{"id":13400807,"url":"https://github.com/ipfs/kubo","last_synced_at":"2026-01-15T22:19:47.778Z","repository":{"id":18141962,"uuid":"21233191","full_name":"ipfs/kubo","owner":"ipfs","description":"An IPFS implementation in Go","archived":false,"fork":false,"pushed_at":"2026-01-13T20:47:38.000Z","size":58856,"stargazers_count":16873,"open_issues_count":1025,"forks_count":3143,"subscribers_count":517,"default_branch":"master","last_synced_at":"2026-01-13T21:09:59.609Z","etag":null,"topics":["ipfs"],"latest_commit_sha":null,"homepage":"https://docs.ipfs.tech/how-to/command-line-quick-start/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ipfs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["ipshipyard.gitwallet.co"]}},"created_at":"2014-06-26T08:14:34.000Z","updated_at":"2026-01-13T20:47:43.000Z","dependencies_parsed_at":"2023-09-25T00:40:40.168Z","dependency_job_id":"39d3f070-be59-4082-8b13-b4186d231dc8","html_url":"https://github.com/ipfs/kubo","commit_stats":{"total_commits":11609,"total_committers":450,"mean_commits":"25.797777777777778","dds":0.8738048066155569,"last_synced_commit":"091bc083c3cb76ff408a9df2c020b0cbc49f141b"},"previous_names":["ipfs/go-ipfs","jbenet/go-ipfs"],"tags_count":210,"template":false,"template_full_name":null,"purl":"pkg:github/ipfs/kubo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ipfs%2Fkubo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ipfs%2Fkubo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ipfs%2Fkubo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ipfs%2Fkubo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ipfs","download_url":"https://codeload.github.com/ipfs/kubo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ipfs%2Fkubo/sbom","scorecard":{"id":49213,"data":{"date":"2025-08-04","repo":{"name":"github.com/ipfs/kubo","commit":"cfbc64845c2674bbf8280e0b0375ad69abd0849d"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":6.2,"checks":[{"name":"Code-Review","score":6,"reason":"Found 12/19 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/changelog.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:17","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql-analysis.yml:18","Warn: no topLevel permission defined: .github/workflows/docker-build.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-image.yml:28","Warn: no topLevel permission defined: .github/workflows/gateway-conformance.yml:1","Warn: no topLevel permission defined: .github/workflows/gobuild.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/golang-analysis.yml:13","Warn: no topLevel permission defined: .github/workflows/golint.yml:1","Warn: no topLevel permission defined: .github/workflows/gotest.yml:1","Warn: no topLevel permission defined: .github/workflows/interop.yml:1","Warn: no topLevel permission defined: .github/workflows/sharness.yml:1","Warn: no topLevel permission defined: .github/workflows/spellcheck.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/sync-release-assets.yml:13","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: status check found to merge onto on branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.36.0 not signed: https://api.github.com/repos/ipfs/kubo/releases/232315373","Warn: release artifact v0.36.0-rc2 not signed: https://api.github.com/repos/ipfs/kubo/releases/230986837","Warn: release artifact v0.36.0-rc1 not signed: https://api.github.com/repos/ipfs/kubo/releases/226278279","Warn: release artifact v0.35.0 not signed: https://api.github.com/repos/ipfs/kubo/releases/220153672","Warn: release artifact v0.35.0-rc2 not signed: https://api.github.com/repos/ipfs/kubo/releases/218974826","Warn: release artifact v0.36.0 does not have provenance: https://api.github.com/repos/ipfs/kubo/releases/232315373","Warn: release artifact v0.36.0-rc2 does not have provenance: https://api.github.com/repos/ipfs/kubo/releases/230986837","Warn: release artifact v0.36.0-rc1 does not have provenance: https://api.github.com/repos/ipfs/kubo/releases/226278279","Warn: release artifact v0.35.0 does not have provenance: https://api.github.com/repos/ipfs/kubo/releases/220153672","Warn: release artifact v0.35.0-rc2 does not have provenance: https://api.github.com/repos/ipfs/kubo/releases/218974826"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-image.yml:31"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-image.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-image.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/docker-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gateway-conformance.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gateway-conformance.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/generated-pr.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/generated-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gobuild.