{"id":30710324,"url":"https://github.com/iepathos/reqs","last_synced_at":"2025-10-07T12:02:28.374Z","repository":{"id":57620735,"uuid":"147756846","full_name":"iepathos/reqs","owner":"iepathos","description":"Cross-platform package management tool for Linux and OSX.  It's an abstraction over existing package management tools.","archived":false,"fork":false,"pushed_at":"2018-09-17T02:16:20.000Z","size":141,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-03T00:09:14.002Z","etag":null,"topics":["apt","apt-get","brew","cross-platform","dnf","golang","homebrew","node","nodejs","npm","package-manager","pip"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iepathos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-07T02:00:17.000Z","updated_at":"2023-11-10T04:10:26.000Z","dependencies_parsed_at":"2022-09-02T17:31:56.352Z","dependency_job_id":null,"html_url":"https://github.com/iepathos/reqs","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/iepathos/reqs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iepathos%2Freqs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iepathos%2Freqs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iepathos%2Freqs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iepathos%2Freqs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iepathos","download_url":"https://codeload.github.com/iepathos/reqs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iepathos%2Freqs/sbom","scorecard":{"id":481915,"data":{"date":"2025-08-11","repo":{"name":"github.com/iepathos/reqs","commit":"2f7646d2be6f52a7a95dbfa06121c7c332ea8232"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.4,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: goCommand not pinned by hash: release.sh:2","Warn: goCommand not pinned by hash: release.sh:10","Info:   0 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.4.0 not signed: https://api.github.com/repos/iepathos/reqs/releases/12926119","Warn: release artifact v0.3.9 not signed: https://api.github.com/repos/iepathos/reqs/releases/12924920","Warn: release artifact v0.3.8 not signed: https://api.github.com/repos/iepathos/reqs/releases/12894285","Warn: release artifact v0.3.7 not signed: https://api.github.com/repos/iepathos/reqs/releases/12894093","Warn: release artifact v0.3.6 not signed: https://api.github.com/repos/iepathos/reqs/releases/12893633","Warn: release artifact v0.4.0 does not have provenance: https://api.github.com/repos/iepathos/reqs/releases/12926119","Warn: release artifact v0.3.9 does not have provenance: https://api.github.com/repos/iepathos/reqs/releases/12924920","Warn: release artifact v0.3.8 does not have provenance: https://api.github.com/repos/iepathos/reqs/releases/12894285","Warn: release artifact v0.3.7 does not have provenance: https://api.github.com/repos/iepathos/reqs/releases/12894093","Warn: release artifact v0.3.6 does not have provenance: https://api.github.com/repos/iepathos/reqs/releases/12893633"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"38 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-358 / GHSA-2pfh-q76x-gwvm","Warn: Project is vulnerable to: PYSEC-2018-81 / GHSA-3xvg-x47j-x75w","Warn: Project is vulnerable to: GHSA-4r65-35qq-ch8j","Warn: Project is vulnerable to: PYSEC-2021-1 / GHSA-5rrg-rr89-x9mv","Warn: Project is vulnerable to: PYSEC-2019-5 / GHSA-74vq-h4q8-x6jv","Warn: Project is vulnerable to: PYSEC-2020-3 / GHSA-785x-qw4v-6872","Warn: Project is vulnerable to: PYSEC-2020-9 / GHSA-893h-35v4-mxqx","Warn: Project is vulnerable to: PYSEC-2021-124 / GHSA-8f4m-hccc-8qph","Warn: Project is vulnerable to: PYSEC-2020-11 / GHSA-923p-fr2c-g5m2","Warn: Project is vulnerable to: GHSA-cpx3-93w7-457x","Warn: Project is vulnerable to: PYSEC-2020-10 / GHSA-f85h-23mf-2fwh","Warn: Project is vulnerable to: PYSEC-2018-43 / GHSA-fc4h-467w-46rh","Warn: Project is vulnerable to: PYSEC-2020-5 / GHSA-g4mq-6fp5-qwcf","Warn: Project is vulnerable to: PYSEC-2019-2 / GHSA-grgm-pph5-j5h7","Warn: Project is vulnerable to: PYSEC-2020-161 / GHSA-gwr8-5j83-483c","Warn: Project is vulnerable to: PYSEC-2020-6 / GHSA-h39q-95q5-9jfp","Warn: Project is vulnerable to: PYSEC-2019-171 / GHSA-h653-95qw-h2mp","Warn: Project is vulnerable to: PYSEC-2018-44 / GHSA-hwrm-63v2-42g4","Warn: Project is vulnerable to: PYSEC-2019-141 / GHSA-j569-fghw-f9rx","Warn: Project is vulnerable to: GHSA-j667-c2hm-f2wp","Warn: Project is vulnerable to: GHSA-jpvw-p8pr-9g2x","Warn: Project is vulnerable to: PYSEC-2019-4 / GHSA-pm48-cvv2-29q5","Warn: Project is vulnerable to: PYSEC-2021-105 / GHSA-r6h7-5pq2-j77h","Warn: Project is vulnerable to: PYSEC-2018-60 / GHSA-v735-2pp6-h86r","Warn: Project is vulnerable to: PYSEC-2020-12 / GHSA-vcg8-98q8-g7mj","Warn: Project is vulnerable to: GHSA-vp9j-rghq-8jhh","Warn: Project is vulnerable to: PYSEC-2021-106 / GHSA-wv5p-gmmv-wh9v","Warn: Project is vulnerable to: PYSEC-2020-210","Warn: Project is vulnerable to: PYSEC-2020-220","Warn: Project is vulnerable to: PYSEC-2020-7","Warn: Project is vulnerable to: PYSEC-2020-8","Warn: Project is vulnerable to: PYSEC-2021-126","Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T16:51:33.361Z","repository_id":57620735,"created_at":"2025-08-19T16:51:33.361Z","updated_at":"2025-08-19T16:51:33.361Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274579587,"owners_count":25310964,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-11T02:00:13.660Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apt","apt-get","brew","cross-platform","dnf","golang","homebrew","node","nodejs","npm","package-manager","pip"],"created_at":"2025-09-03T00:02:48.941Z","updated_at":"2025-10-07T12:02:23.327Z","avatar_url":"https://github.com/iepathos.