{"id":971791,"name":"@hapi/hapi","ecosystem":"npm","description":"HTTP Server framework","homepage":"https://hapi.dev","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/hapijs/hapi","keywords_array":["framework","http","api","web"],"namespace":"hapi","versions_count":60,"first_release_published_at":"2019-04-10T20:33:58.367Z","latest_release_published_at":"2026-05-06T10:38:26.287Z","latest_release_number":"21.4.9","last_synced_at":"2026-05-18T17:15:05.659Z","created_at":"2022-04-07T18:10:39.915Z","updated_at":"2026-05-18T17:15:05.659Z","registry_url":"https://www.npmjs.com/package/@hapi/hapi","install_command":"npm install @hapi/hapi","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"lts":"18.4.1","next":"21.3.0","v20-latest":"20.3.0","latest":"21.4.9"}},"repo_metadata":{"id":37405703,"uuid":"2163263","full_name":"hapijs/hapi","owner":"hapijs","description":"The Simple, Secure Framework Developers Trust","archived":false,"fork":false,"pushed_at":"2026-05-06T10:38:07.000Z","size":17080,"stargazers_count":14777,"open_issues_count":59,"forks_count":1342,"subscribers_count":390,"default_branch":"master","last_synced_at":"2026-05-07T18:40:53.441Z","etag":null,"topics":["application","framework","hapi","http","nodejs"],"latest_commit_sha":null,"homepage":"https://hapi.dev","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hapijs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2011-08-06T00:35:39.000Z","updated_at":"2026-05-07T13:51:06.000Z","dependencies_parsed_at":"2023-12-28T22:06:11.855Z","dependency_job_id":"5273336e-e95e-4a21-a897-3b6a82aa32c4","html_url":"https://github.com/hapijs/hapi","commit_stats":{"total_commits":4288,"total_committers":254,"mean_commits":"16.881889763779526","dds":0.5881529850746269,"last_synced_commit":"9aa775f2709617c673ee15a2a91b029e2adc7882"},"previous_names":["spumko/hapi"],"tags_count":377,"template":false,"template_full_name":null,"purl":"pkg:github/hapijs/hapi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fhapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fhapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fhapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fhapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hapijs","download_url":"https://codeload.github.com/hapijs/hapi/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fhapi/sbom","scorecard":{"id":455155,"data":{"date":"2025-08-11","repo":{"name":"github.com/hapijs/hapi","commit":"2a081d67daac20c0553b18cd9d887355a651d2a8"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":5,"reason":"Found 15/28 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":4,"reason":"5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci-module.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-module.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/hapijs/hapi/ci-module.yml/master?enable=pin","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/hapijs/.github/SECURITY.md:1","Info: Found linked content: github.com/hapijs/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/hapijs/.github/SECURITY.md:1","Info: Found text in security policy: github.com/hapijs/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T09:22:41.483Z","repository_id":37405703,"created_at":"2025-08-19T09:22:41.484Z","updated_at":"2025-08-19T09:22:41.484Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32769183,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T02:36:36.067Z","status":"ssl_error","status_checked_at":"2026-05-08T02:36:07.210Z","response_time":54,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"hapijs","name":"hapi.js","uuid":"3774533","kind":"organization","description":"The Simple, Secure Framework Developers Trust","email":null,"website":"https://hapi.dev","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/3774533?v=4","repositories_count":75,"last_synced_at":"2025-10-14T18:15:46.854Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/hapijs","funding_links":[],"total_stars":47099,"followers":179,"following":0,"created_at":"2022-11-02T16:20:46.028Z","updated_at":"2025-10-14T18:15:46.854Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hapijs","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hapijs/repositories"},"tags":[]},"repo_metadata_updated_at":"2026-05-09T07:20:30.461Z","dependent_packages_count":1017,"downloads":6189165,"downloads_period":"last-month","dependent_repos_count":18401,"rankings":{"downloads":0.16791271643448946,"dependent_repos_count":0.21002744500434514,"dependent_packages_count":0.06799382020663683,"stargazers_count":0.870438134038676,"forks_count":1.061693621530314,"docker_downloads_count":0.1102458496821556,"average":0.4147185978161028},"purl":"pkg:npm/%40hapi/hapi","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzdnctbWh2NS1ncnY1","url":"https://github.com/advisories/GHSA-23vw-mhv5-grv5","title":"Denial of Service in @hapi/hapi","description":"Versions of `@hapi/hapi` prior to 18.4.1 or 19.1.1 are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will exist, allowing an attacker to shut down services.\n\n\n## Recommendation\n\nUpgrade to versions 18.4.1, 19.1.1 or later.