{"id":30561869,"url":"https://github.com/bufbuild/protocompile","last_synced_at":"2025-08-28T12:40:55.319Z","repository":{"id":59763922,"uuid":"523767396","full_name":"bufbuild/protocompile","owner":"bufbuild","description":"A parsing/linking engine for protobuf; the guts for a pure Go replacement of protoc.","archived":false,"fork":false,"pushed_at":"2025-08-26T15:41:08.000Z","size":3808,"stargazers_count":284,"open_issues_count":18,"forks_count":22,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-08-26T17:56:05.111Z","etag":null,"topics":["compiler","parser","protobuf","protocol-buffers"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bufbuild.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"supported_editions.go","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-08-11T15:06:04.000Z","updated_at":"2025-08-26T13:22:53.000Z","dependencies_parsed_at":"2023-10-03T22:18:52.284Z","dependency_job_id":"e99e0f3c-cf63-41a3-b514-5a0d940c6f4e","html_url":"https://github.com/bufbuild/protocompile","commit_stats":{"total_commits":170,"total_committers":10,"mean_commits":17.0,"dds":0.7,"last_synced_commit":"b918adeb88ae1bd2e310f61e0143634c0276af63"},"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/bufbuild/protocompile","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fprotocompile","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fprotocompile/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fprotocompile/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fprotocompile/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bufbuild","download_url":"https://codeload.github.com/bufbuild/protocompile/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fprotocompile/sbom","scorecard":{"id":257306,"data":{"date":"2025-08-11","repo":{"name":"github.com/bufbuild/protocompile","commit":"f3c97b1f39247a53b042a19d921066e2cee89dff"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.7,"checks":[{"name":"Maintained","score":3,"reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/add-to-project.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yaml:12","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pr-title.yaml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/windows.yaml:12","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/add-to-project.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/add-to-project.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/pr-title.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/windows.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/windows.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/protocompile/windows.yaml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T09:58:43.807Z","repository_id":59763922,"created_at":"2025-08-17T09:58:43.807Z","updated_at":"2025-08-17T09:58:43.807Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272261729,"owners_count":24902502,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-26T02:00:07.904Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compiler","parser","protobuf","protocol-buffers"],"created_at":"2025-08-28T12:40:53.591Z","updated_at":"2025-08-28T12:40:54.949Z","avatar_url":"https://github.com/bufbuild.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"![The Buf logo](./.github/buf-logo.svg)\n\n# Protocompile\n\n[![Build](https://github.com/bufbuild/protocompile/actions/workflows/ci.yaml/badge.svg?branch=main)](https://github.com/bufbuild/protocompile/actions/workflows/ci.yaml)\n[![Report Card](https://goreportcard.com/badge/github.com/bufbuild/protocompile)](https://goreportcard.com/report/github.com/bufbuild/protocompile)\n[![GoDoc](https://pkg.go.dev/badge/github.com/bufbuild/protocompile.svg)](https://pkg.go.dev/github.com/bufbuild/protocompile)\n\nThis repo contains a parsing/linking engine for Protocol Buffers, written in pure Go. It is suitable as an alternative\nto `protoc` (Google's official reference compiler for Protocol Buffers). This is the compiler that powers [Buf](https://buf.build)\nand its bevy of tools.\n\nThis repo is also the spiritual successor to the [`github.com/jhump/protoreflect/desc/protoparse`](https://godoc.org/github.com/jhump/protoreflect/desc/protoparse)\npackage. If you are looking for a newer version of `protoparse` that natively works with the newer Protobuf runtime\nAPI for Go (`google.golang.org/protobuf`), you have found it!\n\n## Protocol Buffers\n\nIf you've come across this repo but don't know what Protocol Buffers are, you might acquaint yourself with the [official\ndocumentation](https://developers.google.com/protocol-buffers). Protocol Buffers, or Protobuf for short, is an IDL for\ndescribing APIs and data structures and also a binary encoding format for efficiently transmitting and storing that\ndata.\n\nIf you want to know more about the language itself, which is what this repo implements, take a look at Buf's\n[Protobuf Guide](https://protobuf.com), which includes a very detailed language specification.