{"id":29560918,"url":"https://github.com/decred/vspd","last_synced_at":"2025-08-27T17:13:33.108Z","repository":{"id":37962525,"uuid":"263679144","full_name":"decred/vspd","owner":"decred","description":"A Voting Service Provider (VSP) for the Decred network.","archived":false,"fork":false,"pushed_at":"2025-04-15T08:34:37.000Z","size":2852,"stargazers_count":18,"open_issues_count":9,"forks_count":21,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-07-18T18:29:47.367Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/decred.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-05-13T16:06:00.000Z","updated_at":"2025-04-15T08:34:41.000Z","dependencies_parsed_at":"2023-11-22T13:30:02.468Z","dependency_job_id":"f27d3f16-d2c5-4200-9a92-c51111bb5f84","html_url":"https://github.com/decred/vspd","commit_stats":{"total_commits":513,"total_committers":9,"mean_commits":57.0,"dds":"0.10721247563352831","last_synced_commit":"1a2b02466ca60369e5a191102ca173246606ad96"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/decred/vspd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decred%2Fvspd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decred%2Fvspd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decred%2Fvspd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decred%2Fvspd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/decred","download_url":"https://codeload.github.com/decred/vspd/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/decred%2Fvspd/sbom","scorecard":{"id":331598,"data":{"date":"2025-08-11","repo":{"name":"github.com/decred/vspd","commit":"5263bfc2e19b3c24185ef024e06fff7f7b461dd9"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":9,"reason":"Found 17/18 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: downloadThenRun not pinned by hash: .github/workflows/go.yml:21","Info:   2 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: ISC License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:46:50.975Z","repository_id":37962525,"created_at":"2025-08-18T03:46:50.975Z","updated_at":"2025-08-18T03:46:50.975Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272355659,"owners_count":24920152,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-27T02:00:09.397Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-18T15:39:22.652Z","updated_at":"2025-08-27T17:13:33.068Z","avatar_url":"https://github.com/decred.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# vspd\n\n[![Build Status](https://github.com/decred/vspd/workflows/Build%20and%20Test/badge.svg)](https://github.com/decred/vspd/actions)\n[![ISC License](https://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)\n[![Go Report Card](https://goreportcard.com/badge/github.com/decred/vspd)](https://goreportcard.com/report/github.com/decred/vspd)\n[![Release](https://img.shields.io/github/release/decred/vspd.svg?style=flat-square)](https://github.com/decred/vspd/releases/latest)\n\n\u003cimg src=\"./docs/img/stakey.png\" align=\"right\" /\u003e\n\n[First announced in 2020](https://blog.decred.org/2020/06/02/A-More-Private-Way-to-Stake/),\nvspd is a from scratch implementation of a Voting Service Provider (VSP) for the\nDecred network.\n\nA VSP running vspd can be used to vote on any ticket - tickets do not need to\nbe purchased with any special conditions such as dedicated outputs for paying\nVSP fees. Fees are paid directly to the VSP with an independent on-chain\ntransaction.\n\nTo use vspd, ticket holders must prove ownership of their ticket with a\ncryptographic signature, pay the fee requested by the VSP, and submit a private\nkey which enables the VSP to vote the ticket. Once this process is complete the\nVSP will add the ticket to a pool of always-online voting wallets.\n\n## Features\n\n- **API** - Tickets are registered with the VSP using a JSON HTTP API. For more\n  detail on the API and its usage, read [api.md](./docs/api.md)\n\n- **Web front-end** - A minimal website (no JavaScript) providing public pool\n  stats. A password protected admin page provides an overview of system status,\n  enables searching for tickets and downloading database backups.\n\n- **Two-way accountability** - All vspd requests and responses are signed by\n  their sender, which enables both the client and the server to hold each other\n  accountable in the case of misbehaviour. For more detail and examples, read\n  [two-way-accountability.md](./docs/two-way-accountability.md).\n\n- **Dynamic fees** - Clients must request a new fee address and amount for every\n  ticket. When these are given to a client, there is an associated expiry\n  period. If the fee is not paid in this period, the client must request a new\n  fee. This enables the VSP admin to change their fee as often as they like.\n\n## Implementation\n\nvspd is built and tested on go 1.22 and 1.23, making use of the following\nlibraries:\n\n- [gin-gonic/gin](https://github.com/gin-gonic/gin) webserver.\n\n- [etcd-io/bbolt](https://github.com/etcd-io/bbolt) key-value database.\n\n- [jrick/wsrpc](https://github.com/jrick/wsrpc) for RPC communication with dcrd\n  and dcrwallet.\n\n## Deployment\n\nA vspd deployment consists of a single front-end server which handles web\nrequests, and a number of remote servers which host voting wallets. For more\ninformation about deploying vspd, check out\n[deployment.md](./docs/deployment.md).\n\nThe process for listing a new VSP on [decred.org](https://decred.org/vsp/), and\nconsequently in Decrediton, is detailed in [listing.md](./docs/listing.md).\n\n## Development\n\n### Test Harness\n\nA test harness is provided in `harness.sh`. The test harness uses tmux to start\na testnet instance of dcrd, multiple dcrwallets, and finally vspd. Further\ndocumentation can be found in [harness.sh](./harness.sh).\n\n### Web server debug mode\n\nThe config option `--webserverdebug` will:\n\n- Force HTML templates to be reloaded on every web request.\n- Reload the cached homepage data every second rather than every 5 minutes.\n- Enable detailed webserver logging to the terminal (does not get written to log\n  file).\n\n## Issue Tracker\n\nThe [integrated GitHub issue tracker](https://github.com/decred/vspd/issues)\nis used for this project.\n\n## License\n\nvspd is licensed under the [copyfree](http://copyfree.org) ISC License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecred%2Fvspd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdecred%2Fvspd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecred%2Fvspd/lists"}