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-09-03T15:48:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://www.npmjs.com/advisories/1482","https://github.com/advisories/GHSA-23vw-mhv5-grv5"],"source_kind":"github","identifiers":["GHSA-23vw-mhv5-grv5"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:14.358Z","updated_at":"2026-05-17T16:10:14.880Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzdnctbWh2NS1ncnY1","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzdnctbWh2NS1ncnY1","packages":[{"ecosystem":"npm","package_name":"@hapi/hapi","versions":[{"first_patched_version":"19.1.1","vulnerable_version_range":"\u003e= 19.0.0, \u003c 19.1.1"},{"first_patched_version":"18.4.1","vulnerable_version_range":"\u003c 18.4.1"}],"purl":"pkg:npm/%40hapi%2Fhapi","statistics":{"dependent_packages_count":1017,"dependent_repos_count":18401,"downloads":6189165,"downloads_period":"last-month"},"affected_versions":["17.9.0","18.2.0","18.3.0","18.3.1","18.3.2","18.4.0","19.0.0","19.0.1","19.0.2","19.0.3","19.0.4","19.0.5","19.1.0"],"unaffected_versions":["18.4.1","19.1.1","19.2.0","20.0.0","20.0.1","20.0.2","20.0.3","20.1.0","20.1.1","20.1.2","20.1.3","20.1.4","20.1.5","20.2.0","20.2.1","20.2.2","20.3.0","21.0.0","21.1.0","21.2.0","21.2.1","21.2.2","21.3.0","21.3.1","21.3.2","21.3.3","21.3.4","21.3.5","21.3.6","21.3.7","21.3.8","21.3.9","21.3.10","21.3.11","21.3.12","21.4.0","21.4.1","21.4.2","21.4.3","21.4.4","21.4.5","21.4.6","21.4.7","21.4.8","21.4.9"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzdnctbWh2NS1ncnY1/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/@hapi/hapi","docker_dependents_count":290,"docker_downloads_count":431738681,"usage_url":"https://repos.ecosyste.ms/usage/npm/@hapi/hapi","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/@hapi/hapi/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-05-07T18:27:04.278Z","issues_count":137,"pull_requests_count":117,"avg_time_to_close_issue":18138947.550561797,"avg_time_to_close_pull_request":6508548.777777778,"issues_closed_count":89,"pull_requests_closed_count":90,"pull_request_authors_count":36,"issue_authors_count":116,"avg_comments_per_issue":2.8905109489051095,"avg_comments_per_pull_request":1.5982905982905984,"merged_pull_requests_count":69,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":11,"past_year_pull_requests_count":7,"past_year_avg_time_to_close_issue":88284.0,"past_year_avg_time_to_close_pull_request":148845.33333333334,"past_year_issues_closed_count":2,"past_year_pull_requests_closed_count":3,"past_year_pull_request_authors_count":5,"past_year_issue_authors_count":10,"past_year_avg_comments_per_issue":1.7272727272727273,"past_year_avg_comments_per_pull_request":5.571428571428571,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":3,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/hapijs%2Fhapi/issues","maintainers":[{"login":"Nargonath","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Nargonath"},{"login":"devinivy","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/devinivy"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@hapi%2Fhapi/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@hapi%2Fhapi/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@hapi%2Fhapi/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@hapi%2Fhapi/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@hapi%2Fhapi/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@hapi%2Fhapi/codemeta","maintainers":[{"uuid":"nlf","login":"nlf","name":null,"email":"quitlahok@gmail.com","url":null,"packages_count":313,"html_url":"https://www.npmjs.com/~nlf","role":null,"created_at":"2022-11-10T10:53:05.353Z","updated_at":"2022-11-10T10:53:05.353Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/nlf/packages"},{"uuid":"marsup","login":"marsup","name":null,"email":"nicolas@morel.io","url":null,"packages_count":172,"html_url":"https://www.npmjs.com/~marsup","role":null,"created_at":"2022-11-10T10:53:05.338Z","updated_at":"2022-11-10T10:53:05.338Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/marsup/packages"},{"uuid":"devinivy","login":"devinivy","name":null,"email":"devinivy@gmail.com","url":null,"packages_count":323,"html_url":"https://www.npmjs.com/~devinivy","role":null,"created_at":"2022-11-10T10:53:05.358Z","updated_at":"2022-11-10T10:53:05.358Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/devinivy/packages"},{"uuid":"wyatt","login":"wyatt","name":null,"email":"wpreul@gmail.com","url":null,"packages_count":187,"html_url":"https://www.npmjs.com/~wyatt","role":null,"created_at":"2022-11-10T10:53:05.364Z","updated_at":"2022-11-10T10:53:05.364Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/wyatt/packages"},{"uuid":"lloydbenson","login":"lloydbenson","name":null,"email":"lloyd.benson@gmail.com","url":null,"packages_count":111,"html_url":"https://www.npmjs.com/~lloydbenson","role":null,"created_at":"2022-11-10T10:53:05.368Z","updated_at":"2022-11-10T10:53:05.368Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/lloydbenson/packages"},{"uuid":"cjihrig","login":"cjihrig","name":null,"email":"cjihrig@gmail.com","url":null,"packages_count":174,"html_url":"https://www.npmjs.com/~cjihrig","role":null,"created_at":"2023-01-15T17:34:49.778Z","updated_at":"2023-01-15T17:34:49.778Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/cjihrig/packages"}]}