npmpackage.info

Gathering detailed insights and metrics for @tbdex/http-server

Other packages similar to @tbdex/http-server

@leordev-tbdex/http-server

0.27.3

A configurable implementation of the [tbdex http api draft specification](https://github.com/TBD54566975/tbdex-protocol/blob/main/rest-api/README.md)

@tbdex/http-server

2.2.1

Apache-2.0

TypeScript

118.64 kB

22,601 4.8

Installations

npm install @tbdex/http-server

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Node Version

21.7.1

NPM Version

10.5.0 Score

55.4

Supply Chain

57.7

Quality

85.2

Maintenance

Vulnerability

97.6

License

Pull Requests

Open

1

Total

188

Closed

36

Merged

151

Issues

Open

28

Total

89

Closed

61

Releases

@tbdex/protocol@2.2.1

Published on 03 Sept 2024

@tbdex/http-server@2.2.1

Published on 03 Sept 2024

@tbdex/http-client@2.2.1

Published on 03 Sept 2024

@tbdex/protocol@2.2.0

Published on 13 Aug 2024

@tbdex/http-server@2.2.0

Published on 13 Aug 2024

@tbdex/http-client@2.2.0

Published on 13 Aug 2024

View all 51 releases

Contributors

Unable to fetch Contributors

View all 13 contributors

Languages

TypeScript

JavaScript

Shell

TypeScript (95.54%)

JavaScript (3.73%)

Shell (0.73%)

Developer

TBD54566975

Download Statistics

Total Downloads

22,601

Last Day

Last Week

Last Month

267

Last Year

19,974

GitHub Statistics

12 Stars

185 Commits

9 Forks

3 Watching

31 Branches

13 Contributors

Maintainers

Package Meta Information

Latest Version

2.2.1

Package Id

@tbdex/http-server@2.2.1

Unpacked Size

118.64 kB

Size

24.50 kB

File Count

NPM Version

10.5.0

Node Version

21.7.1

Publised On

03 Sept 2024

Total Downloads

Cumulative downloads

Total Downloads

22,601

Last day

-25%

Compared to previous day

Last week

44.2%

Compared to previous week

Last month

149.5%

267

Compared to previous month

Last year

660.3%

19,974

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@web5/dids cors express @tbdex/http-client @tbdex/protocol

Dev Dependencies

@types/chai @types/cors @types/express @types/http-errors @types/mocha @types/node @types/sinon @types/sinon-chai chai query-string rimraf sinon sinon-chai supertest typescript

Versions

tbdex http server

A configurable implementation of the tbdex http api draft specification

This repo is currently under construction 🚧

Installation

1npm install @tbdex/http-server

Usage

1import { TbdexHttpServer } from '@tbdex/http-server'
2
3const api = new TbdexHttpServer()
4
5api.get('offerings', async (ctx, filter) => { /* write biz logic here */ })
6api.get('exchanges', async (ctx, filter) => { /* write biz logic here */ })
7
8api.submit('rfq', async (ctx, message) => { /* write biz logic here */ })
9api.submit('order', async (ctx, message) => { /* write biz logic here */ })
10api.submit('close', async (ctx, message) => { /* write biz logic here */ })
11
12
13await api.listen(9000, () => {
14  console.log('Server listening on port 9000')
15})

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

9

SAST

Determines if the project uses static code analysis.

7

CI-Tests

Determines if the project runs tests before pull requests are merged.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/codeql.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrity-check.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/integrity-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrity-check.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/integrity-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrity-check.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/integrity-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tbdocs-commenter.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/tbdocs-commenter.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tbdocs-commenter.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/tbdocs-commenter.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/tbdocs-commenter.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/tbdocs-commenter.yml/main?enable=pin
Info: 10 out of 19 GitHub-owned GitHubAction dependencies pinned
Info: 3 out of 14 third-party GitHubAction dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

0

Fuzzing

Determines if the project uses fuzzing.

Reason

project is not fuzzed

Details

Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)

0

Maintained

Determines if the project is "actively maintained".

0

Security-Policy

Determines if the project has published a security policy.

Reason

security policy file not detected

Details

Warn: no security policy file detected: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. For additional information on vulnerability disclosure, see https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md. (Medium effort)
Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Provide a point of contact in your SECURITY.md. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
Warn: no security file to analyze: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Warn: no topLevel permission defined: .github/workflows/codeql.yml:1: Visit https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/codeql.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:37
Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:38
Warn: no topLevel permission defined: .github/workflows/docs-ci.yml:1: Visit https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-ci.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Warn: no topLevel permission defined: .github/workflows/docs-publish.yml:1: Visit https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/docs-publish.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/docs-publish.yml:19: Verify which permissions are needed and consider whether you can reduce them. (High effort)
Info: jobLevel 'contents' permission set to 'read': .github/workflows/docs-publish.yml:76
Warn: no topLevel permission defined: .github/workflows/integrity-check.yml:1: Visit https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/integrity-check.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Info: topLevel 'contents' permission set to 'read': .github/workflows/release-snapshot.yml:14
Warn: no topLevel permission defined: .github/workflows/release.yml:1: Visit https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/release.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:18: Verify which permissions are needed and consider whether you can reduce them. (High effort)
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/scorecard.yml:25: Verify which permissions are needed and consider whether you can reduce them. (High effort)
Warn: no topLevel permission defined: .github/workflows/security.yml:1: Visit https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/security.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Warn: no topLevel permission defined: .github/workflows/tbdocs-commenter.yml:1: Visit https://app.stepsecurity.io/secureworkflow/TBD54566975/tbdex-js/tbdocs-commenter.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)

Score

4.8

/10

Last Scanned on 2024-12-09T05:06:53Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More