Gathering detailed insights and metrics for @inrupt/oidc-client-ext
Gathering detailed insights and metrics for @inrupt/oidc-client-ext
Installations
npm install @inrupt/oidc-client-extDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
22.10.0
NPM Version
lerna/8.1.9/node@v22.10.0+x64 (linux)
Statistics
70 Stars
2,816 Commits
42 Forks
16 Watching
23 Branches
31 Contributors
Updated on 26 Nov 2024
Bundle Size
326.64 kB
Minified
83.98 kB
Minified + Gzipped
Languages
TypeScript (94.73%)
JavaScript (2.9%)
Python (1.22%)
Makefile (0.71%)
HTML (0.45%)
Total Downloads
Cumulative downloads
Total Downloads
4,852,147
Last day
-13.9%
454
Compared to previous day
Last week
-25.8%
2,160
Compared to previous week
Last month
-19.5%
9,844
Compared to previous month
Last year
-70.1%
118,937
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
3
Versions
Solid JavaScript Authentication - solid-client-authn
This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to engineering@inrupt.com.
solid-client-authn is a suite of libraries to manage the authentication required to access protected resources on Solid servers.
The libraries share a common API and include different modules for different deployment environments:
solid-client-authn-browsercan be used to build web apps in the browser.solid-client-authn-nodecan be used to build server-side and console-based apps.
@inrupt/solid-client-authn libraries are part of a suite open source JavaScript libraries designed to support developers building Solid applications.
Inrupt Solid JavaScript Client Libraries
Data access and permissions management - solid-client
@inrupt/solid-client allows developers to access data and manage permissions on data stored in Solid Pods.
Authentication - solid-client-authn
@inrupt/solid-client-authn allows developers to authenticate against a Solid server. This is necessary when the resources on your Pod are not public.
Vocabularies and interoperability - solid-common-vocab-rdf
@inrupt/solid-common-vocab-rdf allows developers to build interoperable apps by reusing well-known vocabularies. These libraries provide vocabulary terms as constants that you just have to import.
Supported environments
Our JavaScript Client Libraries use relatively modern JavaScript, aligned with the ES2018 Specification features, we ship both ESM and CommonJS, with type definitions for TypeScript alongside.
This means that out of the box, we only support environments (browsers or runtimes) that were released after mid-2018, if you wish to target other (older) environments, then you will need to cross-compile our SDKs via the use of Babel, webpack, SWC, or similar.
If you need support for Internet Explorer, it is recommended to pass them
through a tool like Babel, and to add polyfills for e.g.
Map, Set, Promise, Headers, Array.prototype.includes, Object.entries
and String.prototype.endsWith.
Node.js Support
See Inrupt Solid Javascript Client Libraries.
Installation
For the latest stable version of solid-client-authn-browser:
1npm install @inrupt/solid-client-authn-browser
For the latest stable version of solid-client-authn-node:
1npm install @inrupt/solid-client-authn-node
For the latest stable version of all Inrupt Solid JavaScript libraries:
1# For browser-based projects 2npm install @inrupt/solid-client @inrupt/solid-client-authn-browser @inrupt/vocab-common-rdf 3 4# For Node.js-based projects 5npm install @inrupt/solid-client @inrupt/solid-client-authn-node @inrupt/vocab-common-rdf
Issues & Help
Solid Community Forum
If you have questions about working with Solid or just want to share what you’re working on, visit the Solid forum. The Solid forum is a good place to meet the rest of the community.
Bugs and Feature Requests
- For public feedback, bug reports, and feature requests please file an issue via GitHub.
- For non-public feedback or support inquiries please use the Inrupt Service Desk.
Documentation
- Using Inrupt Solid JavaScript Client Libraries to authenticate
- Inrupt documentation Homepage
- Architecture and design documentation
- Security policy and vulnerability reporting
How to run test apps?
Browser
1git clone https://github.com/inrupt/solid-client-authn-js 2cd solid-client-authn-js 3npm ci 4cd packages/browser/examples/single/bundle/ 5npm ci 6npm run start
Go to http://localhost:3001/.
NodeJS
Running a server-side app
1git clone https://github.com/inrupt/solid-client-authn-js 2cd solid-client-authn-js 3npm ci 4cd packages/node/example/demoClientApp/ 5npm ci 6npm run start
Go to http://localhost:3001/.
Running an authenticated script
Using with jest
Due to a behavior from jsdom, @inrupt/solid-client-authn-browser needs some adjustments if you want to run it with jest. There are multiple options, listed in a dedicated issue. Thanks to Angelo V. for proposing a mitigation.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:11
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Info: codeowner review is required on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 6 commits out of 30 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-browser.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/e2e-browser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-browser.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/e2e-browser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-browser.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/e2e-browser.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-node.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/e2e-node.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-node.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/e2e-node.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/inrupt/solid-client-authn-js/release.yml/main?enable=pin
- Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 4 out of 4 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/audit.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/e2e-browser.yml:1
- Warn: no topLevel permission defined: .github/workflows/e2e-node.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7.4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More