{"id":5807133,"name":"flex-development/flautoreview","ecosystem":"actions","description":"Automate pull request reviews","homepage":"","licenses":"bsd-3-clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/flex-development/flautoreview","keywords_array":["automation","github-action","github-actions-typescript","github-automation","pull-request-review","pull-requests","typescript","typescript-action"],"namespace":"flex-development","versions_count":2,"first_release_published_at":"2021-08-20T07:55:28.000Z","latest_release_published_at":"2021-08-21T18:21:45.000Z","latest_release_number":"v1.0.1","last_synced_at":"2026-05-08T04:17:15.799Z","created_at":"2023-01-04T16:44:08.217Z","updated_at":"2026-05-08T04:17:15.800Z","registry_url":"https://github.com/flex-development/flautoreview","install_command":null,"documentation_url":null,"metadata":{"name":"flautoreview","description":"Automate pull request reviews","author":"@flex-development","inputs":{"body":{"default":"","description":"body text of pull request review.\nrequired when using COMMENT or REQUEST_CHANGES for the event input\n","required":false},"event":{"default":"APPROVE","description":"automated review action to perform\noptions: APPROVE | COMMENT | REQUEST_CHANGES\n","required":false},"reviewers":{"default":"","description":"list of user logins and/or team slugs to automate reviews on behalf of\ne.g: 'flexdevelopment'\n","required":false},"senders":{"default":"","description":"list of review requesters allowed to request automated reviews\ne.g: 'unicornware'\n","required":false},"token":{"default":"${{ github.token }}","description":"personal access token (PAT) used to create automated pull request review.\nusing the default github token will result in the github-actions bot\nsubmitting reviews instead of the user or team listed in reviewers\n","required":true}},"runs":{"main":"dist/index.js","using":"node12"},"branding":{"color":"blue","icon":"check-circle"},"default_branch":"next","path":null},"repo_metadata":{"id":47638671,"uuid":"396998770","full_name":"flex-development/flautoreview","owner":"flex-development","description":"GitHub Action to automate pull request reviews","archived":true,"fork":false,"pushed_at":"2022-08-16T05:02:31.000Z","size":1001,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"next","last_synced_at":"2025-08-17T03:48:54.375Z","etag":null,"topics":["automation","github-action","github-actions-typescript","github-automation","pull-request-review","pull-requests","typescript","typescript-action"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flex-development.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-16T22:38:45.000Z","updated_at":"2023-10-21T21:43:17.000Z","dependencies_parsed_at":"2023-01-04T12:29:14.318Z","dependency_job_id":null,"html_url":"https://github.com/flex-development/flautoreview","commit_stats":{"total_commits":28,"total_committers":1,"mean_commits":28.0,"dds":0.0,"last_synced_commit":"8699b0e8e070b575c85e758ecfdaa9586fdf9da4"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/flex-development/flautoreview","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flex-development","download_url":"https://codeload.github.com/flex-development/flautoreview/tar.gz/refs/heads/next","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/sbom","scorecard":{"id":403116,"data":{"date":"2025-08-11","repo":{"name":"github.com/flex-development/flautoreview","commit":"8699b0e8e070b575c85e758ecfdaa9586fdf9da4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":1,"reason":"Found 3/27 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/continuous-integration.yml:1","Warn: no topLevel permission defined: .github/workflows/dependabot-auto.yml:1","Warn: no topLevel permission defined: .github/workflows/flautoreview.yml:1","Warn: no topLevel permission defined: .github/workflows/label-syncer.yml:1","Warn: no topLevel permission defined: .github/workflows/lock-inactive-threads.yml:1","Warn: no topLevel permission defined: .github/workflows/no-response.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continuous-integration.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/flautoreview/continuous-integration.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continuous-integration.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/flautoreview/continuous-integration.yml/next?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-auto.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/flautoreview/dependabot-auto.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flautoreview.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/flautoreview/flautoreview.yml/next?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-syncer.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/flautoreview/label-syncer.yml/next?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-syncer.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/flautoreview/label-syncer.yml/next?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-inactive-threads.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/flautoreview/lock-inactive-threads.yml/next?