{"id":8604497,"name":"@strapi/core","ecosystem":"npm","description":"Core of Strapi","homepage":"https://strapi.io","licenses":"SEE LICENSE IN LICENSE","normalized_licenses":["ICU"],"repository_url":"https://github.com/strapi/strapi","keywords_array":[],"namespace":"strapi","versions_count":1246,"first_release_published_at":"2025-10-27T13:59:56.043Z","latest_release_published_at":"2026-06-17T10:03:01.819Z","latest_release_number":"5.48.1","last_synced_at":"2026-06-22T10:17:14.284Z","created_at":"2023-11-28T14:45:15.729Z","updated_at":"2026-06-22T14:15:29.067Z","registry_url":"https://www.npmjs.com/package/@strapi/core","install_command":"npm install @strapi/core","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"rc":"5.0.0-rc.30","alpha":"0.0.0-experimental.4e03c41e8e44fa7b77c41c3e0edd86c7f1fc9c52","beta":"5.17.0-beta.0","beta-ai":"0.0.0-experimental.646a3d905bdd8978683813330ee46984938eed0a","latest":"5.48.1","next":"0.0.0-next.00da31ed44b3477c61b3aa70d8eb169722e6b028","experimental":"0.0.0-experimental.0860f8c8d0bf37916071e49a06eb4a8086f490f1"}},"repo_metadata":{"id":37251858,"uuid":"43441403","full_name":"strapi/strapi","owner":"strapi","description":"🚀 Strapi is the leading open-source headless CMS. It’s 100% JavaScript/TypeScript, fully customizable, and developer-first.","archived":false,"fork":false,"pushed_at":"2026-06-15T08:18:48.000Z","size":649521,"stargazers_count":72363,"open_issues_count":651,"forks_count":9741,"subscribers_count":644,"default_branch":"develop","last_synced_at":"2026-06-15T08:23:50.759Z","etag":null,"topics":["api","cms","cms-framework","content-management","content-management-system","customizable","dashboard","graphql","hacktoberfest","headless-cms","jamstack","javascript","mysql","no-code","nodejs","posgresql","rest","strapi","typescript"],"latest_commit_sha":null,"homepage":"https://strapi.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/strapi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"open_collective":"strapi"}},"created_at":"2015-09-30T15:34:48.000Z","updated_at":"2026-06-15T08:17:49.000Z","dependencies_parsed_at":"2023-09-21T17:09:34.111Z","dependency_job_id":"bcdb62f9-0cea-4bc7-a906-3d152068d3b3","html_url":"https://github.com/strapi/strapi","commit_stats":{"total_commits":24065,"total_committers":1084,"mean_commits":22.20018450184502,"dds":0.8536463744026594,"last_synced_commit":"64bd4f3d1efcc9420d27c4f4d2013677ded62360"},"previous_names":["wistityhq/strapi"],"tags_count":543,"template":false,"template_full_name":null,"purl":"pkg:github/strapi/strapi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strapi%2Fstrapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strapi%2Fstrapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strapi%2Fstrapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strapi%2Fstrapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/strapi","download_url":"https://codeload.github.com/strapi/strapi/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strapi%2Fstrapi/sbom","scorecard":{"id":854686,"data":{"date":"2025-08-11","repo":{"name":"github.com/strapi/strapi","commit":"06f5279fc9311f59f0473629613fe9516b74ddca"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6,"checks":[{"name":"Code-Review","score":9,"reason":"Found 25/27 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/adminBundleSize.yml:20","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/tests.yml:26","Warn: no topLevel permission defined: .github/workflows/adminBundleSize.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/caniuse.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/changeFreeze.yml:7","Warn: no topLevel permission defined: .github/workflows/checks.yml:1","Warn: no topLevel permission defined: .github/workflows/clean-up-pr-caches.yml:1","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/close_stale_issues.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/close_stale_issues.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/commitlint.yml:10","Info: topLevel 'actions' permission set to 'read': .github/workflows/commitlint.yml:11","Info: found token with 'none' permissions: .github/workflows/contributor-doc.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/diff_prs.yml:15","Info: topLevel 'statuses' permission set to 'read': .github/workflows/issues_dailyCron.yml:9","Info: topLevel 'actions' permission set to 'read': .github/workflows/issues_handleLabel.yml:10","Info: topLevel 'checks' permission set to 'read': .github/workflows/issues_handleLabel.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/issues_handleLabel.yml:12","Info: topLevel 'repository-projects' permission set to 'read': .github/workflows/issues_handleLabel.yml:13","Info: topLevel 'statuses' permission set to 'read': .github/workflows/issues_handleLabel.yml:14","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/label_stale_issues.