{"id":23493835,"url":"https://github.com/bandprotocol/chain","last_synced_at":"2026-01-27T05:18:37.479Z","repository":{"id":37355194,"uuid":"313859125","full_name":"bandprotocol/chain","owner":"bandprotocol","description":"BandChain blockchain reference implementation","archived":false,"fork":false,"pushed_at":"2025-08-18T11:03:52.000Z","size":23093,"stargazers_count":155,"open_issues_count":10,"forks_count":78,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-08-18T12:29:23.162Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bandprotocol.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-11-18T07:43:00.000Z","updated_at":"2025-08-18T11:00:18.000Z","dependencies_parsed_at":"2024-07-26T18:15:54.150Z","dependency_job_id":"33d74f7d-b42a-4030-a5b6-b856573c3595","html_url":"https://github.com/bandprotocol/chain","commit_stats":null,"previous_names":[],"tags_count":64,"template":false,"template_full_name":null,"purl":"pkg:github/bandprotocol/chain","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fchain","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fchain/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fchain/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fchain/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bandprotocol","download_url":"https://codeload.github.com/bandprotocol/chain/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fchain/sbom","scorecard":{"id":225063,"data":{"date":"2025-08-11","repo":{"name":"github.com/bandprotocol/chain","commit":"e57ab3dd9bbf7a08008aa1eadb536b37dcf3ee22"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.5,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Warn: no topLevel permission defined: .github/workflows/golangci-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Warn: no topLevel permission defined: .github/workflows/simulation.yml:1","Warn: no topLevel permission defined: .github/workflows/update-extra-rest.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v3.1.0 not signed: https://api.github.com/repos/bandprotocol/chain/releases/231757840","Warn: release artifact v3.0.2 not signed: https://api.github.com/repos/bandprotocol/chain/releases/231743370","Warn: release artifact v3.0.1 not signed: https://api.github.com/repos/bandprotocol/chain/releases/227009099","Warn: release artifact v2.5.5 not signed: https://api.github.com/repos/bandprotocol/chain/releases/226137543","Warn: release artifact v3.0.1-rc1 not signed: https://api.github.com/repos/bandprotocol/chain/releases/225834974","Warn: release artifact v3.1.0 does not have provenance: https://api.github.com/repos/bandprotocol/chain/releases/231757840","Warn: release artifact v3.0.2 does not have provenance: https://api.github.com/repos/bandprotocol/chain/releases/231743370","Warn: release artifact v3.0.1 does not have provenance: https://api.github.com/repos/bandprotocol/chain/releases/227009099","Warn: release artifact v2.5.5 does not have provenance: https://api.github.com/repos/bandprotocol/chain/releases/226137543","Warn: release artifact v3.0.1-rc1 does not have provenance: https://api.github.com/repos/bandprotocol/chain/releases/225834974"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/release.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/release.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/simulation.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/simulation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-extra-rest.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/chain/update-extra-rest.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating golang:1.24.2-bookworm to golang:1.24.2-bookworm@sha256:79390b5e5af9ee6e7b1173ee3eac7fadf6751a545297672916b59bfa0ecf6f71","Warn: containerImage not pinned by hash: Dockerfile.static:1","Warn: containerImage not pinned by hash: Dockerfile.static:23: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:b6a6be0ff92ab6db8acd94f5d1b7a6c2f0f5d10ce3c24af348d333ac6da80685","Warn: containerImage not pinned by hash: contrib/devtools/Dockerfile:5","Warn: containerImage not pinned by hash: contrib/devtools/Dockerfile:6: pin your Docker image by updating golang:1.24.2-alpine to golang:1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee","Warn: npmCommand not pinned by hash: contrib/devtools/Dockerfile:15","Warn: goCommand not pinned by hash: contrib/devtools/Dockerfile:25-28","Warn: goCommand not pinned by hash: scripts/protocgen.sh:7","Info:   0 out of  22 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   1 out of   3 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3442","Warn: Project is vulnerable to: GO-2023-1821","Warn: Project is vulnerable to: GO-2023-1881"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T03:35:51.264Z","repository_id":37355194,"created_at":"2025-08-17T03:35:51.264Z","updated_at":"2025-08-17T03:35:51.264Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272367683,"owners_count":24922229,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-27T02:00:09.397Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-25T03:00:51.411Z","updated_at":"2026-01-27T05:18:37.473Z","avatar_url":"https://github.com/bandprotocol.