{"id":13625850,"url":"https://github.com/erik/squabble","last_synced_at":"2026-01-25T07:46:11.556Z","repository":{"id":50732620,"uuid":"162691239","full_name":"erik/squabble","owner":"erik","description":"An extensible linter for SQL queries and migrations.","archived":false,"fork":false,"pushed_at":"2020-10-29T20:35:00.000Z","size":188,"stargazers_count":68,"open_issues_count":2,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-25T05:20:42.740Z","etag":null,"topics":["linter","postgres","sql","static-analysis"],"latest_commit_sha":null,"homepage":"https://squabble.readthedocs.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/erik.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-21T09:00:27.000Z","updated_at":"2025-03-30T10:35:04.000Z","dependencies_parsed_at":"2022-09-03T07:02:11.957Z","dependency_job_id":null,"html_url":"https://github.com/erik/squabble","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/erik/squabble","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik%2Fsquabble","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik%2Fsquabble/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik%2Fsquabble/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik%2Fsquabble/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/erik","download_url":"https://codeload.github.com/erik/squabble/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erik%2Fsquabble/sbom","scorecard":{"id":380878,"data":{"date":"2025-08-11","repo":{"name":"github.com/erik/squabble","commit":"0f5b2dbb2088389a6b2d4d68f55e4e55f4da5e28"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 3/22 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 12 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T15:24:54.864Z","repository_id":50732620,"created_at":"2025-08-18T15:24:54.864Z","updated_at":"2025-08-18T15:24:54.864Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28748223,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T05:12:38.112Z","status":"ssl_error","status_checked_at":"2026-01-25T05:04:50.338Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linter","postgres","sql","static-analysis"],"created_at":"2024-08-01T21:02:03.762Z","updated_at":"2026-01-25T07:46:11.533Z","avatar_url":"https://github.com/erik.png","language":"Python","readme":"squabble\n========\n\n|build-status| |docs| |pypi|\n\nCatch unsafe SQL migrations.\n\n.. code:: console\n\n  $ squabble sql/migration.sql\n  sql/migration.sql:4:46 ERROR: column \"uh_oh\" has a disallowed constraint [1004]\n  ALTER TABLE big_table ADD COLUMN uh_oh integer DEFAULT 0;\n                                                 ^\n  # Use --explain to get more information on a lint violation\n  $ squabble --explain 1004\n  ConstraintNotAllowed\n       When adding a column to an existing table, certain constraints can have\n       unintentional side effects, like locking the table or introducing\n       performance issues.\n       ...\n\nSquabble can also be `integrated with your editor\n\u003chttps://squabble.rtfd.io/en/latest/editors.html\u003e`__ to catch errors in\nSQL files.\n\n.. code:: console\n\n  $ echo 'SELECT * FROM WHERE x = y;' | squabble --reporter=plain\n  stdin:1:15 CRITICAL: syntax error at or near \"WHERE\"\n\nCurrently, most of the rules have been focused on Postgres and its\nquirks. However, squabble can parse any ANSI SQL and new rules that are\nspecific to other databases are appreciated!\n\nInstallation\n------------\n\n.. code-block:: console\n\n   $ pip3 install squabble\n   $ squabble --help\n\n.. note::\n\n   Squabble is only supported on Python 3.5+\n\nIf you’d like to install from source:\n\n.. code-block:: console\n\n   $ git clone https://github.com/erik/squabble.git \u0026\u0026 cd squabble\n   $ python3 -m venv ve \u0026\u0026 source ve/bin/activate\n   $ python setup.py install\n   $ squabble --help\n\nConfiguration\n-------------\n\nTo see a list of rules, try\n\n.. code-block:: console\n\n   $ squabble --list-rules\n\nThen, to show more verbose information about a rule (such as rationale\nand configuration options)\n\n.. code-block:: console\n\n   $ squabble --show-rule AddColumnDisallowConstraints\n\nOnce a configuration file is in place, it can be passed explicitly on\nthe command line, or automatically looked up.\n\n.. code-block:: console\n\n   $ squabble -c path/to/config ...\n\nIf not explicitly given on the command line, squabble will look for a\nfile named ``.squabblerc`` in the following places (in order):\n\n-  ``./.squabblerc``\n-  ``(git_repo_root)/.squabblerc``\n-  ``~/.squabblerc``\n\nPer-File Configuration\n~~~~~~~~~~~~~~~~~~~~~~\n\nConfiguration can also be applied at the file level by using SQL line comments\nin the form ``-- squabble-enable:RuleName`` or ``-- squabble-disable:RuleName``.\n\nFor example, to disable ``RuleA`` and enable ``RuleB`` just for one file,\nthis could be done:\n\n.. code-block:: sql\n\n   -- squabble-disable:RuleA\n   -- squabble-enable:RuleB config=value array=1,2,3\n   SELECT email FROM users WHERE ...;\n\nTo prevent squabble from running on a file, use ``-- squabble-disable``. Note\nthat this will also disable syntax checking. Note that this flag will take\nprecedence over any other configuration set either on the command line or in\nthe rest of the file.\n\n\nExample Configuration\n~~~~~~~~~~~~~~~~~~~~~\n\n.. code-block:: json\n\n   {\n     \"reporter\": \"color\",\n\n     \"plugins\": [\n       \"/some/directory/with/custom/rules\"\n     ],\n\n     \"rules\": {\n       \"AddColumnsDisallowConstraints\": {\n         \"disallowed\": [\"DEFAULT\", \"FOREIGN\", \"NOT NULL\"]\n       }\n     }\n   }\n\nPrior Art\n---------\n\n``squabble`` is of course not the first tool in this space. If it\ndoesn't fit your needs, consider one of these tools:\n\n- `sqlcheck \u003chttps://github.com/jarulraj/sqlcheck\u003e`__ - regular\n  expression based (rather than parsing), focuses more on ``SELECT``\n  statements than migrations.\n- `sqlint \u003chttps://github.com/purcell/sqlint\u003e`__ - checks that the\n  syntax of a file is valid. Uses the same parsing library as\n  squabble.\n- `sqlfluff \u003chttps://github.com/alanmcruickshank/sqlfluff\u003e`__ -\n  focused more on style and formatting, seems to still be a work in\n  progress.\n\n\nAcknowledgments\n---------------\n\nThis project would not be possible without:\n\n-  `libpg_query \u003chttps://github.com/lfittl/libpg_query\u003e`__ - Postgres\n   query parser\n-  `pglast \u003chttps://github.com/lelit/pglast\u003e`__ - Python bindings to\n   libpg_query\n-  Postgres - …obviously\n\nThe `logo image \u003chttps://thenounproject.com/term/argue/148100/\u003e`__ used\nin the documentation is created by Gianni - Dolce Merda from the Noun\nProject.\n\n.. |build-status| image:: https://img.shields.io/travis/erik/squabble.svg?style=flat\n    :alt: build status\n    :target: https://travis-ci.org/erik/squabble\n\n.. |docs| image:: https://readthedocs.org/projects/squabble/badge/?version=stable\n    :alt: Documentation Status\n    :target: https://squabble.readthedocs.io/en/stable/?badge=stable\n\n.. |pypi| image:: https://img.shields.io/pypi/v/squabble.svg\n   :alt: PyPI version\n   :target: https://pypi.org/project/squabble\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferik%2Fsquabble","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ferik%2Fsquabble","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferik%2Fsquabble/lists"}