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/label_stale_issues.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/publish-prerelease.yml:11","Warn: no topLevel permission defined: .github/workflows/publish-release.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/remove-dist-tag.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests.yml:16","Info: topLevel 'actions' permission set to 'read': .github/workflows/tests.yml:17","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'develop'","Info: 'force pushes' disabled on branch 'develop'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'develop'","Warn: required approving review count is 1 on branch 'develop'","Warn: codeowners review is not required on branch 'develop'","Warn: 'up-to-date branches' is disabled on branch 'develop'","Info: status check found to merge onto on branch 'develop'","Info: PRs are required in order to make changes on branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (29) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/adminBundleSize.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/adminBundleSize.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/adminBundleSize.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/adminBundleSize.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/adminBundleSize.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/adminBundleSize.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/caniuse.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/caniuse.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/caniuse.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/caniuse.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/changeFreeze.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/changeFreeze.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/changeFreeze.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/changeFreeze.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/checks.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/checks.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/checks.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clean-up-pr-caches.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/clean-up-pr-caches.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close_stale_issues.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/close_stale_issues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close_stale_issues.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/close_stale_issues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close_stale_issues.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/close_stale_issues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commitlint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/commitlint.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commitlint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/commitlint.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/commitlint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/commitlint.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/contributor-doc.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/contributor-doc.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/contributor-doc.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/contributor-doc.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/contributor-doc.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/contributor-doc.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff_prs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/diff_prs.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_dailyCron.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_dailyCron.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues_handleLabel.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/issues_handleLabel.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/nightly.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/nightly.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-prerelease.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/publish-prerelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-prerelease.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/publish-prerelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/publish-release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/publish-release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/publish-release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/remove-dist-tag.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/remove-dist-tag.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/remove-dist-tag.