{"id":41108939,"url":"https://github.com/nilium/xq-api","last_synced_at":"2026-01-22T15:32:54.355Z","repository":{"id":54269107,"uuid":"134218393","full_name":"nilium/xq-api","owner":"nilium","description":"A simple HTTP-based XBPS repodata query API","archived":false,"fork":false,"pushed_at":"2021-02-28T05:07:12.000Z","size":1170,"stargazers_count":4,"open_issues_count":1,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-10T13:37:30.025Z","etag":null,"topics":["hacktoberfest","void-linux","xbps"],"latest_commit_sha":null,"homepage":"https://xbps.spiff.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nilium.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-21T04:36:03.000Z","updated_at":"2023-01-09T20:35:18.000Z","dependencies_parsed_at":"2022-08-13T10:31:13.826Z","dependency_job_id":null,"html_url":"https://github.com/nilium/xq-api","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/nilium/xq-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilium%2Fxq-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilium%2Fxq-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilium%2Fxq-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilium%2Fxq-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nilium","download_url":"https://codeload.github.com/nilium/xq-api/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilium%2Fxq-api/sbom","scorecard":{"id":687971,"data":{"date":"2025-08-11","repo":{"name":"github.com/nilium/xq-api","commit":"8d551167d8ffb0cd431cc15a209abf6d15a46cab"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: BSD 2-Clause \"Simplified\" License: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:12: pin your Docker image by updating voidlinux/voidlinux:latest to voidlinux/voidlinux:latest@sha256:26ba972f0c06beadcec4796ec3037e0bec32af4d255edb68a528bd98304c74f4","Warn: goCommand not pinned by hash: Dockerfile:10","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2021-0061 / GHSA-r88r-gmrh-7j83","Warn: Project is vulnerable to: GO-2022-0956 / GHSA-6q6q-88xp-6f2r","Warn: Project is vulnerable to: GO-2020-0036 / GHSA-wxc4-f4m6-wwqv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T01:27:34.797Z","repository_id":54269107,"created_at":"2025-08-22T01:27:34.797Z","updated_at":"2025-08-22T01:27:34.797Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28665484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T14:01:31.714Z","status":"ssl_error","status_checked_at":"2026-01-22T13:59:23.143Z","response_time":144,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","void-linux","xbps"],"created_at":"2026-01-22T15:32:53.435Z","updated_at":"2026-01-22T15:32:54.346Z","avatar_url":"https://github.com/nilium.png","language":"Go","readme":"= xq-api(8)\nNoel Cower\n:doctype: manpage\n:manmanual: XQ-API\n:mansource: XQ-API\n:man-linkstyle: pass:[blue R \u003c \u003e]\n// vim: set sw=4 ts=4 et tw=80 :\n\n== Name\n\nxq-api - serve XBPS repodata over HTTP\n\n== Synopsis\n\n`xq-api [OPTIONS] [--] \u003cREPODATA...\u003e`\n\n\n== Description\n\n*xq-api* serves XBPS repodata over HTTP, formatting its responses as JSON.\nIt loads repodata into memory prior to serving it.\n\n\n== Options\n\n`-h`, `-help`::\n    Print all CLI flags. This includes glog flags not described below that are\n    primarily used for debugging and log rotation.\n\n`-net`=_{network}_::\n    The type of network address to listen on. May be one of `unix` (Unix domain\n    socket), `tcp`, `tcp4` (IPv4 only), or `tcp6` (IPv6 only).\n    Defaults to `tcp`.\n\n`-listen`=_{addr}_::\n    The address to listen on. If `-net` is `unix`, this is a path to the Unix\n    domain socket to create.\n    Defaults to `127.0.0.1:8197`, regardless of what `-net` is.\n\n`-max-queries`=_{n}_::\n    The maximum number of query requests that can run in parallel. If more than\n    `n` query requests are made in parallel, they will block until others\n    complete.\n    Defaults to `16`.