (request: MiddlewareRequest): Promise<MiddlewareResponse> => { 50 const { response, ...rest } = request 51 52 // other actions can also be carried out here e.g logging, 53 // error handling, injecting custom headers to http requests etc. 54 console.log({ response, rest }) 55 return next({ ...request }) 56 } 57} 58 59const client: Client = new ClientBuilder() 60 .withPasswordFlow(authMiddlewareOptions) 61 .withLoggerMiddleware({ loggerFn }) 62 .withCorrelationIdMiddleware({ 63 generate: () => 'fake-correlation-id' + Math.floor(Math.random() + 2), 64 }) 65 .withHttpMiddleware(httpMiddlewareOptions) 66 .withMiddleware(middleware({})) // <<<------------------- add the custom middleware here 67 .build() 68 69const apiRoot = createApiBuilderFromCtpClient(client) 70 71// calling the Composable Commerce `api` functions 72// get project details 73apiRoot 74 .withProjectKey({ projectKey }) 75 .get() 76 .execute() 77 .then((x) => { 78 /*...*/ 79 }) 80 81// create a productType 82apiRoot 83 .withProjectKey({ projectKey }) 84 .productTypes() 85 .post({ 86 body: { name: 'product-type-name', description: 'some description' }, 87 }) 88 .execute() 89 .then((x) => { 90 /*...*/ 91 }) 92 93// create a product 94apiRoot 95 .withProjectKey({ projectKey }) 96 .products() 97 .post({ 98 body: { 99 name: { en: 'our-great-product-name' }, 100 productType: { 101 typeId: 'product-type', 102 id: 'some-product-type-id', 103 }, 104 slug: { en: 'some-slug' }, 105 }, 106 }) 107 .execute() 108 .then((x) => { 109 /*...*/ 110 })
Create a client
To create a client, use the ClientBuilder class. The ClientBuilder class provides a fluent API to configure the client.
1const authMiddlewareOptions = { 2 credentials: { 3 clientId: 'xxx', 4 clientSecret: 'xxx', 5 }, 6 host: 'https://auth.europe-west1.gcp.commercetools.com', 7 projectKey: 'xxx', 8} 9 10const httpMiddlewareOptions = { 11 host: 'https://api.europe-west1.gcp.commercetools.com', 12 httpClient: fetch, 13} 14 15const client = new ClientBuilder() 16 .withHttpMiddleware(httpMiddlewareOptions) 17 .withConcurrentModificationMiddleware() 18 .withClientCredentialsFlow(authMiddlewareOptions) 19 .build()
The withMiddleware method can be used to add middleware functions (both built-in and custom middleware) in an ordered fashion.
1// Example 2const authMiddlewareOptions = { 3 credentials: { 4 clientId: 'xxx', 5 clientSecret: 'xxx', 6 }, 7 host: 'https://auth.europe-west1.gcp.commercetools.com', 8 projectKey: 'xxx', 9} 10 11const httpMiddlewareOptions = { 12 host: 'https://api.europe-west1.gcp.commercetools.com', 13 httpClient: fetch, 14} 15 16const logger = () => { 17 return (next) => async (request) => { 18 // log request object 19 console.log('Request:', request) 20 const response = await next(request) 21 22 // log response object 23 console.log('Response', response) 24 return response 25 } 26} 27 28const client = new ClientBuilder() 29 .withMiddleware( 30 createAuthMiddlewareForClientCredentialsFlow(authMiddlewareOptions) 31 ) 32 .withMiddleware(createHttpMiddleware(httpMiddlewareOptions)) 33 .withMiddleware(createConcurrentModificationMiddleware()) 34 .withMiddleware(logger()) 35 .build()
This will add the middleware in an ordered fashion starting with the:
- createAuthMiddlewareForClientCredentialsFlow
- createHttpMiddleware
- createConcurrentModificationMiddleware
- logger
Note that when using the withMiddleware function to add a custom middleware along side other in built middleware functions, it will add the custom middleware to the start of the execution chain.
1// Example 2const authMiddlewareOptions = { 3 credentials: { 4 clientId: 'xxx', 5 clientSecret: 'xxx', 6 }, 7 host: 'https://auth.europe-west1.gcp.commercetools.com', 8 projectKey: 'xxx', 9} 10 11const httpMiddlewareOptions = { 12 host: 'https://api.europe-west1.gcp.commercetools.com', 13 httpClient: fetch, 14} 15 16const logger = () => { 17 return (next) => async (request) => { 18 // log request object 19 console.log('Request:', request) 20 const response = await next(request) 21 22 // log response object 23 console.log('Response', response) 24 return response 25 } 26} 27 28const client = new ClientBuilder() 29 .withClientCredentialsFlow(authMiddlewareOptions) 30 .withHttpMiddleware(httpMiddlewareOptions) 31 .withConcurrentModificationMiddleware() 32 .withMiddleware(logger()) 33 .build()
The order of execution is as follows:
- withMiddleware <------ the custom middleware
- withClientCredentialsFlow
- withHttpMiddleware
- withConcurrentModificationMiddleware
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
SAST tool is run on all commits
Details
- Info: all commits (30) are checked with a SAST tool
Reason
Found 3/4 approved changesets -- score normalized to 7
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-pr.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/create-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/create-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/qa.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/qa.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: containerImage not pinned by hash: examples/datadog-express-apm/container-agent/Dockerfile:1: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:df02558528d3d3d0d621f112e232611aecfee7cbc654f6b375765f72bb262799
- Info: 8 out of 17 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 10 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'master'
- Info: 'force pushes' disabled on branch 'master'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'
- Warn: branch 'master' does not require approvers
- Warn: codeowners review is not required on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Warn: PRs are not required to make changes on branch 'master'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/create-pr.yml:11
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/create-pr.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/qa.yml:4
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/release.yml:9
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/semgrep.yml:14
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/semgrep.yml:11
- Info: topLevel 'actions' permission set to 'read': .github/workflows/semgrep.yml:13
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.9
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More