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/remove-dist-tag.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:413: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:414: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:498: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:499: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:524: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:525: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:390: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:391: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:457: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:311: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:351: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:352: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/strapi/strapi/tests.yml/develop?enable=pin","Info:   0 out of  61 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  25 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"56 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v8gg-4mq2-88q4","Warn: Project is vulnerable to: GHSA-24q2-59hm-rh9r","Warn: Project is vulnerable to: GHSA-v8wj-f5c7-pvxf","Warn: Project is vulnerable to: GHSA-9xg4-3qfm-9w8f","Warn: Project is vulnerable to: GHSA-chmr-rg2f-9jmf","Warn: Project is vulnerable to: GHSA-2h87-4q2w-v4hf","Warn: Project is vulnerable to: GHSA-wrvh-rcmr-9qfc","Warn: Project is vulnerable to: GHSA-f6fm-r26q-p747","Warn: Project is vulnerable to: GHSA-vgj7-895j-gpr6","Warn: Project is vulnerable to: GHSA-4vm8-j95f-j6v5","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m","Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m","Warn: Project is vulnerable to: GHSA-jgmv-j7ww-jx2x","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-6xc2-mj39-q599","Warn: Project is vulnerable to: GHSA-49vv-6q7q-w5cf","Warn: Project is vulnerable to: GHSA-9p2w-rmx4-9mw7","Warn: Project is vulnerable to: GHSA-65wv-528r-m892","Warn: Project is vulnerable to: GHSA-7frv-9phw-vrvr","Warn: Project is vulnerable to: GHSA-85vg-grr5-pw42","Warn: Project is vulnerable to: GHSA-4phg-hpqm-c3j4","Warn: Project is vulnerable to: GHSA-xrjf-phvv-r4vr","Warn: Project is vulnerable to: GHSA-37hx-4mcq-wc3h","Warn: Project is vulnerable to: GHSA-9qgm-w87q-hx89","Warn: Project is vulnerable to: GHSA-mcqm-6ff4-53qx","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6","Warn: Project is vulnerable to: GHSA-x574-m823-4x7w","Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8","Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x","Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4","Warn: Project is vulnerable to: GHSA-859w-5945-r5v3","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T23:34:00.137Z","repository_id":37251858,"created_at":"2025-08-23T23:34:00.138Z","updated_at":"2025-08-23T23:34:00.138Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34557934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-20T02:00:06.407Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"strapi","name":"strapi","uuid":"19872173","kind":"organization","description":"Build powerful back-end with no effort.","email":"hi@strapi.io","website":"https://strapi.io","location":"Paris, France","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/19872173?v=4","repositories_count":78,"last_synced_at":"2025-03-20T17:04:05.961Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/strapi","funding_links":[],"total_stars":75152,"followers":2133,"following":0,"created_at":"2022-11-02T16:34:41.256Z","updated_at":"2025-03-20T17:04:05.962Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/strapi","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/strapi/repositories"},"tags":[]},"repo_metadata_updated_at":"2026-06-22T12:15:44.779Z","dependent_packages_count":1,"downloads":609869,"downloads_period":"last-month","dependent_repos_count":1,"rankings":{"downloads":11.221331165106848,"dependent_repos_count":10.340532343810322,"dependent_packages_count":20.981644393120014,"stargazers_count":0.10378528059845106,"forks_count":0.4252918908294696,"docker_downloads_count":null,"average":8.614517014693021},"purl":"pkg:npm/%40strapi/core","advisories":[{"uuid":"GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8","url":"https://github.com/advisories/GHSA-9329-mxxw-qwf8","title":"Strapi core vulnerable to sensitive data exposure via CORS misconfiguration","description":"### Summary\n\nA CORS misconfiguration vulnerability exists in default installations of Strapi where attacker-controlled origins are improperly reflected in API responses.\n\n### Technical Details\n\nBy default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header without proper validation or whitelisting.