Skip to content

qba73/pkgproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
.github
.github
 
 
cmd/pkg
cmd/pkg
 
 
examples
examples
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
doc.go
doc.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
pkgproxy.go
pkgproxy.go
 
 
pkgproxy_test.go
pkgproxy_test.go
 
 

Repository files navigation

Go Reference CI CVE Scan Go Report Card CodeQL GitHub go.mod Go version GitHub License Scorecard OpenSSF Best Practices Maintenance

pkgproxy

pkgproxy is a proxy and a cli for pkg.go.dev service. It allows to query package and get info using REST API and a command line.

CLI

Install the binary

go install github.com/qba73/pkgproxy/cmd/pkg@latest

Getting help

pkg
Usage: pkg package

Checks the Go package, and reports basic information.

Examples

Getting information about Go packages

pkg github.com/bitfield/weaver | jq .
{
  "name": "github.com/bitfield/weaver",
  "repository": "github.com/bitfield/weaver",
  "version": "v0.3.3",
  "publishedDate": "Apr 20, 2025",
  "license": "MIT",
  "imports": "15",
  "importedBy": "0",
  "validGomod": "Yes",
  "redistributableLicense": "Yes",
  "taggedVersion": "Yes",
  "stableVersion": "No"
}
pkg go.opentelemetry.io/otel | jq .
{
  "name": "go.opentelemetry.io/otel",
  "repository": "github.com/open-telemetry/opentelemetry-go",
  "version": "v1.37.0",
  "publishedDate": "Jun 25, 2025",
  "license": "Apache-2.0",
  "imports": "5",
  "importedBy": "12,010",
  "validGomod": "Yes",
  "redistributableLicense": "Yes",
  "taggedVersion": "Yes",
  "stableVersion": "Yes"
}
pkg github.com/qba73/meteo | jq .
{
  "name": "github.com/qba73/meteo",
  "repository": "github.com/qba73/meteo",
  "version": "v0.0.0",
  "publishedDate": "Jun 10, 2025",
  "license": "MIT",
  "imports": "14",
  "importedBy": "0",
  "validGomod": "Yes",
  "redistributableLicense": "Yes",
  "taggedVersion": "No",
  "stableVersion": "No"
}

Using pkg with scorecard

Checking OpenSSF score for a Go package.

  1. Generate and export GITHUB_AUTH_TOKEN env var.

  2. Verify scorecard is installed:

scorecard version
         __  ____     ____    ___    ____    _____    ____      _      ____    ____
        / / / ___|   / ___|  / _ \  |  _ \  | ____|  / ___|    / \    |  _ \  |  _ \
       / /  \___ \  | |     | | | | | |_) | |  _|   | |       / _ \   | |_) | | | | |
  _   / /    ___) | | |___  | |_| | |  _ <  | |___  | |___   / ___ \  |  _ <  | |_| |
 (_) /_/    |____/   \____|  \___/  |_| \_\ |_____|  \____| /_/   \_\ |_| \_\ |____/
./scorecard: OpenSSF Scorecard

GitVersion:    5.2.1
GitCommit:     ab2f6e92482462fe66246d9e32f642855a691dc1
GitTreeState:  clean
BuildDate:     2025-05-30T16:02:02Z
GoVersion:     go1.24.3
Compiler:      gc
Platform:      darwin/arm64

To check the score, we need to pass the Go package URL. But what if we have only the package name? This is where the pkg CLI comes in handy. pkg queries the pkg.go.dev service for information and returns package info in JSON format.

  1. Send a query to pkg.go.dev:
pkg go.opentelemetry.io/otel | jq -r '.repository'

response:

github.com/open-telemetry/opentelemetry-go
  1. Send a query to scorecard
scorecard --repo github.com/open-telemetry/opentelemetry-go --format json | jq .score
9.6

How to use pkg and scorecard together?

scorecard --repo $(pkg go.opentelemetry.io/otel | jq -r '.repository' ) --format json | jq .score

response:

9.6
scorecard --repo $(pkg github.com/qba73/inspector | jq -r '.repository' ) --format json | jq .score

response:

6.4

About

CLI & REST API for pkg.go.dev

jarosz.eo.page

Topics

go golang gopkg goproxy scorecard gopackage

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v0.1.1 Latest
Jul 1, 2025
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages