Gathering detailed insights and metrics for @microsoft/teams-connector
Gathering detailed insights and metrics for @microsoft/teams-connector
SDK focused on building AI based applications and extensions for Microsoft Teams and other Bot Framework channels
Installations
npm install @microsoft/teams-connectorDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.16.0
NPM Version
9.5.1
Releases
43
Languages
7
C#
TypeScript
Python
Bicep
HTML
JavaScript
Shell
C# (38.94%)
TypeScript (33.11%)
Python (22.11%)
Bicep (4.8%)
HTML (0.92%)
JavaScript (0.08%)
Shell (0.04%)
Developer
microsoft
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
596 Stars
1,221 Commits
243 Forks
45 Watchers
30 Branches
133 Contributors
Updated on Jul 15, 2025
Maintainers
4
Package Meta Information
Latest Version
0.1.0-preview.1
Package Id
@microsoft/teams-connector@0.1.0-preview.1
Unpacked Size
1.56 MB
Size
228.15 kB
File Count
419
NPM Version
9.5.1
Node Version
18.16.0
Published on
Aug 08, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Microsoft Bot Framework Connector for Node.js
Within the Bot Framework, the Bot Connector service enables your bot to exchange messages with users on channels that are configured in the Bot Framework Portal.
Requirement
- Node.js version: 6.x.x or higher
How to Install
1npm install botframework-connector
How to Use
Authentication
Your bot communicates with the Bot Connector service using HTTP over a secured channel (SSL/TLS). When your bot sends a request to the Connector service, it must include information that the Connector service can use to verify its identity.
To authenticate the requests, you'll need configure the Connector with the App ID and password that you obtained for your bot during registration and the Connector will handle the rest.
More information: https://docs.microsoft.com/en-us/bot-framework/rest-api/bot-framework-rest-connector-authentication
Example
Client creation (with authentication), conversation initialization and activity send to user.
1var { ConnectorClient, MicrosoftAppCredentials } = require('botframework-connector'); 2 3async function connectToSlack() { 4 var credentials = new MicrosoftAppCredentials('<your-app-id>', '<your-app-password>'); 5 6 var botId = '<bot-id>'; 7 var recipientId = '<user-id>'; 8 9 var client = new ConnectorClient(credentials, { baseUri: 'https://slack.botframework.com' }); 10 11 var conversationResponse = await client.conversations.createConversation({ 12 bot: { id: botId }, 13 members: [ 14 { id: recipientId } 15 ], 16 isGroup: false 17 }); 18 19 var activityResponse = await client.conversations.sendToConversation(conversationResponse.id, { 20 type: 'message', 21 from: { id: botId }, 22 recipient: { id: recipientId }, 23 text: 'This a message from Bot Connector Client (NodeJS)' 24 }); 25 26 console.log('Sent reply with ActivityId:', activityResponse.id); 27}
Simple EchoBot Example (source code)
EchoBot is a minimal bot that receives message activities and replies with the same content. The sample shows how to use restify/express for listening to activities and the ConnectorClient for sending activities.
Rest API Documentation
For the Connector Service API Documentation, please see our API reference.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
License
Copyright (c) Microsoft Corporation. All rights reserved.
Licensed under the MIT License.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
24 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/coverage.yml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/coverage.yml:50
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/coverage.yml:83
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/coverage.yml:124
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/dotnet-build-test-lint.yml:34
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/dotnet-codeql.yml:33
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/dotnet-codeql.yml:34
- Info: jobLevel permissions set to 'read-all': .github/workflows/dotnet-publish.yml:19
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/dotnet-publish.yml:33
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/js-build-test-lint.yml:28
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/js-codeql.yml:32
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/js-codeql.yml:33
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr-style.yml:14
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/python-build-test-lint.yml:29
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/python-codeql.yml:32
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/python-codeql.yml:33
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:29
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:30
- Info: topLevel permissions set to 'read-all': .github/workflows/coverage.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13
- Info: topLevel permissions set to 'read-all': .github/workflows/dotnet-build-test-lint.yml:17
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dotnet-codeql.yml:26
- Info: topLevel permissions set to 'read-all': .github/workflows/dotnet-publish.yml:13
- Info: topLevel permissions set to 'read-all': .github/workflows/js-build-test-lint.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/js-codeql.yml:25
- Info: topLevel permissions set to 'read-all': .github/workflows/pr-style.yml:7
- Info: topLevel permissions set to 'read-all': .github/workflows/python-build-test-lint.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/python-codeql.yml:25
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/dotnet-publish.yml:20
Reason
30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 5 contributing companies or organizations
Details
- Info: found contributions from: PasaLab, awarity.ai, microsoft, thegogod, wipro
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: CodeQL
- Warn: 24 commits out of 30 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/teams-ai/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/teams-ai/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/teams-ai/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/teams-ai/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/teams-ai/coverage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/teams-ai/coverage.yml/main?enable=pin
- Warn: pipCommand not pinned by hash: .github/workflows/coverage.yml:136
- Warn: pipCommand not pinned by hash: .github/workflows/coverage.yml:137
- Warn: nugetCommand not pinned by hash: .github/workflows/dotnet-build-test-lint.yml:44: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)
- Warn: pipCommand not pinned by hash: .github/workflows/python-build-test-lint.yml:38
- Warn: pipCommand not pinned by hash: .github/workflows/python-build-test-lint.yml:39
- Info: 32 out of 33 GitHub-owned GitHubAction dependencies pinned
- Info: 7 out of 12 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 pipCommand dependencies pinned
- Info: 0 out of 1 nugetCommand dependencies pinned
Reason
badge detected: InProgress
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'allow deletion' disabled on branch 'kavin/dotnet-pipeline'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'force pushes' enabled on branch 'kavin/dotnet-pipeline'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'kavin/dotnet-pipeline'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Info: codeowner review is required on branch 'main'
- Warn: could not determine whether codeowners review is allowed
- Info: 'last push approval' is required to merge on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Warn: no status checks found to merge onto branch 'kavin/dotnet-pipeline'
- Info: PRs are required in order to make changes on branch 'main'
- Warn: PRs are not required to make changes on branch 'kavin/dotnet-pipeline'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
24 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr
- Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj
- Warn: Project is vulnerable to: GHSA-79v4-65xg-pq4g
- Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj
- Warn: Project is vulnerable to: GHSA-j66q-qmrc-89rx
- Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7
- Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5
- Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v
- Warn: Project is vulnerable to: GHSA-5m98-qgg9-wh84
- Warn: Project is vulnerable to: GHSA-7gpw-8wmc-pm8g
- Warn: Project is vulnerable to: GHSA-5chr-fjjv-38qv
Score
7.6
/10
Last Scanned on 2025-07-15T16:04:57Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More