\n\n### Descriptors\n\nDescriptors are the \"lingua franca\" for describing Protobuf data schemas. They are the basis of runtime features like\nreflection and dynamic messages. They are also the output of a Protobuf compiler: a compiler can produce them and write\nthem to a file (whose contents are the binary-encoded form of a [`FileDescriptorSet`](https://github.com/protocolbuffers/protobuf/blob/v21.7/src/google/protobuf/descriptor.proto#L55-L59))\nor send them to a [plugin](https://docs.buf.build/reference/images#plugins) to generate code for a particular\nprogramming language.\n\nDescriptors are similar to nodes in a syntax tree: the contents of a file descriptor correspond closely to the elements\nin the source file from which it was generated. Also, the descriptor model's data structures are themselves defined in\n[Protobuf](https://github.com/protocolbuffers/protobuf/blob/v21.7/src/google/protobuf/descriptor.proto).\n\n## Using This Repo\n\nThe primary API of this repo is in this root package: `github.com/bufbuild/protocompile`. This is the suggested entry\npoint and provides a type named `Compiler`, for compiling Protobuf source files into descriptors. There are also\nnumerous sub-packages, most of which implement various stages of the compiler. Here's an overview (_not_ in alphabetical\norder):\n\n  * [`protocompile`](https://pkg.go.dev/github.com/bufbuild/protocompile):\n    This is the entry point, used to configure and initiate a compilation operation.\n  * [`parser`](https://pkg.go.dev/github.com/bufbuild/protocompile/parser):\n    This is the first stage of the compiler. It parses Protobuf source code and produces an AST. This package can also\n    generate a file descriptor proto from an AST.\n  * [`ast`](https://pkg.go.dev/github.com/bufbuild/protocompile/ast):\n    This package models an Abstract Syntax Tree (AST) for the Protobuf language.\n  * [`linker`](https://pkg.go.dev/github.com/bufbuild/protocompile/linker):\n    This is the second stage of the compiler. The descriptor proto (generated from an AST) is linked, producing a more\n    useful data structure than simple descriptor protos. This step also performs numerous validations on the source,\n    like making sure that all type references are correct and that sources don't try to define two elements with the same\n    name.\n  * [`options`](https://pkg.go.dev/github.com/bufbuild/protocompile/options):\n    This is the next stage of the compiler: interpreting options. The linked data structures that come from the previous\n    stage are used to validate and interpret all options.\n  * [`sourceinfo`](https://pkg.go.dev/github.com/bufbuild/protocompile/sourceinfo):\n    This is the last stage of the compiler: generating source code info. Source code info contains metadata that maps\n    elements in the descriptor to the location in the original source file from which it came. This includes access to\n    comments. In order to provide correct source info for options, it must happen last, after options have been\n    interpreted.\n  * [`reporter`](https://pkg.go.dev/github.com/bufbuild/protocompile/reporter): This package provides error types\n    generated by the compiler and interfaces used by the compiler to report errors and warnings to the calling code.\n  * [`walk`](https://pkg.go.dev/github.com/bufbuild/protocompile/walk):\n    This package provides functions for walking through all of the elements in a descriptor (or descriptor proto)\n    hierarchy.\n  * [`protoutil`](https://pkg.go.dev/github.com/bufbuild/protocompile/protoutil):\n    This package contains some other useful functions for interacting with Protobuf descriptors.\n\n### Migrating from `protoparse`\n\nThere are a few differences between this repo and its predecessor, `github.com/jhump/protoreflect/desc/protoparse`.\n\n* If you want to include \"standard imports\", for the well-known files that are included with `protoc`, you have to do\n  so explicitly. To do this, wrap your resolver using `protocompile.WithStandardImports`.\n* If you used `protoparse.FileContentsFromMap`, in this new repo you'll use a `protocompile.SourceResolver` and then use\n  `protocompile.SourceAccessorFromMap` as its accessor function.\n* If you used `Parser.ParseToAST`, you won't use the `protocompile` package but instead directly use `parser.Parse` in\n  this repo's `parser` sub-package. This returns an AST for the given file contents.\n* If you used `Parser.ParseFilesButDoNotLink`, that is still possible in this repo, but not provided directly via a\n  single function. Instead, you need to take a few steps:\n  1. Parse the source using `parser.Parse`. Then use `parser.ResultFromAST` to construct a result that contains a file\n     descriptor proto.\n  2. Interpret whatever options can be interpreted without linking using `options.InterpretUnlinkedOptions`. This may\n     leave some options in the descriptor proto uninterpreted (including all custom options).\n  3. If you want source code info for the file, finally call `sourceinfo.GenerateSourceInfo` using the index returned\n     from the previous step and store that in the file descriptor proto.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbufbuild%2Fprotocompile","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbufbuild%2Fprotocompile","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbufbuild%2Fprotocompile/lists"}