{"id":13941123,"url":"https://github.com/apparebit/tracklist","last_synced_at":"2026-05-12T18:13:21.206Z","repository":{"id":57114402,"uuid":"299191769","full_name":"apparebit/tracklist","owner":"apparebit","description":"print inventory of macOS Music.app library, one track per line","archived":false,"fork":false,"pushed_at":"2020-09-28T16:31:57.000Z","size":14,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"boss","last_synced_at":"2025-09-09T09:30:03.835Z","etag":null,"topics":["inventory","jxa","macos","music","music-app","property-list","tracklist"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apparebit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-09-28T04:54:10.000Z","updated_at":"2023-07-19T16:56:18.000Z","dependencies_parsed_at":"2022-08-22T05:50:40.724Z","dependency_job_id":null,"html_url":"https://github.com/apparebit/tracklist","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/apparebit/tracklist","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apparebit%2Ftracklist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apparebit%2Ftracklist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apparebit%2Ftracklist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apparebit%2Ftracklist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apparebit","download_url":"https://codeload.github.com/apparebit/tracklist/tar.gz/refs/heads/boss","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apparebit%2Ftracklist/sbom","scorecard":{"id":203326,"data":{"date":"2025-08-11","repo":{"name":"github.com/apparebit/tracklist","commit":"009be5ea0c1cd05388f2f5977d1828fe4f7329b7"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":0,"reason":"Found 0/11 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'boss'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T23:12:03.788Z","repository_id":57114402,"created_at":"2025-08-16T23:12:03.788Z","updated_at":"2025-08-16T23:12:03.788Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32951039,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-12T09:19:52.626Z","status":"ssl_error","status_checked_at":"2026-05-12T09:17:33.438Z","response_time":102,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["inventory","jxa","macos","music","music-app","property-list","tracklist"],"created_at":"2024-08-08T02:01:11.801Z","updated_at":"2026-05-12T18:13:21.173Z","avatar_url":"https://github.com/apparebit.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# @grr/tracklist\n\nPrint all tracks in the library of the Music.app in macOS.\n\nThis command line tool sorts tracks by artist, album, and track name without\nregard for case or diacritics and then prints a line with the artist, album, and\ntrack name for each track.\n\n\n## How to Install \u0026 Run\n\nTo use `@grr/tracklist`, you need to first install the tool and supporting code.\nSince we are installing into a newly created directory, `npm` complains about a\nlack of manifest and lockfile. You can ignore that.\n\n```sh\nmkdir inventory\ncd inventory\nnpm install @grr/tracklist\n```\n\nOnce installed, you can run `@grr/tracklist` in two different ways corresponding\nto two very different ways of accessing the track data. First is access to track\ndata by scripting the Music.app itself. Luckily, we don't have to fall back onto\nAppleScript but can use JavaScript instead:\n\n```sh\nosascript -l JavaScript ./node_modules/@grr/tracklist/tracklist.js\n```\n\nSecond is access to track data through an XML property list that captures a\nlibrary's metadata. In this case, we parse the property list with\n[expat](https://libexpat.github.io), a streaming XML parser. As the code in\n[parse.js](parse.js) illustrates, correctly handling callbacks can get rather\ninvolved. At the same time, it enables us to ignore irrelevant data in the\nlibrary's property list and thereby avoid building the corresponding object\ngraph only to discard it again.\n\n```sh\nnode ./node_modules/@grr/tracklist/tracklist.js \u003cLibrary.xml\u003e\n```\n\nThe JXA and XML versions co-exist in the same module, since both versions sort\nand print a tracklist the same. For that to be possible, the XML version does\nnot use static imports and uses the dynamic `import()` form only indirectly,\ni.e., by dynamically creating a function that imports a module. Otherwise,\n`osascript` would reject the module.\n\n\n## Background\n\nI wrote `@grr/tracklist` when I encountered problems migrating my music library\nonto a new Mac. Since I store the actual tracks on a networked drive, I was\ntrying to simply import the `Library.xml` I had previously exported on the old\nmachine. That worked for the most part. Though Music.app notified me that it\ncouldn't import some tracks. Since my library contains well over 27,000 tracks,\nthat error message was exceedingly unhelpful. Clearly, I needed some tool to\ncompare the two libraries. The data in such an exported `Library.xml` file is in\nApple's generic property list format. That makes it unsuitable to textual\ncomparison (`diff`). In theory, Apple's property list tool `plutil` can convert\nXMl-based property lists to JSON. But in practice, the tool refuses to convert\nMusic.app libraries because JSON lacks support for dates. Hence I wrote my own\ntool.\n\nOnce I started `diff`-ing the output produced with `@grr/tracklist`, the reason\nfor Music.app dropping tracks became apparent: The metadata for all dropped\ntracks differed from other tracks by the same artist or on the same album only\nin capitalization. That can be problematic when deriving file names from\nmetadata, as Music.app does, since macOS defaults to case-preserving file\nsystems while my networked disk, which runs Linux, has a case-sensitive file\nsystem. It actually speaks to the software quality of iTunes that this hasn't\ncaused any issues before. Since library import doesn't handle this correctly, I\nfixed the metadata and file names to have the same consistent casing on my old\nmachine. I did the same normalization for quotes and diacritics. Thereafter, I\nreset Music.app to a blank slate (by starting the application with the option\nkey pressed and selecting a fresh library directory) and imported the library\nwithout a hitch.\n\n---\n\n__@grr/tracklist__ is © 2020 Robert Grimm and licensed under [MIT](LICENSE)\nterms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapparebit%2Ftracklist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapparebit%2Ftracklist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapparebit%2Ftracklist/lists"}