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gobuild.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gobuild.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gobuild.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-analysis.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/golang-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golang-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/golang-analysis.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/golang-analysis.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golang-analysis.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/golang-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golint.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/golint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golint.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/golint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gotest.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gotest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gotest.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gotest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gotest.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gotest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gotest.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gotest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gotest.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gotest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gotest.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gotest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gotest.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/gotest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/interop.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/interop.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sharness.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sharness.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sharness.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sharness.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sharness.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sharness.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sharness.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sharness.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sharness.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sharness.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spellcheck.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/spellcheck.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/spellcheck.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/spellcheck.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/stale.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-release-assets.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sync-release-assets.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-release-assets.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sync-release-assets.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-release-assets.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sync-release-assets.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-release-assets.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ipfs/kubo/sync-release-assets.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:30","Warn: containerImage not pinned by hash: Dockerfile:47: pin your Docker image by updating busybox:stable-glibc to busybox:stable-glibc@sha256:af226e61d33b70c39791bf1a3e7e0fbdd447da8e9955695c2ce08e2f4651ea76","Warn: containerImage not pinned by hash: test/3nodetest/bootstrap/Dockerfile:1","Warn: containerImage not pinned by hash: test/3nodetest/client/Dockerfile:1","Warn: containerImage not pinned by hash: test/3nodetest/data/Dockerfile:1: pin your Docker image by updating ubuntu to ubuntu@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061","Warn: containerImage not pinned by hash: test/3nodetest/server/Dockerfile:1","Warn: pipCommand not pinned by hash: .github/workflows/spellcheck.yml:15","Info:   0 out of  45 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of  29 third-party GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":8,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 17 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3218","Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T23:23:15.960Z","repository_id":18141962,"created_at":"2025-08-14T23:23:15.960Z","updated_at":"2025-08-14T23:23:15.960Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28403790,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T21:51:37.118Z","status":"ssl_error","status_checked_at":"2026-01-13T21:45:14.585Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ipfs"],"created_at":"2024-07-30T19:00:55.700Z","updated_at":"2026-01-15T22:19:47.771Z","avatar_url":"https://github.com/ipfs.png","language":"Go","funding_links":["ipshipyard.gitwallet.co"],"categories":["Built