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   4 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.0.1 not signed: https://api.github.com/repos/flex-development/flautoreview/releases/48225819","Warn: release artifact v1.0.0 not signed: https://api.github.com/repos/flex-development/flautoreview/releases/48164133","Warn: release artifact v1.0.1 does not have provenance: https://api.github.com/repos/flex-development/flautoreview/releases/48225819","Warn: release artifact v1.0.0 does not have provenance: https://api.github.com/repos/flex-development/flautoreview/releases/48164133"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":1,"reason":"branch protection is not maximal on development and all release branches","details":["Warn: branch protection not enabled for branch 'main'","Info: 'allow deletion' disabled on branch 'next'","Info: 'force pushes' disabled on branch 'next'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'next'","Info: 'stale review dismissal' is required to merge on branch 'next'","Warn: required approving review count is 1 on branch 'next'","Warn: codeowners review is not required on branch 'next'","Info: 'last push approval' is required to merge on branch 'next'","Info: 'up-to-date branches' is required to merge on branch 'next'","Info: status check found to merge onto on branch 'next'","Info: PRs are required in order to make changes on branch 'next'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"44 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-7r3h-m5j6-3q42","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-fj58-h2fr-3pp2","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33","Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959","Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-hj9c-8jmm-8c52","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx","Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-wpg7-2c88-r8xv","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7","Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5","Warn: Project is vulnerable to: GHSA-xx4c-jj58-r7x6","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T20:32:59.220Z","repository_id":47638671,"created_at":"2025-08-18T20:32:59.220Z","updated_at":"2025-08-18T20:32:59.220Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279008442,"owners_count":26084460,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"flex-development","name":"Flex Development","uuid":"48739091","kind":"organization","description":"Doing the heavy lifting so you don't have to 😉🦾","email":"hello@flexdevelopment.llc","website":"https://flexdevelopment.llc","location":"United States of America","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/48739091?v=4","repositories_count":78,"last_synced_at":"2025-10-01T03:56:48.405Z","metadata":{"has_sponsors_listing":true},"html_url":"https://github.com/flex-development","funding_links":["https://github.com/sponsors/flex-development"],"total_stars":68,"followers":6,"following":0,"created_at":"2022-11-15T22:40:28.202Z","updated_at":"2025-10-01T03:56:48.405Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flex-development","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flex-development/repositories"},"tags":[{"name":"v1.0.1","sha":"6ed768d1788992f6606c22e56fe730c633181d6c","kind":"tag","published_at":"2021-08-21T18:21:45.000Z","download_url":"https://codeload.github.com/flex-development/flautoreview/tar.gz/v1.0.1","html_url":"https://github.com/flex-development/flautoreview/releases/tag/v1.0.1","dependencies_parsed_at":"2023-05-31T11:42:33.084Z","dependency_job_id":null,"purl":"pkg:github/flex-development/flautoreview@v1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"569adc431f5fd8852dd1938e5890ef22c31dd695","kind":"tag","published_at":"2021-08-20T07:55:28.000Z","download_url":"https://codeload.github.com/flex-development/flautoreview/tar.gz/v1.0.0","html_url":"https://github.com/flex-development/flautoreview/releases/tag/v1.0.0","dependencies_parsed_at":"2023-05-31T11:42:34.784Z","dependency_job_id":null,"purl":"pkg:github/flex-development/flautoreview@v1.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/tags/v1.0.0/manifests"}]},"repo_metadata_updated_at":"2025-10-13T06:58:30.178Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":1,"rankings":{"downloads":null,"dependent_repos_count":24.791633655522105,"dependent_packages_count":0.0,"stargazers_count":48.34733005862779,"forks_count":35.16399936618602,"docker_downloads_count":null,"average":27.07574077008398},"purl":"pkg:githubactions/flex-development/flautoreview","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/flex-development/flautoreview","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/actions/flex-development/flautoreview","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/flex-development/flautoreview/dependencies","status":null,"funding_links":["https://github.com/sponsors/flex-development"],"critical":null,"issue_metadata":{"last_synced_at":"2023-08-09T09:39:48.143Z","issues_count":0,"pull_requests_count":4,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":6296.75,"issues_closed_count":0,"pull_requests_closed_count":4,"pull_request_authors_count":1,"issue_authors_count":0,"avg_comments_per_issue":null,"avg_comments_per_pull_request":1.0,"merged_pull_requests_count":3,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":0,"past_year_pull_requests_count":0,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":0,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fflautoreview/issues","maintainers":[{"login":"unicornware","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/unicornware"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/flex-development%2Fflautoreview/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/flex-development%2Fflautoreview/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/flex-development%2Fflautoreview/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/flex-development%2Fflautoreview/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/flex-development%2Fflautoreview/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/flex-development%2Fflautoreview/codemeta","maintainers":[]}