{"id":13441792,"url":"https://github.com/mobile-shell/mosh","last_synced_at":"2025-10-03T23:59:05.022Z","repository":{"id":1293475,"uuid":"1234783","full_name":"mobile-shell/mosh","owner":"mobile-shell","description":"Mobile Shell","archived":false,"fork":false,"pushed_at":"2024-07-17T12:43:50.000Z","size":2727,"stargazers_count":12940,"open_issues_count":203,"forks_count":754,"subscribers_count":215,"default_branch":"master","last_synced_at":"2025-05-20T20:09:19.251Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://mosh.org","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mobile-shell.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-01-09T09:41:02.000Z","updated_at":"2025-05-20T16:16:49.000Z","dependencies_parsed_at":"2023-07-06T05:56:12.510Z","dependency_job_id":"724d4e38-f625-4fe2-a6a4-0b25f3c18541","html_url":"https://github.com/mobile-shell/mosh","commit_stats":{"total_commits":1440,"total_committers":80,"mean_commits":18.0,"dds":0.51875,"last_synced_commit":"1105d481bb9143dad43adf768f58da7b029fd39c"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/mobile-shell/mosh","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobile-shell%2Fmosh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobile-shell%2Fmosh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobile-shell%2Fmosh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobile-shell%2Fmosh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mobile-shell","download_url":"https://codeload.github.com/mobile-shell/mosh/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobile-shell%2Fmosh/sbom","scorecard":{"id":655367,"data":{"date":"2025-08-11","repo":{"name":"github.com/mobile-shell/mosh","commit":"1105d481bb9143dad43adf768f58da7b029fd39c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.1,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":8,"reason":"Found 16/18 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":7,"reason":"0 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/cifuzz.yml:1","Warn: no topLevel permission defined: .github/workflows/clang-format.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/ci.yml:33","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cifuzz.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/cifuzz.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cifuzz.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/cifuzz.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cifuzz.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/cifuzz.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang-format.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/clang-format.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/clang-format.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/clang-format.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/mobile-shell/mosh/release.yml/master?enable=pin","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   4 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: CppLibFuzzer integration found: src/fuzz/terminal_fuzzer.cc:7","Info: CppLibFuzzer integration found: src/fuzz/terminal_parser_fuzzer.cc:6","Info: CppLibFuzzer integration found: src/fuzz/terminal_fuzzer.cc:7","Info: CppLibFuzzer integration found: src/fuzz/terminal_parser_fuzzer.cc:6"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact mosh-1.4.0 not signed: https://api.github.com/repos/mobile-shell/mosh/releases/81139334","Warn: release artifact mosh-1.3.2.95rc2 not signed: https://api.github.com/repos/mobile-shell/mosh/releases/81134486","Warn: release artifact mosh-1.3.2.95rc1 not signed: https://api.github.com/repos/mobile-shell/mosh/releases/73706426","Warn: release artifact mosh-1.3.2 not signed: https://api.github.com/repos/mobile-shell/mosh/releases/7131587","Warn: release artifact mosh-1.3.1-rc3 not signed: https://api.github.com/repos/mobile-shell/mosh/releases/7103040","Warn: release artifact mosh-1.4.0 does not have provenance: https://api.github.com/repos/mobile-shell/mosh/releases/81139334","Warn: release artifact mosh-1.3.2.95rc2 does not have provenance: https://api.github.com/repos/mobile-shell/mosh/releases/81134486","Warn: release artifact mosh-1.3.2.95rc1 does not have provenance: https://api.github.com/repos/mobile-shell/mosh/releases/73706426","Warn: release artifact mosh-1.3.2 does not have provenance: https://api.github.com/repos/mobile-shell/mosh/releases/7131587","Warn: release artifact mosh-1.3.1-rc3 does not have provenance: https://api.github.com/repos/mobile-shell/mosh/releases/7103040"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T14:30:18.272Z","repository_id":1293475,"created_at":"2025-08-21T14:30:18.272Z","updated_at":"2025-08-21T14:30:18.272Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278245388,"owners_count":25955016,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-03T02:00:06.070Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T03:01:38.092Z","updated_at":"2025-10-03T23:59:05.002Z","avatar_url":"https://github.com/mobile-shell.png","language":"C++","readme":"[![ci](https://github.com/mobile-shell/mosh/actions/workflows/ci.yml/badge.svg)](https://github.com/mobile-shell/mosh/actions/workflows/ci.yml)\n\nMosh: the mobile shell\n======================\n\nMosh is a remote terminal application that supports intermittent\nconnectivity, allows roaming, and provides speculative local echo\nand line editing of user keystrokes.\n\nIt aims to support the typical interactive uses of SSH, plus:\n\n   * Mosh keeps the session alive if the client goes to sleep and\n     wakes up later, or temporarily loses its Internet connection.\n\n   * Mosh allows the client and server to \"roam\" and change IP\n     addresses, while keeping the connection alive. Unlike SSH, Mosh\n     can be used while switching between Wi-Fi networks or from Wi-Fi\n     to cellular data to wired Ethernet.\n\n   * The Mosh client runs a predictive model of the server's behavior\n     in the background and tries to guess intelligently how each\n     keystroke will affect the screen state. When it is confident in\n     its predictions, it will show them to the user while waiting for\n     confirmation from the server. Most typing and uses of the left-\n     and right-arrow keys can be echoed immediately.\n\n     As a result, Mosh is usable on high-latency links, e.g. on a\n     cellular data connection or spotty Wi-Fi. In distinction from\n     previous attempts at local echo modes in other protocols, Mosh\n     works properly with full-screen applications such as emacs, vi,\n     alpine, and irssi, and automatically recovers from occasional\n     prediction errors within an RTT. On high-latency links, Mosh\n     underlines its predictions while they are outstanding and removes\n     the underline when they are confirmed by the server.\n\nMosh does not support X forwarding or the non-interactive uses of SSH,\nincluding port forwarding.\n\nOther features\n--------------\n\n   * Mosh adjusts its frame rate so as not to fill up network queues\n     on slow links, so \"Control-C\" always works within an RTT to halt\n     a runaway process.\n\n   * Mosh warns the user when it has not heard from the server\n     in a while.\n\n   * Mosh supports lossy links that lose a significant fraction\n     of their packets.\n\n   * Mosh handles some Unicode edge cases better than SSH and existing\n     terminal emulators by themselves, but requires a UTF-8\n     environment to run.\n\n   * Mosh leverages SSH to set up the connection and authenticate\n     users. Mosh does not contain any privileged (root) code.\n\nGetting Mosh\n------------\n\n  [The Mosh web site](https://mosh.org/#getting) has information about\n  packages for many operating systems, as well as instructions for building\n  from source.\n\n  Note that `mosh-client` receives an AES session key as an environment\n  variable.  If you are porting Mosh to a new operating system, please make\n  sure that a running process's environment variables are not readable by other\n  users.  We have confirmed that this is the case on GNU/Linux, OS X, and\n  FreeBSD.\n\nUsage\n-----\n\n  The `mosh-client` binary must exist on the user's machine, and the\n  `mosh-server` binary on the remote host.\n\n  The user runs:\n\n    $ mosh [user@]host\n\n  If the `mosh-client` or `mosh-server` binaries live outside the user's\n  `$PATH`, `mosh` accepts the arguments `--client=PATH` and `--server=PATH` to\n  select alternate locations. More options are documented in the mosh(1) manual\n  page.\n\n  There are [more examples](https://mosh.org/#usage) and a\n  [FAQ](https://mosh.org/#faq) on the Mosh web site.\n\nHow it works\n------------\n\n  The `mosh` program will SSH to `user@host` to establish the connection.\n  SSH may prompt the user for a password or use public-key\n  authentication to log in.\n\n  From this point, `mosh` runs the `mosh-server` process (as the user)\n  on the server machine. The server process listens on a high UDP port\n  and sends its port number and an AES-128 secret key back to the\n  client over SSH. The SSH connection is then shut down and the\n  terminal session begins over UDP.