\n\n`-reload-every`=_{duration}_::\n    Reload repository data every _duration_. If the duration is zero or a\n    negative interval, automatic reloading is disabled. By default, automatic\n    reloading is disabled.\n\n`-log-access`=_{t|f}_::\n    Whether to emit access logs. Requests that get a 404, 304, or 0 response are\n    not logged. If passed without a value, `t` is assumed.\n    Defaults to `f`.\n\n`-logtostderr`=_{t|f}_::\n    Whether to log to standard error or files. If `f`, logs are written to\n    `log_dir` (below).\n    Defaults to `t`.\n\n`-alsologtostderr`=_{t|f}_::\n    Whether to log to stderr in addition to files, if `logtostderr` is `f`.\n    Defaults to `f`.\n\n`-log_dir`=_{logdir}_::\n    The directory to write log files to. Only used if `logtostderr` is `f`.\n    If `dir` cannot be used, it will fall back to the temporary directory.\n    Defaults to the temporary directory.\n\nIn addition, there are other common glog flags that are detailed in usage\noutput.\n\n\n== Signals\n\n`xq-api` responds to HUP by reloading the repodata it was given on the command\nline.\n\nAfter the server has been started, it responds to TERM and INT signals by\nattempting to gracefully shut down the server.\n\n\n== Repodata\n\nWhen passing repodata to `xq-api`, it expects to receive either a directory\ncontaining one or more repodata files or an individual repodata file. For\nexample, to serve repodata from the current machine, one can start xq-api with\nthe following (which will match the vast majority of repositories, if any are\nsynced):\n\n    $ xq-api /var/db/xbps/http*/*-repodata\n    loading repodata...\n    loading /var/db/xbps/http___alpha_de_repo_voidlinux_org_current/x86_64-repodata\n    ...\n\nAlternatively, you can pass directories:\n\n    $ xq-api /var/db/xbps/http*\n    loading repodata...\n    loading /var/db/xbps/http___alpha_de_repo_voidlinux_org_current/x86_64-repodata\n    ...\n\nSymbolic links are not followed when walking a directory to find repodata. If\nyou need this, please open an issue on \u003chttps://github.com/nilium/xq-api\u003e.\n\n\n== Responses\n\nAll responses from xq-api, with the exception of redirects, yield JSON output of\nthe form `{\"data\": \u003cRequestedThing\u003e}`, where RequestedThing is either an object\nor an array.\n\nUnexpected or invalid paths respond with 404 and an empty `{}` object.\n\n\n== Paths\n\nThe following paths are available in xq-api.\n\n[NOTE]\nAll example responses are pretty-printed for convenience. xq-api does not\npretty-print JSON.\n\n\n=== /v1/archs\n\nResponds with an array of strings identifying valid architectures for use with\nother paths.\n\n.Example\n\n[source,json]\n----\n{\n  \"data\": [\n    \"aarch64\",\n    \"aarch64-musl\",\n    \"armv6l\",\n    \"armv6l-musl\",\n    \"armv7l\",\n    \"armv7l-musl\",\n    \"i686\",\n    \"i686-musl\",\n    \"x86_64\",\n    \"x86_64-musl\"\n  ]\n}\n----\n\n=== /v1/packages/{arch}\n\nResponds with an array of strings identifying valid packages for `arch`.\n\nThe array is lexicographically ordered case-sensitively.\n\n.Parameters\n`arch`::\n    An architecture served by xq-api.\n    Valid architectures are returned from `/v1/archs`.\n\n.Example\n[source,json]\n----\n{\n  \"data\": [\n    \"0ad\",\n    \"0ad-32bit\",\n    \"0ad-data\",\n    \"2048-qt\",\n    \"2bwm\",\n    \"... EXAMPLE ELLIPSIZED ...\",\n    \"zzuf\",\n    \"zzuf-32bit\"\n  ]\n}\n----\n\n\n=== /v1/packages/{arch}/{package}\n\nResponds with an object describing the package from repodata. \n\nThis is intended to be the same as what you can see by looking up the package\nwith xbps-query(1) with some alterations:\n\n  * `pkgver` is split into `name`, `version`, and `revision` JSON fields.\n    `pkgver` itself is not served.\n\n  * Field names with hyphens in xbps-query have underscores in xq-api (such as\n    `filename_sha256`). This is for convenience when using these fields in\n    languages like Javascript.