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# reqs\n\nReqs is a cross-platform Linux and MacOSX systems package management tool.  It wraps apt, homebrew, dnf, yum, pip, npm and is able to automatically determine the right tool to use based on the system.  It checks requirements files and/or reqs.yml files.  Allows projects to clearly define their system package requirements and install them intelligently across multiple repositories and files.\n\nThe main focus of reqs is system package management abstraction with pip and possibly gem support added as an after thought to ease some project deployments.  Because pip and ruby reqs generally don't differ from system-to-system abstracting those tools is not so important to reqs.  If pip or npm arguments are specified the system package installation will be skipped, this functionality may change in the future.\n\nBest way to use reqs is with a reqs.yml file in you repositories.\n\nreqs.yml\n```\ncommon:\n  - curl\n  - git\napt:\n  - golang-go\nbrew:\n  - go\ndnf:\n  - golang\n```\n\nThen run `reqs` in your repos and it'll install your system-level dependencies for you.\n\nCan use separate requirements files, like how pip requirements.txt work with package names each on a new line and it tries to install the packages listed in it using either apt-requirements.txt, dnf-requirements.txt, brew-requirements.txt, or common-requirements.txt.\n\nIt can gather these requirements for multiple directories and/or recursively and combine them into a single installation call.\n\nreqs automatically determines the tool to used based on the system and what is available.\n\n\n## Installation\n\nFast\n```\nbash -c \"$(curl -sL https://raw.githubusercontent.com/iepathos/reqs/master/download.sh)\"\n```\n\nOr download the latest release for your system from [https://github.com/iepathos/reqs/releases](https://github.com/iepathos/reqs/releases)\n\nOr install with go if you're gopher inclined\n```\ngo get -u github.com/iepathos/reqs/cmd/reqs\n```\n\n## Usage\n\nAutomaticaly finds apt-requirements.txt, brew-requirements.txt, dnf-requirements.txt, common-requirements.txt, and reqs.yml files.  common-requirements.txt are accepted for cross-platform shared same-name system dependencies.\n\nFor an example reqs.yml see [https://github.com/iepathos/reqs/blob/master/examples/reqs.yml](https://github.com/iepathos/reqs/blob/master/examples/reqs.yml)\n\nExample dev setup [https://github.com/iepathos/reup](https://github.com/iepathos/reup)\n\nview reqs args and their descriptions\n```\nreqs -h\n```\n\nrecurse down directories to find requirements files and install the system depdencies\n```\nreqs -r\n```\n\ninstall all of the example projects' system pip and system npm dependenices\n```\nreqs -r -d examples -spip -snpm\n```\n\ninstall requirements in the current directory\n```\nreqs\n```\n\nget requirements from a specific directory, automaticaly detect appropriate \u003csystem-tool\u003e-requirements.txt to use\n```\nreqs -d /some/path/\n```\n\nget requirements from a specific file\n```\nreqs -f tool-requirements.txt\n```\n\nget requirements from stdin\n```\nreqs -i \u003c tool-requirements.txt\n```\n\n\ngenerate apt requirements from the currently installed apt packages\n```\nreqs -o \u003e apt-requirements.txt\n```\n\n\ngenerate apt requirements with the versions info locked installed\n```\nreqs -ov \u003e apt-requirements.txt\n```\n\ngenerate brew requirements from the currently install brew packages\n```\nreqs -o \u003e brew-requirements.txt\n```\n\nupdate packages before installing requirements\n```\nreqs -u\n```\n\nupdate and upgrade packages before installing requirements\n```\nreqs -up\n```\n\nquiet mode squelch everything but errors\n```\nreqs -q\n```\n\nforce reinstall of packages\n```\nreqs -force\n```\n\n## Releasing\n\nMust have Go installed.  Recent version is better.  Relies on go-dep and go-releaser.  `release.sh` will attempt to install/update both  go packages and whatever other deps reqs has using dep.  git tag the current commit you wish to release with the next appropriate version tag and run\n```\n./release.sh\n```\n\nMust export GITHUB_TOKEN with permission to push to origin master for the git repo.  If you just fork off github.com/iepathos/reqs and then use a personal access github token with repo permission you should be groovy.\n\n## Testing\n\nCross-platform tests are executed using Vagrant [https://www.vagrantup.com/](https://www.vagrantup.com/) to define and manage Ubuntu, Fedora, and OSX virtual machines and execute reqs on example projects on those systems.\n\n\n## Todo\n\n+ refactor reqs code until it's beautiful\n+ add gem, npm, and bower comprehension or just stick to system packages?","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiepathos%2Freqs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiepathos%2Freqs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiepathos%2Freqs/lists"}