{"id":13786739,"url":"https://github.com/bobg/modver","last_synced_at":"2026-02-13T17:11:32.849Z","repository":{"id":42712237,"uuid":"386968749","full_name":"bobg/modver","owner":"bobg","description":null,"archived":false,"fork":false,"pushed_at":"2026-02-10T00:32:25.000Z","size":294,"stargazers_count":21,"open_issues_count":7,"forks_count":7,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-02-10T20:09:15.761Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bobg.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-07-17T15:05:52.000Z","updated_at":"2025-12-07T17:12:10.000Z","dependencies_parsed_at":"2024-01-08T16:09:20.963Z","dependency_job_id":"abfdde1e-42bd-4b9c-8cff-acd49873ee23","html_url":"https://github.com/bobg/modver","commit_stats":null,"previous_names":[],"tags_count":59,"template":false,"template_full_name":null,"purl":"pkg:github/bobg/modver","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobg%2Fmodver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobg%2Fmodver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobg%2Fmodver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobg%2Fmodver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bobg","download_url":"https://codeload.github.com/bobg/modver/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobg%2Fmodver/sbom","scorecard":{"id":246370,"data":{"date":"2025-08-11","repo":{"name":"github.com/bobg/modver","commit":"0035b3b46089fc8f5ec9f3f5987e12fb618e120d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bobg/modver/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bobg/modver/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/bobg/modver/go.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating golang:latest to golang:latest@sha256:034848561f95a942e2163d9017e672f0c65403f699336db4529a908af00dfc98","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2025-3367 / GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2025-3368 / GHSA-v725-9546-7q7m","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 1 commits out of 12 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T07:41:42.501Z","repository_id":42712237,"created_at":"2025-08-17T07:41:42.501Z","updated_at":"2025-08-17T07:41:42.501Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29412727,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-13T06:24:03.484Z","status":"ssl_error","status_checked_at":"2026-02-13T06:23:12.830Z","response_time":78,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T19:01:31.909Z","updated_at":"2026-02-13T17:11:32.831Z","avatar_url":"https://github.com/bobg.png","language":"Go","readme":"# Modver\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/bobg/modver/v2.svg)](https://pkg.go.dev/github.com/bobg/modver/v2)\n[![Go Report Card](https://goreportcard.com/badge/github.com/bobg/modver/v2)](https://goreportcard.com/report/github.com/bobg/modver/v2)\n[![Tests](https://github.com/bobg/modver/actions/workflows/go.yml/badge.svg)](https://github.com/bobg/modver/actions/workflows/go.yml)\n[![Coverage Status](https://coveralls.io/repos/github/bobg/modver/badge.svg?branch=master)](https://coveralls.io/github/bobg/modver?branch=master)\n[![Mentioned in Awesome Go](https://awesome.re/mentioned-badge.svg)](https://github.com/avelino/awesome-go)\n\nThis is modver,\na tool that helps you obey [semantic versioning rules](https://semver.org/) in your Go module.\n\nIt can read and compare two different versions of the same module,\nfrom two different directories,\nor two different Git commits,\nor the base and head of a Git pull request.\nIt then reports whether the changes require an increase in the major-version number,\nthe minor-version number,\nor the patchlevel.\n\n## Installation and usage\n\nModver can be used from the command line,\nor in your Go program,\nor with [GitHub Actions](https://github.com/features/actions).\n\n### Command-line interface\n\nInstall the `modver` command like this:\n\n```sh\ngo install github.com/bobg/modver/v2/cmd/modver@latest\n```\n\nAssuming the current directory is the root of a cloned Git repository,\nyou can run it like this:\n\n```sh\n$ modver -git .git HEAD~1 HEAD\n```\n\nto tell what kind of version-number change is needed for the latest commit.\nThe `-git .git` gives the path to the repository’s info;\nit can also be something like `https://github.com/bobg/modver`.\nThe arguments `HEAD~1` and `HEAD` specify two Git revisions to compare;\nin this case, the latest two commits on the current branch.\nThese could also be tags or commit hashes.