On","Software","Go","ipfs","其他__大数据","[🌐 decentralize](https://github.com/stars/ketsapiwiq/lists/decentralize)","Blockchain","区块链","Apps"],"sub_categories":["Distributed Filesystems","网络服务_其他"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/ipfs/kubo/blob/master/docs/logo/\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/157609/250148884-d6d12db8-fdcf-4be3-8546-2550b69845d8.png\" alt=\"Kubo logo\" title=\"Kubo logo\" width=\"200\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  Kubo: IPFS Implementation in Go\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003cp align=\"center\" style=\"font-size: 1.2rem;\"\u003eThe first implementation of IPFS.\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://ipfs.tech\"\u003e\u003cimg src=\"https://img.shields.io/badge/project-IPFS-blue.svg?style=flat-square\" alt=\"Official Part of IPFS Project\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://discuss.ipfs.tech\"\u003e\u003cimg alt=\"Discourse Forum\" src=\"https://img.shields.io/discourse/posts?server=https%3A%2F%2Fdiscuss.ipfs.tech\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://docs.ipfs.tech/community/\"\u003e\u003cimg alt=\"Matrix\" src=\"https://img.shields.io/matrix/ipfs-space%3Aipfs.io?server_fqdn=matrix.org\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/ipfs/kubo/actions\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/ipfs/kubo/gobuild.yml?branch=master\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/ipfs/kubo/releases\"\u003e\u003cimg alt=\"GitHub release\" src=\"https://img.shields.io/github/v/release/ipfs/kubo?filter=!*rc*\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003chr /\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cb\u003e\u003ca href=\"#what-is-kubo\"\u003eWhat is Kubo?\u003c/a\u003e\u003c/b\u003e | \u003cb\u003e\u003ca href=\"#quick-taste\"\u003eQuick Taste\u003c/a\u003e\u003c/b\u003e | \u003cb\u003e\u003ca href=\"#install\"\u003eInstall\u003c/a\u003e\u003c/b\u003e | \u003cb\u003e\u003ca href=\"#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/b\u003e | \u003cb\u003e\u003ca href=\"#development\"\u003eDevelopment\u003c/a\u003e\u003c/b\u003e | \u003cb\u003e\u003ca href=\"#getting-help\"\u003eGetting Help\u003c/a\u003e\u003c/b\u003e\n\u003c/p\u003e\n\n## What is Kubo?\n\nKubo was the first [IPFS](https://docs.ipfs.tech/concepts/what-is-ipfs/) implementation and is the [most widely used one today](https://probelab.io/ipfs/topology/#chart-agent-types-avg). It takes an opinionated approach to content-addressing ([CIDs](https://docs.ipfs.tech/concepts/glossary/#cid), [DAGs](https://docs.ipfs.tech/concepts/glossary/#dag)) that maximizes interoperability: [UnixFS](https://docs.ipfs.tech/concepts/glossary/#unixfs) for files and directories, [HTTP Gateways](https://docs.ipfs.tech/concepts/glossary/#gateway) for web browsers, [Bitswap](https://docs.ipfs.tech/concepts/glossary/#bitswap) and [HTTP](https://specs.ipfs.tech/http-gateways/trustless-gateway/) for verifiable data transfer.\n\n**Features:**\n\n- Runs an IPFS node as a network service (LAN [mDNS](https://github.com/libp2p/specs/blob/master/discovery/mdns.md) and WAN [Amino DHT](https://docs.ipfs.tech/concepts/glossary/#dht))\n- [Command-line interface](https://docs.ipfs.tech/reference/kubo/cli/) (`ipfs --help`)\n- [WebUI](https://github.com/ipfs/ipfs-webui/#readme) for node management\n- [HTTP Gateway](https://specs.ipfs.tech/http-gateways/) for trusted and [trustless](https://docs.ipfs.tech/reference/http/gateway/#trustless-verifiable-retrieval) content retrieval\n- [HTTP RPC API](https://docs.ipfs.tech/reference/kubo/rpc/) to control the daemon\n- [HTTP Routing V1](https://specs.ipfs.tech/routing/http-routing-v1/) client and server for [delegated routing](./docs/delegated-routing.md)\n- [Content blocking](./docs/content-blocking.md) for public node operators\n\n**Other IPFS implementations:** [Helia](https://github.com/ipfs/helia) (JavaScript), [more...](https://docs.ipfs.tech/concepts/ipfs-implementations/)\n\n## Quick Taste\n\nAfter [installing Kubo](#install), verify it works:\n\n```console\n$ ipfs init\ngenerating ED25519 keypair...done\npeer identity: 12D3KooWGcSLQdLDBi2BvoP8WnpdHvhWPbxpGcqkf93rL2XMZK7R\n\n$ ipfs daemon \u0026\nDaemon is ready\n\n$ echo \"hello IPFS\" | ipfs add -q --cid-version 1\nbafkreicouv3sksjuzxb3rbb6rziy6duakk2aikegsmtqtz5rsuppjorxsa\n\n$ ipfs cat bafkreicouv3sksjuzxb3rbb6rziy6duakk2aikegsmtqtz5rsuppjorxsa\nhello IPFS\n```\n\nVerify this CID is provided by your node to the IPFS network: \u003chttps://check.ipfs.network/?cid=bafkreicouv3sksjuzxb3rbb6rziy6duakk2aikegsmtqtz5rsuppjorxsa\u003e\n\nSee `ipfs add --help` for all import options. Ready for more? Follow the [command-line quick start](https://docs.ipfs.tech/how-to/command-line-quick-start/).