\n\n  * Timestamps are formated in RFC 3339. This is, again, for convenience in\n    working with other languages.\n\n.Parameters\n`arch`::\n    An architecture served by xq-api.\n    Valid architectures are returned from `/v1/archs`.\n\n`package`::\n    A package under `arch`.\n    Valid package names are retruend from `/v1/packages/{arch}`.\n\n.Data Fields\nAny field that is empty, zero, or false is omitted from the response as it is\nthe default value for that field.\n\nIn the list below, `[]string` is an array of strings.\n\n  * *name*: string\n  * *version*: string\n  * *revision*: integer\n  * *repository*: string\n  * *architecture*: string\n  * *build_date*: string (RFC 3339 timestamp)\n  * *build_options*: string\n  * *filename_sha256*: string\n  * *filename_size*: integer\n  * *homepage*: string (url)\n  * *installed_size*: integer\n  * *license*: string\n  * *maintainer*: string\n  * *short_desc*: string\n  * *preserve*: bool (only set if `true`)\n  * *source_revisions*: string\n  * *run_depends*: []string\n  * *shlib_requires*: []string\n  * *shlib_provides*: []string\n  * *conflicts*: []string\n  * *reverts*: []string\n  * *replaces*: []string\n  * *alternatives*:\n    map[string][]string (a map of strings to arrays of strings, such as `{\n    \"key\": [\"values\"] }`)\n  * *conf_files*: []string\n\n.Example\n[source,json]\n----\n{\n  \"data\": {\n    \"name\": \"retrap\",\n    \"version\": \"1.0.1\",\n    \"revision\": 2,\n    \"repository\": \"current\",\n    \"architecture\": \"x86_64\",\n    \"build_date\": \"2019-01-10T09:03:00Z\",\n    \"filename_sha256\": \"35eb56b97d20b04afe6bb40f471b849e4f4022d999bbbc0e4b48fc78e68ffe14\",\n    \"filename_size\": 1065888,\n    \"homepage\": \"https://github.com/nilium/retrap\",\n    \"installed_size\": 2365759,\n    \"license\": \"BSD-2-Clause\",\n    \"maintainer\": \"Noel Cower \u003cncower@gmail.com\u003e\",\n    \"short_desc\": \"Remap signals and forward them to a child process\",\n    \"run_depends\": [\n      \"glibc\u003e=2.28_1\"\n    ],\n    \"shlib_requires\": [\n      \"libpthread.so.0\",\n      \"libc.so.6\"\n    ]\n  }\n}\n----\n\n\n=== /v1/query/{arch}?q={query}\n\nResponds with an array containing packages under `arch` that match the `query`.\nThe resulting package objects contain only a subset of their full fields.\n\n.Parameters\n`arch`::\n    An architecture served by xq-api.\n    Valid architectures are returned from `/v1/archs`.\n`query`::\n    A query string to filter results by. Only `pkgver` (the combination of\n    `name`, `version`, and `revison`) and `short_desc` are searched. If empty,\n    all packages are returned.\n\n.Data Fields\n\n  * *name*: string\n  * *version*: string\n  * *revision*: integer\n  * *filename_size*: integer (bytes)\n  * *repository*: string (omitted if empty)\n  * *short_desc*: string (omitted if empty)\n\n.Example\n[source,json]\n----\n{\n  \"data\": [\n    {\n      \"name\": \"retrap\",\n      \"version\": \"1.0.1\",\n      \"revision\": 2,\n      \"filename_size\": 1065888,\n      \"repository\": \"current\",\n      \"short_desc\": \"Remap signals and forward them to a child process\"\n    }\n  ]\n}\n----\n\n\n== Building xq-api\n\nTo build xq-api, you can use make:\n\n    $ make xq-api\n\nAnd to build the manpage:\n\n    $ make xq-api.8\n\nOr, to build both:\n\n    $ make\n\nOtherwise, to build xq-api with the Go tool from within the source tree:\n\n    $ go build go.spiff.io/xq-api\n\n\n== Reporting Issues\n\nIf you encounter a bug in xq-api, or want to request a feature or something\nelse, please open an issue on the project website if one doesn't already exist:\n\u003chttps://github.com/nilium/xq-api\u003e.\n\nYou can also submit pull requests through the project site.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnilium%2Fxq-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnilium%2Fxq-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnilium%2Fxq-api/lists"}