Security News
npm Introduces minimumReleaseAge and Bulk OIDC Configuration
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.
By Sarah Gooding - Feb 26, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
tap-clockify
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.2.0
- Maintainers
- 1
tap-clockify
Author: Stephen Bailey (sbailey@immuta.com)
This is a Singer tap that produces JSON-formatted data following the Singer spec.
It can generate a catalog of available data in Clockify and extract the following resources:
- clients
- projects
- tags
- tasks
- time entries
- users
- workspaces
Configuration
{
"api_key": "string",
"workspace": "string",
"start_date": "2020-04-01T00:00:00Z"
}
Quick Start
- Install
git clone git@github.com:immuta/tap-clockify.git
cd tap-clockify
pip install .
-
Get an API key from Clockify
-
Create the config file.
There is a template you can use at config.json.example, just copy it to config.json in the repo root and insert your token
- Run the application to generate a catalog.
tap-clockify -c config.json --discover > catalog.json
- Select the tables you'd like to replicate
Step 4 generates a a file called catalog.json that specifies all the available endpoints and fields. You'll need to open the file and select the ones you'd like to replicate. See the Singer guide on Catalog Format for more information on how tables are selected.
- Run it!
tap-clockify -c config.json --catalog catalog.json
Acknowledgements
Would like to acknowledge the folks at Fishtown Analytics whose tap-framework and tap-lever packages formed the foundation for this package.
Copyright © 2019 Immuta
Keywords
FAQs
Singer tap for Clockify, built with the Meltano SDK for Singer Taps.
We found that tap-clockify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Risky Biz Podcast: Open Source Risk Is Compounding as AI Agents Write 90% of New Code
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.
By Sarah Gooding - Feb 24, 2026
Research
/Security News
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
Socket uncovered four malicious NuGet packages targeting ASP.NET apps, using a typosquatted dropper and localhost proxy to steal Identity data and backdoor apps.
By Kush Pandya - Feb 23, 2026