\n\n## Install\n\nFollow the [official installation guide](https://docs.ipfs.tech/install/command-line/), or choose: [prebuilt binary](#official-prebuilt-binaries) | [Docker](#docker) | [package manager](#package-managers) | [from source](#build-from-source).\n\nPrefer a GUI? Try [IPFS Desktop](https://docs.ipfs.tech/install/ipfs-desktop/) and/or [IPFS Companion](https://docs.ipfs.tech/install/ipfs-companion/).\n\n### Minimal System Requirements\n\nKubo runs on most Linux, macOS, and Windows systems. For optimal performance, we recommend at least 6 GB of RAM and 2 CPU cores (more is ideal, as Kubo is highly parallel).\n\n\u003e [!IMPORTANT]\n\u003e Larger pinsets require additional memory, with an estimated ~1 GiB of RAM per 20 million items for reproviding to the Amino DHT.\n\n\u003e [!CAUTION]\n\u003e Systems with less than the recommended memory may experience instability, frequent OOM errors or restarts, and missing data announcement (reprovider window), which can make data fully or partially inaccessible to other peers. Running Kubo on underprovisioned hardware is at your own risk.\n\n### Official Prebuilt Binaries\n\nDownload from https://dist.ipfs.tech#kubo or [GitHub Releases](https://github.com/ipfs/kubo/releases/latest).\n\n### Docker\n\nOfficial images are published at https://hub.docker.com/r/ipfs/kubo/: [![Docker Image Version (latest semver)](https://img.shields.io/docker/v/ipfs/kubo?color=blue\u0026label=kubo%20docker%20image\u0026logo=docker\u0026sort=semver\u0026style=flat-square\u0026cacheSeconds=3600)](https://hub.docker.com/r/ipfs/kubo/)\n\n#### 🟢 Release Images\n\nUse these for production deployments.\n\n- `latest` and [`release`](https://hub.docker.com/r/ipfs/kubo/tags?name=release) always point at [the latest stable release](https://github.com/ipfs/kubo/releases/latest)\n- [`vN.N.N`](https://hub.docker.com/r/ipfs/kubo/tags?name=v) points at a specific [release tag](https://github.com/ipfs/kubo/releases)\n\n```console\n$ docker pull ipfs/kubo:latest\n$ docker run --rm -it --net=host ipfs/kubo:latest\n```\n\nTo [customize your node](https://docs.ipfs.tech/install/run-ipfs-inside-docker/#customizing-your-node), pass config via `-e` or mount scripts in `/container-init.d`.\n\n#### 🟠 Developer Preview Images\n\nFor internal testing, not intended for production.\n\n- [`master-latest`](https://hub.docker.com/r/ipfs/kubo/tags?name=master-latest) points at `HEAD` of [`master`](https://github.com/ipfs/kubo/commits/master/)\n- [`master-YYYY-DD-MM-GITSHA`](https://hub.docker.com/r/ipfs/kubo/tags?name=master-2) points at a specific commit\n\n#### 🔴 Internal Staging Images\n\nFor testing arbitrary commits and experimental patches (force push to `staging` branch).\n\n- [`staging-latest`](https://hub.docker.com/r/ipfs/kubo/tags?name=staging-latest) points at `HEAD` of [`staging`](https://github.com/ipfs/kubo/commits/staging/)\n- [`staging-YYYY-DD-MM-GITSHA`](https://hub.docker.com/r/ipfs/kubo/tags?name=staging-2) points at a specific commit\n\n### Build from Source\n\n![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/ipfs/kubo?label=Requires%20Go\u0026logo=go\u0026style=flat-square\u0026cacheSeconds=3600)\n\n```bash\ngit clone https://github.com/ipfs/kubo.git\ncd kubo\nmake build    # creates cmd/ipfs/ipfs\nmake install  # installs to $GOPATH/bin/ipfs\n```\n\nSee the [Developer Guide](docs/developer-guide.md) for details, Windows instructions, and troubleshooting.\n\n### Package Managers\n\nKubo is available in community-maintained packages across many operating systems, Linux distributions, and package managers. See [Repology](https://repology.org/project/kubo/versions) for the full list: [![Packaging status](https://repology.org/badge/tiny-repos/kubo.svg)](https://repology.org/project/kubo/versions)\n\n\u003e [!WARNING]\n\u003e These packages are maintained by third-party volunteers. The IPFS Project and Kubo maintainers are not responsible for their contents or supply chain security. For increased security, [build from source](#build-from-source).