descope · omercnet · Jun 23, 2025 · Jun 24, 2025 · Jun 24, 2025 · Jun 24, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,56 +1,95 @@
 name: CI
-on: push
+on:
+  pull_request:
+  push:
+    branches:
+      - main
 env:
-  NODE_VERSION: 18.2
-  PNPM_VERSION: 7.28.0
+  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
 jobs:
-  gitleaks:
-    name: 🔒 Run Git leaks
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-      - uses: pnpm/action-setup@v2
-        with:
-          version: ${{ env.PNPM_VERSION }}
-      # Skip post-install scripts here, as a malicious
-      # script could steal NODE_AUTH_TOKEN.
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile --ignore-scripts
-        env:
-          CI: true
-          NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
-      - name: Gitleaks
-        run: npm run leaks
-        shell: bash
   pr:
     name: 👷 Build / Lint / Test
     runs-on: ubuntu-latest
+    container:
+      # the container version should be the same as the version of the Playwright package
+      image: mcr.microsoft.com/playwright:v1.47.0-jammy
+      options: --user root
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
+          # ref: main
           fetch-depth: 0
-      - uses: actions/setup-node@v3
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-      - uses: pnpm/action-setup@v2
+
+      - name: Use Latest Corepack
+        run: |
+          echo "Before: corepack version => $(corepack --version || echo 'not installed')"
+          npm install -g corepack@latest
+          echo "After : corepack version => $(corepack --version)"
+          corepack enable
+          pnpm --version
+
+      - name: Setup Node.js
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          version: ${{ env.PNPM_VERSION }}
+          node-version-file: package.json
+          cache: 'pnpm'
+      # - name: Restore cached npm dependencies
+      #   uses: actions/cache/restore@v4
+      #   with:
+      #     path: |
+      #       node_modules
+      #     key: npm-dependencies-${{ hashFiles('pnpm-lock.yaml') }}
+
+      # Setup container
+      - name: Mark directory as safe
+        run: git config --system --add safe.directory /__w/descope-js/descope-js
+      - name: Install jq
+        run: apt-get update && apt-get install -y jq
+      - name: Set permission
+        run: chmod -R 777 /usr/local
+
       - name: Install dependencies
         run: pnpm install --frozen-lockfile --ignore-scripts
         env:
-          CI: true
           NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
 
