Gathering detailed insights and metrics for @octokit-next/endpoint
Gathering detailed insights and metrics for @octokit-next/endpoint
Installations
npm install @octokit-next/endpointDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
22.15.0
NPM Version
10.9.2
Score
73.8
Supply Chain
98.8
Quality
85.7
Maintenance
100
Vulnerability
99.6
License
Releases
51
Languages
2
JavaScript
TypeScript
JavaScript (79.48%)
TypeScript (20.52%)
Developer
octokit
Download Statistics
Total Downloads
8,683
Last Day
9
Last Week
236
Last Month
460
Last Year
2,519
GitHub Statistics
MIT License
24 Stars
302 Commits
3 Forks
8 Watchers
5 Branches
17 Contributors
Updated on May 20, 2025
Maintainers
2
Package Meta Information
Latest Version
3.0.0
Package Id
@octokit-next/endpoint@3.0.0
Unpacked Size
54.90 kB
Size
12.39 kB
File Count
22
NPM Version
10.9.2
Node Version
22.15.0
Published on
May 20, 2025
Total Downloads
Cumulative downloads
Total Downloads
8,683
Last Day
0%
9
Compared to previous day
Last Week
227.8%
236
Compared to previous week
Last Month
75.6%
460
Compared to previous month
Last Year
-12.2%
2,519
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
endpoint.js
Turns GitHub REST API endpoints into generic request options
@octokit-next/endpoint combines GitHub REST API routes with parameters and turns them into generic request options that can be used in any request library.
Usage
| Browsers |
Load @octokit-next/endpoint directly from cdn.skypack.dev
|
|---|---|
| Node |
Install with
|
| Deno |
Load
|
Example for List organization repositories
1const requestOptions = endpoint("GET /orgs/{org}/repos", { 2 headers: { 3 authorization: "token 0000000000000000000000000000000000000001", 4 }, 5 org: "octokit", 6 type: "private", 7});
The resulting requestOptions looks as follows
1{ 2 "method": "GET", 3 "url": "https://api.github.com/orgs/octokit/repos?type=private", 4 "headers": { 5 "accept": "application/vnd.github.v3+json", 6 "authorization": "token 0000000000000000000000000000000000000001", 7 "user-agent": "octokit-next/endpoint.js v1.2.3" 8 } 9}
You can pass requestOptions to common request libraries
1const { url, ...options } = requestOptions; 2// https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch 3fetch(url, options); 4// https://github.com/sindresorhus/got 5got[options.method](url, options); 6// https://github.com/axios/axios 7axios(requestOptions);
For PUT/POST endpoints with request body parameters, the code is slightly different
1const { url, data, ...options } = requestOptions; 2// https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch 3fetch(url, { ...options, body: JSON.stringify(data) }); 4// https://github.com/sindresorhus/got 5got[options.method](url, { ...options, json: data }); 6// https://github.com/axios/axios 7axios(requestOptions);
API
endpoint(route, options) or endpoint(options)
| name | type | description |
|---|---|---|
route
| String |
If set, it has to be a string consisting of URL and the request method, e.g., GET /orgs/{org}. If it’s set to a URL, only the method defaults to GET.
|
options.method
| String |
Required unless route is set. Any supported http verb. Defaults to GET.
|
options.url
| String |
Required unless route is set. A path or full URL which may contain :variable or {variable} placeholders,
e.g., /orgs/{org}/repos.
|
options.baseUrl
| String |
Defaults to https://api.github.com.
|
options.headers
| Object |
Custom headers. Passed headers are merged with defaults:headers['user-agent'] defaults to octokit-endpoint.js/1.2.3 (where 1.2.3 is the released version).headers['accept'] defaults to application/vnd.github.v3+json. |
options.mediaType.format
| String |
Media type param, such as raw, diff, or text+json. See Media Types. Setting options.mediaType.format will amend the headers.accept value.
|
options.mediaType.previews
| Array of Strings |
Name of previews, such as mercy, symmetra, or scarlet-witch. See API Previews. If options.mediaType.previews was set as default, the new previews will be merged into the default ones. Setting options.mediaType.previews will amend the headers.accept value. options.mediaType.previews will be merged with an existing array set using .withDefaults().
|
options.data
| Any |
Set request body directly instead of setting it to JSON based on additional parameters. See "The data parameter" below.
|
options.request
| Object |
Pass custom meta information for the request. The request object will be returned as is.
|
All other options will be passed depending on the method and url options.