\n\n#### Linux\n\n| Distribution | Install | Version |\n|--------------|---------|---------|\n| Ubuntu | [PPA](https://launchpad.net/~twdragon/+archive/ubuntu/ipfs): `sudo apt install ipfs-kubo` | [![PPA: twdragon](https://img.shields.io/badge/PPA-twdragon-E95420?logo=ubuntu)](https://launchpad.net/~twdragon/+archive/ubuntu/ipfs) |\n| Arch | `pacman -S kubo` | [![Arch package](https://repology.org/badge/version-for-repo/arch/kubo.svg)](https://archlinux.org/packages/extra/x86_64/kubo/) |\n| Fedora | [COPR](https://copr.fedorainfracloud.org/coprs/taw/ipfs/): `dnf install kubo` | [![COPR: taw](https://img.shields.io/badge/COPR-taw-51A2DA?logo=fedora)](https://copr.fedorainfracloud.org/coprs/taw/ipfs/) |\n| Nix | `nix-env -i kubo` | [![nixpkgs unstable](https://repology.org/badge/version-for-repo/nix_unstable/kubo.svg)](https://search.nixos.org/packages?query=kubo) |\n| Gentoo | `emerge -a net-p2p/kubo` | [![Gentoo package](https://repology.org/badge/version-for-repo/gentoo/kubo.svg)](https://packages.gentoo.org/packages/net-p2p/kubo) |\n| openSUSE | `zypper install kubo` | [![openSUSE Tumbleweed](https://repology.org/badge/version-for-repo/opensuse_tumbleweed/kubo.svg)](https://software.opensuse.org/package/kubo) |\n| Solus | `sudo eopkg install kubo` | [![Solus package](https://repology.org/badge/version-for-repo/solus/kubo.svg)](https://packages.getsol.us/shannon/k/kubo/) |\n| Guix | `guix install kubo` | [![Guix package](https://repology.org/badge/version-for-repo/gnuguix/kubo.svg)](https://packages.guix.gnu.org/packages/kubo/) |\n| _other_ | [See Repology for the full list](https://repology.org/project/kubo/versions) | |\n\n~~Snap~~ no longer supported ([#8688](https://github.com/ipfs/kubo/issues/8688))\n\n#### macOS\n\n| Manager | Install | Version |\n|---------|---------|---------|\n| Homebrew | `brew install ipfs` | [![Homebrew](https://repology.org/badge/version-for-repo/homebrew/kubo.svg)](https://formulae.brew.sh/formula/ipfs) |\n| MacPorts | `sudo port install ipfs` | [![MacPorts](https://repology.org/badge/version-for-repo/macports/kubo.svg)](https://ports.macports.org/port/ipfs/) |\n| Nix | `nix-env -i kubo` | [![nixpkgs unstable](https://repology.org/badge/version-for-repo/nix_unstable/kubo.svg)](https://search.nixos.org/packages?query=kubo) |\n| _other_ | [See Repology for the full list](https://repology.org/project/kubo/versions) | |\n\n#### Windows\n\n| Manager | Install | Version |\n|---------|---------|---------|\n| Scoop | `scoop install kubo` | [![Scoop](https://repology.org/badge/version-for-repo/scoop/kubo.svg)](https://scoop.sh/#/apps?q=kubo) |\n| _other_ | [See Repology for the full list](https://repology.org/project/kubo/versions) | |\n\n~~Chocolatey~~ no longer supported ([#9341](https://github.com/ipfs/kubo/issues/9341))\n\n## Documentation\n\n| Topic | Description |\n|-------|-------------|\n| [Configuration](docs/config.md) | All config options reference |\n| [Environment variables](docs/environment-variables.md) | Runtime settings via env vars |\n| [Experimental features](docs/experimental-features.md) | Opt-in features in development |\n| [HTTP Gateway](docs/gateway.md) | Path, subdomain, and trustless gateway setup |\n| [HTTP RPC clients](docs/http-rpc-clients.md) | Client libraries for Go, JS |\n| [Delegated routing](docs/delegated-routing.md) | Multi-router and HTTP routing |\n| [Metrics \u0026 monitoring](docs/metrics.md) | Prometheus metrics |\n| [Content blocking](docs/content-blocking.md) | Denylist for public nodes |\n| [Customizing](docs/customizing.md) | Unsure if use Plugins, Boxo, or fork? |\n| [Debug guide](docs/debug-guide.md) | CPU profiles, memory analysis, tracing |\n| [Changelogs](docs/changelogs/) | Release notes for each version |\n| [All documentation](https://github.com/ipfs/kubo/tree/master/docs) | Full list of docs |\n\n## Development\n\nSee the [Developer Guide](docs/developer-guide.md) for build instructions, testing, and contribution workflow.\n\n## Getting Help\n\n- [IPFS Forum](https://discuss.ipfs.tech) - community support, questions, and discussion\n- [Community](https://docs.ipfs.tech/community/) - chat, events, and working groups\n- [GitHub Issues](https://github.com/ipfs/kubo/issues) - bug reports for Kubo specifically\n- [IPFS Docs Issues](https://github.com/ipfs/ipfs-docs/issues) - documentation issues\n\n## Security Issues\n\nSee [`SECURITY.md`](SECURITY.md).\n\n## Contributing\n\n[![](https://cdn.rawgit.com/jbenet/contribute-ipfs-gif/master/img/contribute.gif)](https://github.com/ipfs/community/blob/master/CONTRIBUTING.md)\n\nWe welcome contributions. See [CONTRIBUTING.md](CONTRIBUTING.md) and the [Developer Guide](docs/developer-guide.md).\n\nThis repository follows the IPFS [Code of Conduct](https://github.com/ipfs/community/blob/master/code-of-conduct.md).\n\n## Maintainer Info\n\n\u003ca href=\"https://ipshipyard.com/\"\u003e\u003cimg align=\"right\" src=\"https://github.com/user-attachments/assets/39ed3504-bb71-47f6-9bf8-cb9a1698f272\" /\u003e\u003c/a\u003e\n\n\u003e [!NOTE]\n\u003e Kubo is maintained by the [Shipyard](https://ipshipyard.com/) team.\n\u003e\n\u003e [Release Process](https://ipshipyard.notion.site/Kubo-Release-Process-6dba4f5755c9458ab5685eeb28173778)\n\n## License\n\nDual-licensed under Apache 2.0 and MIT:\n\n- [LICENSE-APACHE](LICENSE-APACHE)\n- [LICENSE-MIT](LICENSE-MIT)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fipfs%2Fkubo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fipfs%2Fkubo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fipfs%2Fkubo/lists"}