+      # - name: Set NX cloud shas
+      #   uses: nrwl/nx-set-shas@v4
+      # - name: Install Playwright Browsers
+      #   run: npx playwright install --with-deps
+
+      # - name: Cache npm dependencies
+      #   uses: actions/cache/save@v4
+      #   with:
+      #     path: |
+      #       node_modules
+      #     key: npm-dependencies-${{ hashFiles('pnpm-lock.yaml') }}
+
+      - name: Gitleaks
+        run: npm run leaks
+        shell: bash
+
+      - name: License validation
+        run: pnpm run licenseCheck
+
       - name: Build
         run: pnpm run build
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_READ_ORG }}
+
       - name: Lint
         run: pnpm run lint
+
       - name: Test
         run: pnpm run test
+
+      - name: E2E
+        run: pnpm nx affected --target test:e2e
+        env:
+          HOME: /root
+
+      - name: Upload HTML report
+        if: always()
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: e2e-report
+          path: packages/**/playwright-report
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -4,14 +4,12 @@ on:
     types: [opened, edited, synchronize, reopened]
     branches:
       - main
-env:
-  NODE_VERSION: 18.2
 jobs:
   pr:
     name: 🌀 Check PR Title
     runs-on: ubuntu-latest
     steps:
       - uses: deepakputhraya/action-pr-title@master
         with:
-          regex: '([a-z])+(\(.+\))?:.+'
-          allowed_prefixes: 'build,chore,ci,docs,feat,fix,perf,refactor,revert,style,test'
+          regex: '([a-z])+(\(.+\))?!?:.+'
+          allowed_prefixes: 'build,chore,ci,docs,feat,fix,perf,refactor,revert,style,test,doc'
diff --git a/.github/workflows/release-next.yml b/.github/workflows/release-next.yml
@@ -0,0 +1,65 @@
+name: Release next
+
+on:
+  workflow_run:
+    workflows: ['Release']
+    branches: [main]
+    types:
+      - completed
+
+env:
+  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+
+jobs:
+  release:
+    name: Release Next
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get token
+        id: get_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          private_key: ${{ secrets.RELEASE_APP_PEM }}
+          app_id: ${{ secrets.RELEASE_APP_ID }}
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          # persist-credentials: false
+          token: ${{ steps.get_token.outputs.token }}
+          ref: ${{ github.ref }}
+      - name: Run git config
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+      - name: Use Latest Corepack
+        run: |
+          echo "Before: corepack version => $(corepack --version || echo 'not installed')"
+          npm install -g corepack@latest
+          echo "After : corepack version => $(corepack --version)"
+          corepack enable
+          pnpm --version
+      - name: Setup Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'pnpm'
+          node-version-file: package.json
+          registry-url: https://registry.npmjs.org/
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile --ignore-scripts
+        env:
+          CI: true
+      - name: Set Next Version
+        run: |
+          SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8)
+          CURRENT_DATE=$(date +'%Y%m%d')
+          echo "NEXT_VERSION=0.0.0-next-${SHORT_SHA}-${CURRENT_DATE}" >> $GITHUB_ENV
+      - name: Build
+        run: pnpm run build:ci
+      - name: Bump version
+        run: pnpm print-affected:ci | xargs -I {} pnpm --filter={} exec npm version "${NEXT_VERSION}" --git-tag-version=false
+      - name: Publish
+        run: pnpm -r publish --access=public --no-git-checks --tag=next
+        env:
+          CI: true
+          NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_REGISTRY }}
@@ -1,4 +1,6 @@
 name: Release next
+permissions:
+  contents: read
 on:
  workflow_run:
@@ -1,4 +1,6 @@
 name: Release next
+permissions:
+  contents: read

 on:
  workflow_run:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,20 +5,23 @@ on:
     branches:
       - main
 
+env:
+  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+
 jobs:
   release:
     name: Release
-    if: "contains(github.event.head_commit.message, 'RELEASE')"
+    if: contains(github.event.head_commit.message, 'RELEASE')
     runs-on: ubuntu-latest
     steps:
       - name: Get token
         id: get_token
-        uses: tibdex/github-app-token@v1
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
-          private_key: ${{ secrets.APP_PEM }}
-          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.RELEASE_APP_PEM }}
+          app_id: ${{ secrets.RELEASE_APP_ID }}
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
           # persist-credentials: false
@@ -27,29 +30,30 @@ jobs:
       - run: |
           git config user.name github-actions
           git config user.email github-actions@github.com
-      - uses: actions/setup-node@v3
+      - name: Use Latest Corepack
+        run: |
+          echo "Before: corepack version => $(corepack --version || echo 'not installed')"
+          npm install -g corepack@latest
+          echo "After : corepack version => $(corepack --version)"
+          corepack enable
+          pnpm --version
+      - name: Setup Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
-          node-version: ${{ env.NODE_VERSION }}
+          cache: 'pnpm'
+          node-version-file: package.json
           registry-url: https://registry.npmjs.org/
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 7.28.0
       - name: Install dependencies
         run: pnpm install --frozen-lockfile --ignore-scripts
-        env:
-          CI: true
       - name: Build
         run: npm run version:ci
         env:
-          CI: true
           GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
       - name: Run pnpm publish
         run: pnpm -r publish --access=public --no-git-checks
         env:
-          CI: true
           NODE_AUTH_TOKEN: ${{ secrets.CI_NPM_REGISTRY }}
       - name: Push versions, changelog and tags
         run: git push --atomic origin main $(git tag -l)
         env:
-          CI: true
           GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
diff --git a/.gitignore b/.gitignore
@@ -45,3 +45,13 @@ Thumbs.db
 *.pem
 