- If the option key has a placeholder in the
url, it will be used as the replacement. For example, if the passed options are{url: '/orgs/{org}/repos', org: 'foo'}the returnedoptions.urlishttps://api.github.com/orgs/foo/repos. - If the
methodisGETorHEAD, the option is passed as a query parameter. - Otherwise, the parameter is passed in the request body as a JSON key.
Result
endpoint() is a synchronous method and returns an object with the following keys:
| key | type | description |
|---|---|---|
method | String | The http method. Always lowercase. |
url | String | The url with placeholders replaced with passed parameters. |
headers | Object | All header names are lowercased. |
body | Any | The request body if one is present. Only for PATCH, POST, PUT, DELETE requests. |
request | Object | Request meta option, it will be returned as it was passed into endpoint() |
endpoint.withDefaults()
Override or set default options. Example:
1const myEndpoint = endpoint.withDefaults({ 2 baseUrl: "https://github-enterprise.acme-inc.com/api/v3", 3 headers: { 4 "user-agent": "myApp/1.2.3", 5 authorization: `token 0000000000000000000000000000000000000001`, 6 }, 7}); 8 9const options = myEndpoint(`GET /orgs/{org}/repos`, { 10 org: "my-project", 11 per_page: 100, 12}); 13// { 14// "method": "GET", 15// "url": "https://api.github.com/orgs/my-project/repos?per_page=100", 16// "headers": { 17// "accept": "application/vnd.github.v3+json", 18// "authorization": "token 0000000000000000000000000000000000000001", 19// "user-agent": "myApp/1.2.3" 20// } 21// }
You can call .withDefaults() again on the returned method, the defaults will cascade.
1const myEndpointWithToken2 = myEndpoint.withDefaults({ 2 headers: { 3 authorization: `token 0000000000000000000000000000000000000002`, 4 }, 5}); 6 7const options2 = myEndpointWithToken2(`GET /orgs/{org}/repos`, { 8 org: "my-project", 9 per_page: 100, 10}); 11// { 12// "method": "GET", 13// "url": "https://api.github.com/orgs/my-project/repos?per_page=100", 14// "headers": { 15// "accept": "application/vnd.github.v3+json", 16// "authorization": "token 0000000000000000000000000000000000000002", 17// "user-agent": "myApp/1.2.3" 18// } 19// }
endpoint.DEFAULTS
The current default options.
1endpoint.DEFAULTS.baseUrl; // https://api.github.com 2const myEndpoint = endpoint.withDefaults({ 3 baseUrl: "https://github-enterprise.acme-inc.com/api/v3", 4}); 5myEndpoint.DEFAULTS.baseUrl; // https://github-enterprise.acme-inc.com/api/v3
endpoint.merge(route, options) or endpoint.merge(options)
Get the defaulted endpoint options, but without parsing them into request options:
1const myProjectEndpoint = endpoint.withDefaults({ 2 baseUrl: "https://github-enterprise.acme-inc.com/api/v3", 3 headers: { 4 "user-agent": "myApp/1.2.3", 5 }, 6 org: "my-project", 7}); 8myProjectEndpoint.merge("GET /orgs/{org}/repos", { 9 headers: { 10 authorization: `token 0000000000000000000000000000000000000001`, 11 }, 12 org: "my-secret-project", 13 type: "private", 14}); 15 16// { 17// baseUrl: 'https://github-enterprise.acme-inc.com/api/v3', 18// method: 'GET', 19// url: '/orgs/{org}/repos', 20// headers: { 21// accept: 'application/vnd.github.v3+json', 22// authorization: `token 0000000000000000000000000000000000000001`, 23// 'user-agent': 'myApp/1.2.3' 24// }, 25// org: 'my-secret-project', 26// type: 'private' 27// }
endpoint.parse()
Stateless method to turn endpoint options into request options. Calling
endpoint(options) is the same as calling endpoint.parse(endpoint.merge(options)).
Types
@octokit-next/endpoint supports types for all REST API endpoints across all supported targets (github.com, GitHub AE, GitHub Enterprise Server).
In order to take advantage of the types, you have to install the @octokit-next/types-rest-api* packages for the platform(s) you want to target.
For example, to get types for all of github.com's REST API endpoints, use @octokit-next/types-rest-api.
1/// <reference types="@octokit-next/types-rest-api" /> 2 3import { endpoint } from "@octokit-next/endpoint"; 4 5endpoint(""); 6// Set cursor in the route argument and press `Ctrl + Space` to get a type ahead for all 700+ REST API endpoints 7 8const requestOptions = endpoint("GET /orgs/{org}/repos", { org: "octokit" }); 9// requestOptions.method is now typed as `"GET"` instead of `string` 10// requestOptions.url is now typed as `"/orgs/{org}/repos"` instead of `string` 11// requestOptions.data does not exist on types.
