{"id":31701761,"url":"https://github.com/getlantern/autoupdate","last_synced_at":"2025-10-08T21:08:16.105Z","repository":{"id":26857647,"uuid":"30317638","full_name":"getlantern/autoupdate","owner":"getlantern","description":"Provides interfaces for helping lantern tools update themselves.","archived":false,"fork":false,"pushed_at":"2025-04-24T17:49:01.000Z","size":51,"stargazers_count":17,"open_issues_count":1,"forks_count":5,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-24T18:48:20.051Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getlantern.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-02-04T19:46:31.000Z","updated_at":"2025-04-24T17:49:04.000Z","dependencies_parsed_at":"2024-06-19T01:55:14.995Z","dependency_job_id":null,"html_url":"https://github.com/getlantern/autoupdate","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/getlantern/autoupdate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fautoupdate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fautoupdate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fautoupdate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fautoupdate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getlantern","download_url":"https://codeload.github.com/getlantern/autoupdate/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fautoupdate/sbom","scorecard":{"id":424312,"data":{"date":"2025-08-11","repo":{"name":"github.com/getlantern/autoupdate","commit":"0404978f04006eadf4b6d2b6ea9a0d077c637733"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":2,"reason":"Found 4/16 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 2.0.0-beta3 not signed: https://api.github.com/repos/getlantern/autoupdate/releases/1086008","Warn: release artifact 2.0.0-beta2 not signed: https://api.github.com/repos/getlantern/autoupdate/releases/1085992","Warn: release artifact 2.0.0-beta3 does not have provenance: https://api.github.com/repos/getlantern/autoupdate/releases/1086008","Warn: release artifact 2.0.0-beta2 does not have provenance: https://api.github.com/repos/getlantern/autoupdate/releases/1085992"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T01:55:58.351Z","repository_id":26857647,"created_at":"2025-08-19T01:55:58.351Z","updated_at":"2025-08-19T01:55:58.351Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000716,"owners_count":26082837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-08T21:08:14.786Z","updated_at":"2025-10-08T21:08:16.098Z","avatar_url":"https://github.com/getlantern.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lantern Autoupdate\n\nThe `autoupdate` package provides [Lantern][1] with the ability to request,\ndownload and apply software updates over the network with minimal interaction.\nAt this time, `autoupdate` relies on the [go-update][2] and the\n[autoupdate-server][3] packages.\n\n## General flow\n\n![lanternautoupdates - general client](https://cloud.githubusercontent.com/assets/385670/6097030/736614c8-af72-11e4-932f-07f718c51673.png)\n\nAt some point on the Lantern application's lifetime, an independent process\nwill be created, this process will periodically send local information (using a\nproxy, if available) to an update server that will compare client's data\nagainst a list of releases. When applicable, the server will generate a binary\npatch and send a reply to the client containing the URL of the appropriate\npatch. The client will download and apply the patch to its executable file so\nthe new version is ready the next time Lantern starts.\n\n### Update server\n\n![lanternautoupdates - server process](https://cloud.githubusercontent.com/assets/385670/6097042/cb08d42c-af72-11e4-9ca4-d09af2fbb11b.png)\n\nThe update server holds a list of releases and waits for queries from clients.\nClients will send their own checksum and the server will compare that checksum\nagainst the checksum of the latest release, if they don't match a binary diff\nwill be generated. This binary diff can be used by the client to patch itself.\n\n### Download server\n\nThe update server may or may not be used as a download server. Clients will\npull binary diffs from this location, the actual patch's URL will be provided\nby the update server.\n\n### Client\n\n![lanternautoupdates - auto update process](https://cloud.githubusercontent.com/assets/385670/6097031/755f89c6-af72-11e4-82ea-0c82f27160b2.png)\n\nA client will compute the checksum of its executable file and will send it to\nan update server periodically. When the update server replies with a special\nmessage meaning that a new version is available, the client will download the\nbinary patch, apply it to a temporary file and check the signature, if the\nsignature is what the client expects, the original executable will be replaced\nwith the patched one.\n\n[1]: https://getlantern.org/\n[2]: https://github.com/inconshreveable/go-update\n[3]: https://github.com/getlantern/autoupdate-server\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetlantern%2Fautoupdate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetlantern%2Fautoupdate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetlantern%2Fautoupdate/lists"}