\n\nExample:\n`Origin: http://localhost:8888`\n`Access-Control-Allow-Origin: http://localhost:8888`\n`Access-Control-Allow-Credentials: true`\n\nThis allows an attacker-controlled site (on a different port, like 8888) to send credentialed requests to the Strapi backend on 1337.\n\n### Suggested Fix\n\n1. Explicitly whitelist trusted origins\n2. Avoid reflecting dynamic origins","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-16T19:49:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/strapi/strapi/security/advisories/GHSA-9329-mxxw-qwf8","https://nvd.nist.gov/vuln/detail/CVE-2025-53092","https://github.com/strapi/strapi/commit/6e535cb756","https://github.com/strapi/strapi/releases/tag/v5.20.0","https://github.com/advisories/GHSA-9329-mxxw-qwf8"],"source_kind":"github","identifiers":["GHSA-9329-mxxw-qwf8","CVE-2025-53092"],"repository_url":"https://github.com/strapi/strapi","blast_radius":0.0,"created_at":"2025-10-16T20:00:20.058Z","updated_at":"2026-06-22T14:03:59.381Z","epss_percentage":0.00263,"epss_percentile":0.17461,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8","packages":[{"ecosystem":"npm","package_name":"@strapi/core","versions":[{"first_patched_version":"5.20.0","vulnerable_version_range":"\u003c 5.20.0"}],"purl":"pkg:npm/%40strapi%2Fcore"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05MzI5LW14eHctcXdmOM4ABNf8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7","url":"https://github.com/advisories/GHSA-2cjv-6wg9-f4f3","title":"Strapi Password Hashing is Missing Maximum Password Length Validation","description":"## Summary\n\nStrapi's password hashing implementation using bcryptjs lacks maximum password length validation. Since bcryptjs truncates passwords exceeding 72 bytes, this creates potential vulnerabilities such as authentication bypass and performance degradation.\n\n## POC\nCreate an admin user with a password exceeding 72 characters like 85,\nLog in using only the first 72 characters of the password.\nAuthentication is successful, confirming the issue.\n\nProposed Solution Based on  discussions:\n\nAdd a maximum password length validation (72 characters) during password creation and updates for both Admin and U\u0026P users.\nTruncate passwords exceeding 72 bytes on the server before passing them to bcryptjs during login.\nOptionally, issue a warning to users with passwords longer than 72 bytes during login, informing them of truncation.\n\n## Impact\nThis issue affects all Strapi installations using bcryptjs for password hashing. Until resolved, it can lead to:\nAuthentication Bypass: Users may unknowingly set passwords exceeding 72 bytes, leading to truncated, predictable hashes.\nPerformance Issues: Excessively long passwords can degrade server performance.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-10-16T18:41:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://github.com/strapi/strapi/security/advisories/GHSA-2cjv-6wg9-f4f3","https://nvd.nist.gov/vuln/detail/CVE-2025-25298","https://github.com/strapi/strapi/commit/41f8cdf116f7f464dae7d591e52d88f7bfa4b7cb","https://github.com/advisories/GHSA-2cjv-6wg9-f4f3"],"source_kind":"github","identifiers":["GHSA-2cjv-6wg9-f4f3","CVE-2025-25298"],"repository_url":"https://github.com/strapi/strapi","blast_radius":0.0,"created_at":"2025-10-16T19:00:08.035Z","updated_at":"2026-06-22T14:03:59.384Z","epss_percentage":0.00383,"epss_percentile":0.29993,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7","packages":[{"ecosystem":"npm","package_name":"@strapi/core","versions":[{"first_patched_version":"5.10.3","vulnerable_version_range":"\u003c 5.10.3"}],"purl":"pkg:npm/%40strapi%2Fcore"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yY2p2LTZ3ZzktZjRmM84ABNf7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff","url":"https://github.com/advisories/GHSA-495j-h493-42q2","title":"Strapi Allows Unauthorized Access to Private Fields via parms.lookup","description":"### Summary\nIt's possible to access any private fields by filtering through the lookup parameters\n\n### Details\n\nUsing the new lookup operator provided by the document service in Strapi 5, it is not properly sanitizing this query operator for private fields.\n\n### PoC\n\n1. Create a strapi app.\n2. Create a content-type\n3. In the content-type you make a new entry\n4. Go back to the list view\n4. Add `\u0026lookup[updatedBy][password][$startsWith]=$2` to the end of your url (All passwords start with $2) see that all entries are still there\n6. Add `\u0026lookup[updatedBy][password][$startsWith]=$3` see the entry disappear proving that the search above works\n\n### Impact\n\nAn attacker can perform filtering attacks on everything related to the object, including admin passwords and reset-tokens. This means that they can gain full access to the strapi instance.