Installations
npm install hubotDeveloper
Developer Guide
Module System
CommonJS
Min. Node Version
>= 18
Typescript Support
No
Node Version
20.8.1
NPM Version
10.9.0
Statistics
16,660 Stars
2,307 Commits
3,749 Forks
589 Watching
1 Branches
253 Contributors
Updated on 26 Nov 2024
Languages
JavaScript (98.79%)
Shell (1.21%)
Total Downloads
Cumulative downloads
Total Downloads
15,194,012
Last day
-1.3%
10,859
Compared to previous day
Last week
-4%
77,594
Compared to previous week
Last month
-9.4%
331,415
Compared to previous month
Last year
41.5%
5,607,936
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Dev Dependencies
1
Hubot
Note: v10.0.4 accidentally contains the removal of CoffeeScript; v10.0.5 puts it back in Note: v11 removes CoffeeScript and converts this codebase to ESM
Hubot is a framework to build chat bots, modeled after GitHub's Campfire bot of the same name, hubot. He's pretty cool. He's extendable with scripts and can work on many different chat services.
This repository provides a library that's distributed by npm that you
use for building your own bots. See the documentation
for details on getting up and running with your very own robot friend.
In most cases, you'll probably never have to hack on this repo directly if you are building your own bot. But if you do, check out CONTRIBUTING.md
Create your own Hubot instance
This will create a directory called myhubot in the current working directory.
1npx hubot --create myhubot --adapter @hubot-friends/hubot-slack 2npx hubot --create myhubot --adapter @hubot-friends/hubot-discord 3npx hubot --create myhubot --adapter @hubot-friends/hubot-ms-teams 4npx hubot --create myhubot --adapter @hubot-friends/hubot-irc
Review scripts/example.mjs. Create more scripts in the scripts folder.
License
See the LICENSE file for license rights and limitations (MIT).
Hubot History
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
9 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pipeline.yml:82
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Reason
SAST tool is not run on all commits -- score normalized to 8
Details
- Warn: 14 commits out of 17 are checked with a SAST tool
Reason
Found 3/26 approved changesets -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-macos.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/nodejs-macos.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-macos.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/nodejs-macos.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ubuntu.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/nodejs-ubuntu.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-ubuntu.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/nodejs-ubuntu.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-windows.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/nodejs-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-windows.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/nodejs-windows.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pipeline.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/pipeline.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sfab-gh-pages.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/sfab-gh-pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sfab-gh-pages.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/sfab-gh-pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sfab-gh-pages.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/sfab-gh-pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sfab-gh-pages.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/sfab-gh-pages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sfab-gh-pages.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/hubotio/hubot/sfab-gh-pages.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: bin/e2e-test.sh:15
- Warn: npmCommand not pinned by hash: script/bootstrap:3
- Warn: npmCommand not pinned by hash: script/release:12
- Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 8 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs-macos.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs-ubuntu.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs-windows.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/pipeline.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/sfab-gh-pages.yml:14
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.7
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More