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\n\u003cimg src=\"bandprotocol_logo.svg\" width=500\u003e\n\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\nBandChain - Decentralized Data Delivery Network\u003cbr/\u003e\u003cbr/\u003e\n\n\u003ca href=\"https://pkg.go.dev/badge/github.com/bandprotocol/chain\"\u003e\n    \u003cimg src=\"https://pkg.go.dev/badge/github.com/bandprotocol/chain\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://goreportcard.com/badge/github.com/bandprotocol/chain\"\u003e\n    \u003cimg src=\"https://goreportcard.com/badge/github.com/bandprotocol/chain\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://github.com/bandprotocol/chain/workflows/Tests/badge.svg\"\u003e\n    \u003cimg src=\"https://github.com/bandprotocol/chain/workflows/Tests/badge.svg\"\u003e\n\u003c/a\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://docs.bandchain.org/\"\u003e\u003cstrong\u003eDocumentation »\u003c/strong\u003e\u003c/a\u003e\n  \u003cbr /\u003e\n\u003c/p\u003e\n\n\u003cbr/\u003e\n\n## What is BandChain?\n\nBandChain is a **cross-chain data oracle platform** that aggregates and connects real-world data and APIs to smart contracts. It is designed to be **compatible with most smart contract and blockchain development frameworks**. It does the heavy lifting jobs of pulling data from external sources, aggregating them, and packaging them into the format that’s easy to use and verifiable efficiently across multiple blockchains.\n\nBand's flexible oracle design allows developers to **query any data** including real-world events, sports, weather, random numbers and more. Developers can create custom-made oracles using WebAssembly to connect smart contracts with traditional web APIs within minutes.\n\n## Installation\n\nPlease refer to [this documentation](https://docs.bandchain.org/node-validators/run-node/joining-mainnet/installation) for the most up-to-date installation guide.\n\n## Building from source\n\nWe recommend the following for running a BandChain Validator:\n\n- **4 or more** CPU cores\n- **16 GB** of RAM (32 GB in case on participate in mainnet)\n- At least **150GB** of disk storage\n\n**Step 1. Install Golang**\n\nGo v1.24+ or higher is required for BandChain.\n\nIf you haven't already, install Golang by following the [official docs](https://golang.org/doc/install). Make sure that your GOPATH and GOBIN environment variables are properly set up.\n\n**Step 2. Get BandChain source code**\n\nUse `git` to retrieve BandChain from the [official repo](https://github.com/bandprotocol/chain), and checkout the master branch, which contains the latest stable release. That should install the `bandd` binary.\n\n```bash\ngit clone https://github.com/bandprotocol/chain\ncd chain \u0026\u0026 git checkout v3.1.0\nmake install\n```\n\n**Step 3. Verify your installation**\n\nUsing `bandd version` command to verify that your `bandd` has been built successfully.\n\n```\nname: bandchain\nserver_name: bandd\nversion: 3.1.0\nbuild_tags: netgo,ledger\ngo: go version go1.24.2 darwin/amd64\nbuild_deps:\n...\n```\n\nIf you are using Mac ARM architecture (M1, M2) and face the issue of GMP library, you can run this.\n```\nbrew update \u0026\u0026 brew install gmp\nsudo ln -s /opt/homebrew/lib/libgmp.10.dylib /usr/local/lib/\n```\n\n## Useful scripts for development\n\n- `scripts/generate_genesis.sh` to create/reset the default genesis file \n- `scripts/start_bandd.sh` to start the bandd binary\n- `scripts/start_yoda.sh` to start yoda with reporter(s)\n- `scripts/start_grogu.sh` to start grogu with feeder(s)\n- `scripts/bandtss/start_cylinder.sh` to start cylinder with grantee(s)\n\n## Resources\n\n- Developer\n  - Documentation: [docs.bandchain.org](https://docs.bandchain.org)\n  - SDKs:\n    - JavaScript: [bandchainjs](https://www.npmjs.com/package/@bandprotocol/bandchain.js)\n    - Python: [pyband](https://pypi.org/project/pyband/)\n- Block Explorers:\n  - Mainnet:\n    - [Cosmoscan Mainnet](https://cosmoscan.io)\n    - [Big Dipper](https://band.bigdipper.live/)\n  - Testnet:\n    - [CosmoScan Testnet](https://band-v3-testnet.cosmoscan.io)\n\n## Community\n\n- [Official Website](https://bandprotocol.com)\n- [Telegram](https://t.me/bandprotocol)\n- [Twitter](https://twitter.com/bandprotocol)\n- [Developer Discord](https://discord.com/invite/3t4bsY7)\n\n## License \u0026 Contributing\n\nBandChain is licensed under the terms of the GPL 3.0 License unless otherwise specified in the LICENSE file at module's root.\n\nWe highly encourage participation from the community to help with D3N development. If you are interested in developing with D3N or have suggestions for protocol improvements, please open an issue, submit a pull request, or [drop us a line].\n\n[drop us a line]: mailto:connect@bandprotocol.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbandprotocol%2Fchain","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbandprotocol%2Fchain","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbandprotocol%2Fchain/lists"}