\n\n  If the client changes IP addresses, the server will begin sending\n  to the client on the new IP address within a few seconds.\n\n  To function, Mosh requires UDP datagrams to be passed between client\n  and server. By default, `mosh` uses a port number between 60000 and\n  61000, but the user can select a particular port with the -p option.\n  Please note that the -p option has no effect on the port used by SSH.\n\nAdvice to distributors\n----------------------\n\nA note on compiler flags: Mosh is security-sensitive code. When making\nautomated builds for a binary package, we recommend passing the option\n`--enable-compile-warnings=error` to `./configure`. On GNU/Linux with\n`g++` or `clang++`, the package should compile cleanly with\n`-Werror`. Please report a bug if it doesn't.\n\nWhere available, Mosh builds with a variety of binary hardening flags\nsuch as `-fstack-protector-all`, `-D_FORTIFY_SOURCE=2`, etc.  These\nprovide proactive security against the possibility of a memory\ncorruption bug in Mosh or one of the libraries it uses.  For a full\nlist of flags, search for `HARDEN` in `configure.ac`.  The `configure`\nscript detects which flags are supported by your compiler, and enables\nthem automatically.  To disable this detection, pass\n`--disable-hardening` to `./configure`.  Please report a bug if you\nhave trouble with the default settings; we would like as many users as\npossible to be running a configuration as secure as possible.\n\nMosh ships with a default optimization setting of `-O2`. Some\ndistributors have asked about changing this to `-Os` (which causes a\ncompiler to prefer space optimizations to time optimizations). We have\nbenchmarked with the included `src/examples/benchmark` program to test\nthis. The results are that `-O2` is 40% faster than `-Os` with g++ 4.6\non GNU/Linux, and 16% faster than `-Os` with clang++ 3.1 on Mac OS\nX. In both cases, `-Os` did produce a smaller binary (by up to 40%,\nsaving almost 200 kilobytes on disk). While Mosh is not especially CPU\nintensive and mostly sits idle when the user is not typing, we think\nthe results suggest that `-O2` (the default) is preferable.\n\nOur Debian and Fedora packaging presents Mosh as a single package.\nMosh has a Perl dependency that is only required for client use.  For\nsome platforms, it may make sense to have separate mosh-server and\nmosh-client packages to allow mosh-server usage without Perl.\n\nNotes for developers\n--------------------\n\nTo start contributing to Mosh, install the following dependencies:\n\nDebian, Windows Subsystem for Linux:\n\n```\n$ sudo apt install -y build-essential protobuf-compiler \\\n    libprotobuf-dev pkg-config libutempter-dev zlib1g-dev libncurses5-dev \\\n    libssl-dev bash-completion tmux less\n```\n\nMacOS:\n\n```\n$ brew install protobuf automake\n```\n\nOnce you have forked the repository, run the following to build and test Mosh:\n\n```\n$ ./autogen.sh\n$ ./configure\n$ make\n$ make check\n```\n\nMosh supports producing code coverage reports by tests, but this feature is\ndisabled by default. To enable it, make sure `lcov` is installed on your\nsystem. Then, configure and run tests:\n\n```\n$ ./configure --enable-code-coverage\n$ make check-code-coverage\n```\n\nThis will run all tests and produce a coverage report in HTML form that can be\nopened with your favorite browser. Ideally, newly added code should strive for\n90% (or better) incremental test coverage.\n\nMore info\n---------\n\n  * Mosh Web site:\n\n    \u003chttps://mosh.org\u003e\n\n  * `mosh-devel@mit.edu` mailing list:\n\n    \u003chttps://mailman.mit.edu/mailman/listinfo/mosh-devel\u003e\n\n  * `mosh-users@mit.edu` mailing list:\n\n    \u003chttps://mailman.mit.edu/mailman/listinfo/mosh-users\u003e\n\n  * `#mosh` channel on [Libera Chat](https://libera.chat/)\n\n    https://web.libera.chat/#mosh\n","funding_links":[],"categories":["C++","Terminal Emulation Applications","Applications","\u003ca name=\"cpp\"\u003e\u003c/a\u003eC++","Uncategorized","Ports and Programs","HarmonyOS"],"sub_categories":["Fish","Utilities","Uncategorized","Network Tools","Windows Manager"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobile-shell%2Fmosh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmobile-shell%2Fmosh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobile-shell%2Fmosh/lists"}