\n\n### GitHub Action\n\nYou can arrange for Modver to inspect the changes on your pull-request branch\nas part of a GitHub Actions-based continuous-integration step.\nIt will add a comment to the pull request with its findings,\nand will update the comment as new commits are pushed to the branch.\n\nTo do this, you’ll need a directory in your GitHub repository named `.github/workflows`,\nand a Yaml file containing (at least) the following:\n\n```yaml\nname: Tests\n\non:\n  push:\n    branches: [ main ]\n  pull_request:\n    branches: [ main ]\n\njobs:\n  test:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v3\n        with:\n          fetch-depth: 0\n\n      - name: Set up Go\n        uses: actions/setup-go@v4\n        with:\n          go-version: 1.19\n\n      - name: Modver\n        if: ${{ github.event_name == 'pull_request' }}\n        uses: bobg/modver@v2.5.0\n        with:\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n          pull_request_url: https://github.com/${{ github.repository }}/pull/${{ github.event.number }}\n```\n\nThis can be combined with other steps that run unit tests, etc.\nYou can change `Tests` to whatever name you like,\nand should change `main` to the name of your repository’s default branch.\nIf your pull request is on a GitHub server other than `github.com`,\nchange the hostname in the `pull_request_url` parameter to match.\n\nNote the `fetch-depth: 0` parameter for the `Checkout` step.\nThis causes GitHub Actions to create a clone of your repo with its full history,\nas opposed to the default,\nwhich is a shallow clone.\nModver requires enough history to be present in the clone\nfor it to access the “base” and “head” revisions of your pull-request branch.\n\nFor more information about configuring GitHub Actions,\nsee [the GitHub Actions documentation](https://docs.github.com/actions).\n\n### Go library\n\nModver also has a simple API for use from within Go programs.\nAdd it to your project with `go get github.com/bobg/modver/v2@latest`.\nSee [the Go doc page](https://pkg.go.dev/github.com/bobg/modver/v2) for information about how to use it.\n\n## Semantic versioning\n\nBriefly, a major-version bump is needed for incompatible changes in the public API,\nsuch as when a type is removed or renamed,\nor parameters or results are added to or removed from a function.\nOld callers cannot expect to use the new version without being updated.\n\nA minor-version bump is needed when new features are added to the public API,\nlike a new entrypoint or new fields in an existing struct.\nOld callers _can_ continue using the new version without being updated,\nbut callers depending on the new features cannot use the old version.\n\nA patchlevel bump is needed for most other changes.\n\nThe result produced by modver is the _minimal_ change required.\nThe actual change required may be greater.\nFor example,\nif a new method is added to a type,\nthis function will return `Minor`.\nHowever, if something also changed about an existing method that breaks the old contract -\nit accepts a narrower range of inputs, for example,\nor returns errors in some new cases -\nthat may well require a major-version bump,\nand this function can't detect those cases.\n\nYou can be assured, however,\nthat if this function returns `Major`,\na minor-version bump won't suffice,\nand if this function returns `Minor`,\na patchlevel bump won't suffice,\netc.\n\nThe `modver` command\n(in the `cmd/modver` subdirectory)\ncan be used,\namong other ways,\nto test that each commit to a Git repository increments the module’s version number appropriately.\nThis is done for modver itself using GitHub Actions,\n[here](https://github.com/bobg/modver/blob/dd93eccb5674b13161a91bf6a6666889c21adb5b/.github/workflows/go.yml#L25-L26).\n\n(Note that the standard `actions/checkout@v2` action,\nfor cloning a repository during GitHub Actions,\ncreates a shallow clone with just one commit’s worth of history.\nFor the usage here to work,\nyou’ll need more history:\nat least two commit’s worth and maybe more to pull in the latest tag for the previous revision.\nThe clone depth can be overridden with the `fetch-depth` parameter,\nwhich modver does [here](https://github.com/bobg/modver/blob/dd93eccb5674b13161a91bf6a6666889c21adb5b/.github/workflows/go.yml#L14-L15).)\n","funding_links":[],"categories":["Go Tools","Go 工具","Libraries for creating HTTP middlewares"],"sub_categories":["Routers","路由器","Search and Analytic Databases"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbobg%2Fmodver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbobg%2Fmodver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbobg%2Fmodver/lists"}