Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

qba73/pkgproxy

Repository files navigation

Go Reference CI CVE Scan Go Report Card CodeQL GitHub go.mod Go version GitHub License Scorecard OpenSSF Best Practices Maintenance

pkgproxy

pkgproxy is a proxy and a cli for pkg.go.dev service. It allows to query package and get info using REST API and a command line.

CLI

Install the binary

go install github.com/qba73/pkgproxy/cmd/pkg@latest

Getting help

pkg
Usage: pkg package
Checks the Go package, and reports basic information.

Examples

Getting information about Go packages

pkg github.com/bitfield/weaver | jq .
{
 "name": "github.com/bitfield/weaver",
 "repository": "github.com/bitfield/weaver",
 "version": "v0.3.3",
 "publishedDate": "Apr 20, 2025",
 "license": "MIT",
 "imports": "15",
 "importedBy": "0",
 "validGomod": "Yes",
 "redistributableLicense": "Yes",
 "taggedVersion": "Yes",
 "stableVersion": "No"
}
pkg go.opentelemetry.io/otel | jq .
{
 "name": "go.opentelemetry.io/otel",
 "repository": "github.com/open-telemetry/opentelemetry-go",
 "version": "v1.37.0",
 "publishedDate": "Jun 25, 2025",
 "license": "Apache-2.0",
 "imports": "5",
 "importedBy": "12,010",
 "validGomod": "Yes",
 "redistributableLicense": "Yes",
 "taggedVersion": "Yes",
 "stableVersion": "Yes"
}
pkg github.com/qba73/meteo | jq .
{
 "name": "github.com/qba73/meteo",
 "repository": "github.com/qba73/meteo",
 "version": "v0.0.0",
 "publishedDate": "Jun 10, 2025",
 "license": "MIT",
 "imports": "14",
 "importedBy": "0",
 "validGomod": "Yes",
 "redistributableLicense": "Yes",
 "taggedVersion": "No",
 "stableVersion": "No"
}

Using pkg with scorecard

Checking OpenSSF score for a Go package.

  1. Generate and export GITHUB_AUTH_TOKEN env var.

  2. Verify scorecard is installed:

scorecard version
 __ ____ ____ ___ ____ _____ ____ _ ____ ____
 / / / ___| / ___| / _ \  | _ \  | ____| / ___| / \  | _ \  | _ \
 / / \___ \  | | | | | | | |_) | | _| | | / _ \  | |_) | | | | |
 _ / / ___) | | |___ | |_| | | _ < | |___ | |___ / ___ \  | _ < | |_| |
 (_) /_/ |____/ \____| \___/ |_| \_\ |_____| \____| /_/ \_\ |_| \_\ |____/
./scorecard: OpenSSF Scorecard
GitVersion: 5.2.1
GitCommit: ab2f6e92482462fe66246d9e32f642855a691dc1
GitTreeState: clean
BuildDate: 2025年05月30日T16:02:02Z
GoVersion: go1.24.3
Compiler: gc
Platform: darwin/arm64

To check the score, we need to pass the Go package URL. But what if we have only the package name? This is where the pkg CLI comes in handy. pkg queries the pkg.go.dev service for information and returns package info in JSON format.

  1. Send a query to pkg.go.dev:
pkg go.opentelemetry.io/otel | jq -r '.repository'

response:

github.com/open-telemetry/opentelemetry-go
  1. Send a query to scorecard
scorecard --repo github.com/open-telemetry/opentelemetry-go --format json | jq .score
9.6

How to use pkg and scorecard together?

scorecard --repo $(pkg go.opentelemetry.io/otel | jq -r '.repository' ) --format json | jq .score

response:

9.6
scorecard --repo $(pkg github.com/qba73/inspector | jq -r '.repository' ) --format json | jq .score

response:

6.4

About

CLI & REST API for pkg.go.dev

Topics

Resources

License

Stars

Watchers

Forks

Packages

Contributors

Languages

AltStyle によって変換されたページ (->オリジナル) /