{"id":37196691,"url":"https://github.com/fbiville/headache","last_synced_at":"2026-01-14T22:52:54.360Z","repository":{"id":34563924,"uuid":"150176494","full_name":"fbiville/headache","owner":"fbiville","description":"Utility to manage license headers in source files","archived":true,"fork":false,"pushed_at":"2022-06-30T04:19:45.000Z","size":246,"stargazers_count":34,"open_issues_count":19,"forks_count":9,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-06-19T00:24:25.360Z","etag":null,"topics":["copyright","header","license"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fbiville.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-24T22:29:19.000Z","updated_at":"2023-04-17T08:45:21.000Z","dependencies_parsed_at":"2022-08-28T13:10:38.688Z","dependency_job_id":null,"html_url":"https://github.com/fbiville/headache","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/fbiville/headache","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbiville%2Fheadache","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbiville%2Fheadache/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbiville%2Fheadache/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbiville%2Fheadache/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fbiville","download_url":"https://codeload.github.com/fbiville/headache/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbiville%2Fheadache/sbom","scorecard":{"id":394263,"data":{"date":"2025-08-11","repo":{"name":"github.com/fbiville/headache","commit":"8fdffdb602d1474d8a2c23f6bc14d8806185e4f5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4,"checks":[{"name":"Code-Review","score":3,"reason":"Found 1/3 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/fbiville/headache/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/fbiville/headache/ci.yaml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T18:34:50.822Z","repository_id":34563924,"created_at":"2025-08-18T18:34:50.822Z","updated_at":"2025-08-18T18:34:50.822Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28437079,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T22:37:52.437Z","status":"ssl_error","status_checked_at":"2026-01-14T22:37:31.496Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["copyright","header","license"],"created_at":"2026-01-14T22:52:53.512Z","updated_at":"2026-01-14T22:52:54.350Z","avatar_url":"https://github.com/fbiville.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Header management\n\n`headache` is an opinionated license header updater (see the \"Approach\" section below).\nIt allows to consistently insert and update license headers in source files or even change licenses completely!\n\n## Build status\n\n[![Build Status](https://github.com/fbiville/headache/workflows/CI/badge.svg)](https://github.com/fbiville/headache/actions)\n\n## Quick start\n\nBy default, `headache` looks for a configuration file named `headache.json` in the directory in which it is invoked:\n\n```json\n{\n  \"headerFile\": \"./license-header.txt\",\n  \"style\": \"SlashStar\",\n  \"includes\": [\"**/*.go\"],\n  \"excludes\": [\"vendor/**/*\"],\n  \"data\": {\n    \"Owner\": \"The original author or authors\"\n  }\n}\n```\n\n`license-header.txt` (note the absence of `YearRange` parameter in the configuration file):\n```\nCopyright {{.YearRange}} {{.Owner}}\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    https://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n### Run\n\nAll you have to do then is:\n```shell\n $ cd $(mktemp -d) \u0026\u0026 go get -u github.com/fbiville/headache/cmd/headache \u0026\u0026 cd -\n $ ${GOBIN:-`go env GOPATH`/bin}/headache\n```\n\nAs a result, source files will be changed and `.headache-run` will be generated to keep track of `headache` last execution.\nThis file must be versioned along with the source file changes.\n\n### Run with custom configuration\n\nAlternatively, the configuration file can be explicitly provided:\n```shell\n $ go get -u github.com/fbiville/headache\n $ ${GOBIN:-`go env GOPATH`/bin}/headache --configuration /path/to/configuration.json\n```\n\n## Reference documentation\n\n### Approach\n\n`headache` approach to copyright is well explained in [this stackoverflow answer](https://stackoverflow.com/a/2391555/277128), \nread it first!\n\nNow that you read this, here are two important points:\n\n - Copyright years have to be updated when a significant change occurs.\n \nThere is, to the author knowledge, no automatic solution to distinguish a trivial change from a significant one.\n\nBased on this premise, `headache` will process all files matching the configuration and that have been changed since its last execution.\n`headache` will then compute the copyright year, file by file, from their available versioning information (typically by retrieving the relevant dates from Git commits).\n\n**It is up to the project maintainer to discard the generated changes if they are not relevant.**\n\n - \u003e The [first] date on the [copyright] notice establishes how far back the claim is made.\n \nThis claim could predate any commit associated to the file (imagine a file copied from project to project for years).\n\n`headache` will never overwrite the start date of the copyright year if it finds one, if and only if that date occurs earlier than the first commit date of the file.\n\n### Configuration\n\n`headache` relies on the emerging [JSON Schema standard](https://json-schema.org/) to validate its configuration.\n`headache` schema is defined [here](https://fbiville.github.io/headache/schema.json).\n\nIn layman's terms, here are all the possible settings:\n\nSetting            | Type                    | Definition                                             |\n| ---------------- |:----------------------: | -----------------------------------------------------: |\n| `headerFile`     | string                  | **[required]** Path to the parameterized license header. Parameters are referenced with the following syntax: {{.PARAMETER-NAME}}               |\n| `style`          | string                  | **[required]** See all the possible names [here](https://fbiville.github.io/headache/schema.json). The lookup is case-insensitive. |\n| `includes`       | array of strings        | **[required, min size=1]** File globs to include (`*` and `**` are supported)     |\n| `excludes`       | array of strings        | File globs to exclude (`*` and `**` are supported)     |\n| `data`           | map of string to string | Key-value pairs, matching the parameters used in `headerFile` except for the reserved parameters (see below section).\n\n\n#### Reserved parameters\n\n - `{{.YearRange}}` (formerly `{{.Year}}`) is automatically substituted with either:\n     - a single year if both years in the range are the same\n     - a year range with the earliest commit's year (or earlier) and latest commit's year\n - `{{.StartYear}}` is substituted with the earliest commit's year (or earlier)\n - `{{.EndYear}}` is substituted with the latest commit's year\n \nAs explained earlier, if a file specifies a start date in its header that is earlier than any commit's year, then that\ndate is preserved.\n\nIf you want to avoid copyright dates like `2019-2019`, then rely on `{{.YearRange}}` instead of `{{.StartYear}}-{{.EndYear}}`.\nIf you need something like `2018-present`, then use `{{.StartYear}}-present` instead.\n\n## Alternatives\n\n - [addlicense](https://github.com/google/addlicense) - written in Golang as well\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbiville%2Fheadache","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffbiville%2Fheadache","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbiville%2Fheadache/lists"}