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-16T18:22:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","references":["https://github.com/strapi/strapi/security/advisories/GHSA-495j-h493-42q2","https://github.com/strapi/strapi/commit/0c6e0953ae1e62afae9329de7ae6d6a5e21b95b8","https://nvd.nist.gov/vuln/detail/CVE-2024-56143","https://github.com/advisories/GHSA-495j-h493-42q2"],"source_kind":"github","identifiers":["GHSA-495j-h493-42q2","CVE-2024-56143"],"repository_url":"https://github.com/strapi/strapi","blast_radius":0.0,"created_at":"2025-10-16T19:00:09.203Z","updated_at":"2026-06-22T14:03:59.384Z","epss_percentage":0.00383,"epss_percentile":0.2995,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff","packages":[{"ecosystem":"npm","package_name":"@strapi/core","versions":[{"first_patched_version":"5.5.2","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.5.2"}],"purl":"pkg:npm/%40strapi%2Fcore"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OTVqLWg0OTMtNDJxMs4ABNff/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/@strapi/core","docker_dependents_count":1,"docker_downloads_count":66791,"usage_url":"https://repos.ecosyste.ms/usage/npm/@strapi/core","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/@strapi/core/dependencies","status":null,"funding_links":["https://opencollective.com/strapi"],"critical":null,"issue_metadata":{"last_synced_at":"2026-06-19T13:00:14.712Z","issues_count":3962,"pull_requests_count":5675,"avg_time_to_close_issue":8090426.402481582,"avg_time_to_close_pull_request":2125890.626987538,"issues_closed_count":2576,"pull_requests_closed_count":4653,"pull_request_authors_count":528,"issue_authors_count":2548,"avg_comments_per_issue":3.254669358909642,"avg_comments_per_pull_request":2.4310132158590307,"merged_pull_requests_count":3565,"bot_issues_count":1,"bot_pull_requests_count":240,"past_year_issues_count":360,"past_year_pull_requests_count":479,"past_year_avg_time_to_close_issue":766499.670967742,"past_year_avg_time_to_close_pull_request":1209317.0100502511,"past_year_issues_closed_count":155,"past_year_pull_requests_closed_count":199,"past_year_pull_request_authors_count":122,"past_year_issue_authors_count":309,"past_year_avg_comments_per_issue":1.9083333333333332,"past_year_avg_comments_per_pull_request":2.407098121085595,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":16,"past_year_merged_pull_requests_count":158,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/strapi%2Fstrapi/issues","maintainers":[{"login":"joshuaellis","count":342,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/joshuaellis"},{"login":"alexandrebodin","count":337,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/alexandrebodin"},{"login":"Convly","count":192,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Convly"},{"login":"derrickmehaffy","count":161,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/derrickmehaffy"},{"login":"Bassel17","count":156,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Bassel17"},{"login":"gu-stav","count":98,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/gu-stav"},{"login":"christiancp100","count":50,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/christiancp100"},{"login":"Boegie19","count":28,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Boegie19"},{"login":"butcherZ","count":26,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/butcherZ"},{"login":"nathan-pichon","count":21,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nathan-pichon"},{"login":"MattieBelt","count":9,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/MattieBelt"},{"login":"cpaczek","count":9,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/cpaczek"},{"login":"Aurelsicoko","count":8,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Aurelsicoko"},{"login":"pierreburgy","count":8,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/pierreburgy"},{"login":"sg1asgard","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/sg1asgard"},{"login":"Jimimimi","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Jimimimi"},{"login":"dennism501","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dennism501"},{"login":"lauriejim","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lauriejim"},{"login":"kibwashere","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kibwashere"},{"login":"boazpoolman","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/boazpoolman"},{"login":"Utar94","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Utar94"},{"login":"oiorain","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/oiorain"},{"login":"yhyyz","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/yhyyz"},{"login":"brandonapol","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/brandonapol"},