{"id":20388230,"url":"https://github.com/libp2p/go-libp2p-pubsub","last_synced_at":"2026-04-24T01:08:47.113Z","repository":{"id":10976643,"uuid":"67872529","full_name":"libp2p/go-libp2p-pubsub","owner":"libp2p","description":"The PubSub implementation for go-libp2p","archived":false,"fork":false,"pushed_at":"2026-04-18T02:51:14.000Z","size":1774,"stargazers_count":358,"open_issues_count":100,"forks_count":210,"subscribers_count":38,"default_branch":"master","last_synced_at":"2026-04-18T08:04:26.556Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://github.com/libp2p/specs/tree/master/pubsub","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/libp2p.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-09-10T13:26:37.000Z","updated_at":"2026-04-17T23:25:21.000Z","dependencies_parsed_at":"2023-01-13T16:16:06.717Z","dependency_job_id":"3e4fd1fe-d413-4583-80b0-09fbe3f36380","html_url":"https://github.com/libp2p/go-libp2p-pubsub","commit_stats":{"total_commits":947,"total_committers":72,"mean_commits":"13.152777777777779","dds":"0.48891235480464623","last_synced_commit":"c06df2f9a38e9382e644b241adf0e96e5ca00955"},"previous_names":["libp2p/go-floodsub"],"tags_count":139,"template":false,"template_full_name":null,"purl":"pkg:github/libp2p/go-libp2p-pubsub","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libp2p%2Fgo-libp2p-pubsub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libp2p%2Fgo-libp2p-pubsub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libp2p%2Fgo-libp2p-pubsub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libp2p%2Fgo-libp2p-pubsub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/libp2p","download_url":"https://codeload.github.com/libp2p/go-libp2p-pubsub/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libp2p%2Fgo-libp2p-pubsub/sbom","scorecard":{"id":588062,"data":{"date":"2025-08-11","repo":{"name":"github.com/libp2p/go-libp2p-pubsub","commit":"abb8f8a2cd5aee610e16de66d63cd539a353e166"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.8,"checks":[{"name":"Maintained","score":9,"reason":"10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":8,"reason":"Found 25/30 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/go-check.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/go-test.yml:11","Warn: no topLevel permission defined: .github/workflows/label-syncer.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-check.yml:10","Warn: topLevel 'contents' permission set to 'write': .github/workflows/releaser.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/tagpush.yml:9","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/generated-pr.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/generated-pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-check.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/go-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/go-test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-syncer.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/label-syncer.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-syncer.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/label-syncer.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-check.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/release-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/releaser.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/releaser.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/stale.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tagpush.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/libp2p/go-libp2p-pubsub/tagpush.yml/master?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   8 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: gossipsub_test.go:2571"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3748 / GHSA-f26w-gh5m-qq77","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T21:06:17.142Z","repository_id":10976643,"created_at":"2025-08-20T21:06:17.142Z","updated_at":"2025-08-20T21:06:17.142Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32204712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T00:06:41.111Z","status":"ssl_error","status_checked_at":"2026-04-24T00:06:35.224Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T03:08:10.014Z","updated_at":"2026-04-24T01:08:47.096Z","avatar_url":"https://github.com/libp2p.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# go-libp2p-pubsub\n\n\u003cp align=\"left\"\u003e\n  \u003ca href=\"http://protocol.ai\"\u003e\u003cimg src=\"https://img.shields.io/badge/made%20by-Protocol%20Labs-blue.svg?style=flat-square\" /\u003e\u003c/a\u003e\n  \u003ca href=\"http://libp2p.io/\"\u003e\u003cimg src=\"https://img.shields.io/badge/project-libp2p-yellow.svg?style=flat-square\" /\u003e\u003c/a\u003e\n  \u003ca href=\"http://webchat.freenode.net/?channels=%23libp2p\"\u003e\u003cimg src=\"https://img.shields.io/badge/freenode-%23libp2p-yellow.svg?style=flat-square\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://discuss.libp2p.io\"\u003e\u003cimg src=\"https://img.shields.io/discourse/https/discuss.libp2p.io/posts.svg?style=flat-square\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"left\"\u003e\n  \u003ca href=\"https://codecov.io/gh/libp2p/go-libp2p-pubsub\"\u003e\u003cimg src=\"https://codecov.io/gh/libp2p/go-libp2p-pubsub/branch/master/graph/badge.svg\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://goreportcard.com/report/github.com/libp2p/go-libp2p-pubsub\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/libp2p/go-libp2p-pubsub\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/RichardLitt/standard-readme\"\u003e\u003cimg src=\"https://img.shields.io/badge/readme%20style-standard-brightgreen.svg?style=flat-square\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://godoc.org/github.com/libp2p/go-libp2p-pubsub\"\u003e\u003cimg src=\"http://img.shields.io/badge/godoc-reference-5272B4.svg?style=flat-square\" /\u003e\u003c/a\u003e\n  \u003ca href=\"\"\u003e\u003cimg src=\"https://img.shields.io/badge/golang-%3E%3D1.14.0-orange.svg?style=flat-square\" /\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/p\u003e\n\nThis repo contains the canonical pubsub implementation for libp2p. We currently provide three message router options:\n- Floodsub, which is the baseline flooding protocol.