 .env
+.env.local
+.nx/*
+.next
+
+trace.zip
+test-results
+.angular
+# we cannot commit this file because it's causing nx to see 2 angular pacakges
+packages/sdks/angular-sdk/projects/angular-sdk/package.json
+environment.development.ts
diff --git a/packages/core-js-sdk/LICENSE → LICENSE b/packages/core-js-sdk/LICENSE → LICENSE
diff --git a/README.md b/README.md
@@ -1,26 +1,48 @@
 # Descope JS
 
-The Descope JS repo is composed of many npm packages that are used in Descope SDKs
-You can read more on the [Descope Website](https://descope.com).
+![github-header-image (2) (1)](https://github.com/descope/.github/assets/32936811/d904d37e-e3fa-4331-9f10-2880bb708f64)
 
-## Packages
+Welcome to the Descope JavaScript repository.
+The Descope JS repository is composed of npm packages, sdks and widgets.
 
-Descope provides few packages listed bellow.
-Please refer to the README and instructions of those SDKs for more detailed information.
+## 🖥️ Client SDKs
 
-- [core-js-sdk](/packages/core-js-sdk): Core SDK. Function that abstract http API usage.
-- [web-js-sdk](/packages/web-js-sdk): Web SDK. an SDK for browser usage.
-- [web-component](/packages/web-component): Web component. Exposes HTML [web components](https://developer.mozilla.org/en-US/docs/Web/Web_Components) such as Descope flow.
+Descope Client SDKs are used to create and manage authentication flows, management widgets, and session management. They are especially useful when integrating Descope into your client application.
+
+- **[React](https://github.com/descope/descope-js/tree/main/packages/sdks/react-sdk)**
+- **[NextJS](https://github.com/descope/descope-js/tree/main/packages/sdks/nextjs-sdk)**
+- **[Angular](https://github.com/descope/descope-js/tree/main/packages/sdks/angular-sdk)**
+- **[Vue](https://github.com/descope/descope-js/tree/main/packages/sdks/vue-sdk)**
+- **[Web Component (HTML)](https://github.com/descope/descope-js/tree/main/packages/sdks/web-component)**
+
+## :cherry_blossom: Widgets
+
+[Descope Widgets](https://github.com/descope/descope-js/tree/main/packages/widgets) are embeddable components designed to facilitate the delegation of operations to your application's users. These widgets can be utilized in both B2B and B2C contexts, allowing your users to perform various tenant, user management, and project level operations from within the application itself.  
+[Read More](https://docs.descope.com/customize/widgets) about Descope's widgets.
+
+## :open_file_folder: Folder structure
+
+This repository hosts multiple packages, sdks, widgets, located under the `./packages` directory, organized as follows:
+
+    .
+    ├── ...
+    ├── packages
+    │   ├── libs         # sdks helpers and drivers
+    │   ├── sdks         # Descope Client SDKs
+    │   └── widgets      # Descope embeddable widgets
+    └── ...
+
+For more detailed information, please consult the README and the specific instructions provided for each package.
 
 ## Contribution
 
 This monorepo is built and managed using [NX](https://nx.dev/). In order to use the repo locally.
 
-1. Clone this repo
+1. Fork / Clone this repository
 2. Run `pnpm i`
 3. Use the available scripts in the root level `package.json`. e.g. `pnpm run <test/lint/build>`
 
-Few repos exposes examples. Refer to packages README to run them
+You can find README and examples in each package.
 
 #### Notes
 
@@ -30,3 +52,7 @@ Few repos exposes examples. Refer to packages README to run them
 ## Contact Us
 
 If you need help you can email [Descope Support](mailto:support@descope.com)
+
+## License
+
+The Descope JS is licensed for use under the terms and conditions of the [MIT license Agreement](./LICENSE).
diff --git a/TODO.md b/TODO.md