{"login":"DimitriTernovoj","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/DimitriTernovoj"},{"login":"M-Zuber","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/M-Zuber"},{"login":"donniean","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/donniean"}],"active_maintainers":[{"login":"Bassel17","count":21,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Bassel17"},{"login":"derrickmehaffy","count":15,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/derrickmehaffy"},{"login":"butcherZ","count":13,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/butcherZ"},{"login":"alexandrebodin","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/alexandrebodin"},{"login":"boazpoolman","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/boazpoolman"},{"login":"oiorain","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/oiorain"},{"login":"pierreburgy","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/pierreburgy"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@strapi%2Fcore/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@strapi%2Fcore/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@strapi%2Fcore/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@strapi%2Fcore/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@strapi%2Fcore/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@strapi%2Fcore/codemeta","maintainers":[{"uuid":"pierreburgy","login":"pierreburgy","name":null,"email":"pierre.burgy@gmail.com","url":null,"packages_count":168,"html_url":"https://www.npmjs.com/~pierreburgy","role":null,"created_at":"2023-11-28T14:45:18.036Z","updated_at":"2023-11-28T14:45:18.036Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/pierreburgy/packages"},{"uuid":"aurelsicoko","login":"aurelsicoko","name":null,"email":"aurelsicoko@gmail.com","url":null,"packages_count":176,"html_url":"https://www.npmjs.com/~aurelsicoko","role":null,"created_at":"2023-11-28T14:45:18.078Z","updated_at":"2023-11-28T14:45:18.078Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/aurelsicoko/packages"},{"uuid":"alexandrebodin","login":"alexandrebodin","name":null,"email":"bodin.alex@gmail.com","url":null,"packages_count":212,"html_url":"https://www.npmjs.com/~alexandrebodin","role":null,"created_at":"2023-11-28T14:45:18.119Z","updated_at":"2023-11-28T14:45:18.119Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/alexandrebodin/packages"},{"uuid":"convly","login":"convly","name":null,"email":"jean-sebastien.herbaux@hotmail.fr","url":null,"packages_count":151,"html_url":"https://www.npmjs.com/~convly","role":null,"created_at":"2023-11-28T14:45:18.158Z","updated_at":"2023-11-28T14:45:18.158Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/convly/packages"},{"uuid":"baronvoninternet","login":"baronvoninternet","name":null,"email":"ben.irvin@gmail.com","url":null,"packages_count":150,"html_url":"https://www.npmjs.com/~baronvoninternet","role":null,"created_at":"2024-11-01T00:36:35.793Z","updated_at":"2024-11-01T00:36:35.793Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/baronvoninternet/packages"},{"uuid":"jhoward1994","login":"jhoward1994","name":null,"email":"jhoward1994@gmail.com","url":null,"packages_count":146,"html_url":"https://www.npmjs.com/~jhoward1994","role":null,"created_at":"2024-12-19T15:25:53.915Z","updated_at":"2024-12-19T15:25:53.915Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jhoward1994/packages"},{"uuid":"marc-roig-strapi","login":"marc-roig-strapi","name":null,"email":"marc.roig.campos@strapi.io","url":null,"packages_count":149,"html_url":"https://www.npmjs.com/~marc-roig-strapi","role":null,"created_at":"2023-11-28T14:45:17.943Z","updated_at":"2023-11-28T14:45:17.943Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/marc-roig-strapi/packages"},{"uuid":"bassel17","login":"bassel17","name":null,"email":"basselkanso82@gmail.com","url":null,"packages_count":138,"html_url":"https://www.npmjs.com/~bassel17","role":null,"created_at":"2025-09-30T12:51:49.995Z","updated_at":"2025-09-30T12:51:49.995Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/bassel17/packages"},{"uuid":"nico-strapi","login":"nico-strapi","name":null,"email":"nicolas.andre@strapi.io","url":null,"packages_count":136,"html_url":"https://www.npmjs.com/~nico-strapi","role":null,"created_at":"2026-02-16T01:11:40.137Z","updated_at":"2026-02-16T01:11:40.137Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/nico-strapi/packages"},{"uuid":"strapi.adzouz","login":"strapi.adzouz","name":null,"email":"adrien.lepoutre@strapi.io","url":null,"packages_count":136,"html_url":"https://www.npmjs.com/~strapi.adzouz","role":null,"created_at":"2026-02-16T01:11:40.221Z","updated_at":"2026-02-16T01:11:40.221Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/strapi.adzouz/packages"}]}