\n- Randomsub, which is a simple probabilistic router that propagates to random subsets of peers.\n- Gossipsub, which is a more advanced router with mesh formation and gossip propagation. See [spec](https://github.com/libp2p/specs/tree/master/pubsub/gossipsub) and  [implementation](https://github.com/libp2p/go-libp2p-pubsub/blob/master/gossipsub.go) for more details.\n\n\n## Repo Lead Maintainer\n\n[@vyzo](https://github.com/vyzo/)\n\n\u003e This repo follows the [Repo Lead Maintainer Protocol](https://github.com/ipfs/team-mgmt/blob/master/LEAD_MAINTAINER_PROTOCOL.md)\n\n## Table of Contents\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Install](#install)\n- [Usage](#usage)\n- [Example](#example)\n- [Documentation](#documentation)\n- [Tracing](#tracing)\n- [Contribute](#contribute)\n- [License](#license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Install\n\n```\ngo get github.com/libp2p/go-libp2p-pubsub\n```\n\n## Usage\n\nTo be used for messaging in p2p instrastructure (as part of libp2p) such as IPFS, Ethereum, other blockchains, etc.\n\n### Example\n\nhttps://github.com/libp2p/go-libp2p/tree/master/examples/pubsub\n\n## Documentation\n\nSee the [libp2p specs](https://github.com/libp2p/specs/tree/master/pubsub) for high level documentation and [godoc](https://godoc.org/github.com/libp2p/go-libp2p-pubsub) for API documentation.\n\n### In this repo, you will find\n\n```\n.\n├── LICENSE\n├── README.md\n# Regular Golang repo set up\n├── codecov.yml\n├── pb\n├── go.mod\n├── go.sum\n├── doc.go\n# PubSub base\n├── pubsub.go\n├── blacklist.go\n├── notify.go\n├── comm.go\n├── discovery.go\n├── sign.go\n├── subscription.go\n├── topic.go\n├── trace.go\n├── tracer.go\n├── validation.go\n# Floodsub router\n├── floodsub.go\n# Randomsub router\n├── randomsub.go\n# Gossipsub router\n├── gossipsub.go\n├── score.go\n├── score_params.go\n└── mcache.go\n```\n\n### Tracing\n\nThe pubsub system supports _tracing_, which collects all events pertaining to the internals of the system. This allows you to recreate the complete message flow and state of the system for analysis purposes.\n\nTo enable tracing, instantiate the pubsub system using the `WithEventTracer` option; the option accepts a tracer with three available implementations in-package (trace to json, pb, or a remote peer).\nIf you want to trace using a remote peer, you can do so using the `traced` daemon from [go-libp2p-pubsub-tracer](https://github.com/libp2p/go-libp2p-pubsub-tracer). The package also includes a utility program, `tracestat`, for analyzing the traces collected by the daemon.\n\nFor instance, to capture the trace as a json file, you can use the following option:\n```go\ntracer, err := pubsub.NewJSONTracer(\"/path/to/trace.json\")\nif err != nil {\n  panic(err)\n}\n\npubsub.NewGossipSub(..., pubsub.WithEventTracer(tracer))\n```\n\nTo capture the trace as a protobuf, you can use the following option:\n```go\ntracer, err := pubsub.NewPBTracer(\"/path/to/trace.pb\")\nif err != nil {\n  panic(err)\n}\n\npubsub.NewGossipSub(..., pubsub.WithEventTracer(tracer))\n```\n\nFinally, to use the remote tracer, you can use the following incantations:\n```go\n// assuming that your tracer runs in x.x.x.x and has a peer ID of QmTracer\npi, err := peer.AddrInfoFromP2pAddr(ma.StringCast(\"/ip4/x.x.x.x/tcp/4001/p2p/QmTracer\"))\nif err != nil {\n  panic(err)\n}\n\ntracer, err := pubsub.NewRemoteTracer(ctx, host, pi)\nif err != nil {\n  panic(err)\n}\n\nps, err := pubsub.NewGossipSub(..., pubsub.WithEventTracer(tracer))\n```\n\n## Contribute\n\nContributions welcome. Please check out [the issues](https://github.com/libp2p/go-libp2p-pubsub/issues).\n\nCheck out our [contributing document](https://github.com/libp2p/community/blob/master/contributing.md) for more information on how we work, and about contributing in general. Please be aware that all interactions related to multiformats are subject to the IPFS [Code of Conduct](https://github.com/ipfs/community/blob/master/code-of-conduct.md).\n\nSmall note: If editing the README, please conform to the [standard-readme](https://github.com/RichardLitt/standard-readme) specification.\n\n## License\n\nThe go-libp2p-pubsub project is dual-licensed under Apache 2.0 and MIT terms:\n\n- Apache License, Version 2.0, ([LICENSE-APACHE](./LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)\n- MIT license ([LICENSE-MIT](./LICENSE-MIT) or http://opensource.org/licenses/MIT)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibp2p%2Fgo-libp2p-pubsub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flibp2p%2Fgo-libp2p-pubsub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibp2p%2Fgo-libp2p-pubsub/lists"}