To support GitHub Enterprise Server 3.0 and all new versions, import @octokit-next/types-rest-api-ghes-3.0 and set the request version:
1/// <reference types="@octokit-next/types-rest-api-ghes-3.0" /> 2 3import { endpoint } from "@octokit-next/endpoint"; 4 5endpoint("", { 6 request: { 7 version: "ghes-3.0", 8 }, 9}); 10// Set cursor in the route argument and press `Ctrl + Space` to get a type ahead for all GHES 3.0 REST API endpoints 11 12const requestOptions = endpoint("GET /admin/users/{username}", { 13 request: { 14 version: "ghes-3.0", 15 }, 16 username: "octocat", 17}); 18// requestOptions.method is now typed as `"GET"` instead of `string` 19// requestOptions.url is now typed as `"/admin/users/{username}"` instead of `string` 20// requestOptions.data does not exist on types.
Types in the @octokit-next/types-rest-api-ghes packages are additive. So you can set request.version to ghes-3.1 and ghes-3.2 as well.
The version can be set using endpoint.withDefaults() as well. You can override the version in each endpoint() call.
1/// <reference types="@octokit-next/types-rest-api-ghes-3.0" /> 2 3import { endpoint } from "@octokit-next/endpoint"; 4 5const ghes30endpoint = endpoint.withDefaults({ 6 request: { 7 version: "ghes-3.0", 8 }, 9}); 10 11endpoint(""); 12// Set cursor in the route argument and press `Ctrl + Space` to get a type ahead for all GHES 3.0 REST API endpoints
If you need your script to work across github.com and a minimal GitHub Enterprise Server version, you can use any of the @octokit-next/types-rest-api-ghes-*-compatible packages.
1/// <reference types="@octokit-next/types-rest-api-ghes-3.0-compatible" /> 2 3import { endpoint } from "@octokit-next/endpoint"; 4 5const ghes30endpoint = endpoint.withDefaults({ 6 request: { 7 version: "ghes-3.0", 8 }, 9}); 10 11endpoint(""); 12// Set cursor in the route argument and press `Ctrl + Space` to get a type ahead for all REST API endpoints 13// that exist in both github.com and GitHub Enterprise Server 3.0
Special cases
The data parameter – set request body directly
Some endpoints such as Render a Markdown document in raw mode don’t have parameters that are sent as request body keys, instead, the request body needs to be set directly. In these cases, set the data parameter.
1const options = endpoint("POST /markdown/raw", { 2 data: "Hello world github/linguist#1 **cool**, and #1!", 3 headers: { 4 accept: "text/html;charset=utf-8", 5 "content-type": "text/plain", 6 }, 7}); 8 9// options is 10// { 11// method: 'post', 12// url: 'https://api.github.com/markdown/raw', 13// headers: { 14// accept: 'text/html;charset=utf-8', 15// 'content-type': 'text/plain', 16// 'user-agent': userAgent 17// }, 18// body: 'Hello world github/linguist#1 **cool**, and #1!' 19// }
Set parameters for both the URL/query and the request body
There are API endpoints that accept both query parameters as well as a body. In that case, you need to add the query parameters as templates to options.url, as defined in the RFC 6570 URI Template specification.
Example
1endpoint( 2 "POST https://uploads.github.com/repos/octocat/Hello-World/releases/1/assets{?name,label}", 3 { 4 name: "example.zip", 5 label: "short description", 6 headers: { 7 "content-type": "text/plain", 8 "content-length": 14, 9 authorization: `token 0000000000000000000000000000000000000001`, 10 }, 11 data: "Hello, world!", 12 } 13);
LICENSE
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:14
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
0 existing vulnerabilities detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add_to_octokit_project.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/add_to_octokit_project.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/codeql-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/immediate-response.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/immediate-response.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/openapi-update.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/openapi-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/openapi-update.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/openapi-update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/openapi-update.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/openapi-update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/openapi-update.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/openapi-update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/openapi-update.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/openapi-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/octokit/octokit-next.js/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:24
- Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
- Info: 2 out of 3 npmCommand dependencies pinned
Reason
Found 1/28 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/add_to_octokit_project.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/openapi-update.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:8
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.5
/10
Last Scanned on 2025-05-12
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More