Gathering detailed insights and metrics for fastify-auth0-verify
Gathering detailed insights and metrics for fastify-auth0-verify
Installations
npm install fastify-auth0-verifyDeveloper
nearform
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 20
Typescript Support
Yes
Node Version
18.20.4
NPM Version
10.7.0
Statistics
97 Stars
375 Commits
25 Forks
80 Watching
8 Branches
45 Contributors
Updated on 09 Nov 2024
Languages
JavaScript (95.36%)
TypeScript (4.64%)
Total Downloads
Cumulative downloads
Total Downloads
1,656,637
Last day
-18%
2,800
Compared to previous day
Last week
-2.9%
13,311
Compared to previous week
Last month
-1.7%
62,842
Compared to previous month
Last year
35.6%
732,524
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
fastify-auth0-verify
Auth0 verification plugin for Fastify.
Internally this is a lighweight wrapper around fastify-jwt-jwks and accepts most of the same options. The differences are highlighted in this document. Refer to the documentation in the fastify-jwt-jwks repository for general usage.
Installation
Just run:
1npm install fastify-auth0-verify --save
Usage
The configuration options for this plugin are similar to those in fastify-jwt-jwks, except that this package accepts a domain option instead of jwksUrl:
domain: The Auth0 tenant domain. It enables verification of RS256 encoded JWT tokens. It is also used to verify the token issuer (iss). Either provide a domain (domain.com) or the full URL, including the trailing slash (https://domain.com/).
Contributing
See CONTRIBUTING.md
Developer notes
Tests
Tests are currently split into unit and integration. Integration tests need the following environment variables:
| Env var | |
|---|---|
AUTH0_DOMAIN | Auth0 dashboard -> application -> Settings -> Domain |
AUTH0_CLIENT_ID | Auth0 dashboard -> application -> Settings -> Client ID |
AUTH0_CLIENT_SECRET | Auth0 dashboard -> application -> Settings -> Client Secret |
AUTH0_API_AUDIENCE | Auth0 application identifier |
License
Copyright NearForm Ltd. Licensed under the Apache-2.0 license.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 6/8 approved changesets -- score normalized to 7
Reason
3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-linked-issues.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/nearform/fastify-auth0-verify/check-linked-issues.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nearform/fastify-auth0-verify/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/nearform/fastify-auth0-verify/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/nearform/fastify-auth0-verify/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/nearform/fastify-auth0-verify/notify-release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/nearform/fastify-auth0-verify/release.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:24
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/check-linked-issues.yml:19
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/notify-release.yml:17
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:21
- Warn: no topLevel permission defined: .github/workflows/check-linked-issues.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/notify-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
4.7
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More