{"id":13603925,"url":"https://github.com/pkgconf/pkgconf","last_synced_at":"2026-02-19T08:01:13.506Z","repository":{"id":3150331,"uuid":"4180110","full_name":"pkgconf/pkgconf","owner":"pkgconf","description":"package compiler and linker metadata toolkit","archived":false,"fork":false,"pushed_at":"2026-02-14T20:37:05.000Z","size":2176,"stargazers_count":611,"open_issues_count":8,"forks_count":134,"subscribers_count":14,"default_branch":"master","last_synced_at":"2026-02-15T03:49:01.721Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pkgconf.png","metadata":{"files":{"readme":"README.md","changelog":"NEWS","contributing":null,"funding":".github/FUNDING.yml","license":"COPYING","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"open_collective":"pkgconf"}},"created_at":"2012-04-30T05:28:36.000Z","updated_at":"2026-02-14T19:24:20.000Z","dependencies_parsed_at":"2023-11-22T19:26:01.106Z","dependency_job_id":"d1588540-9899-4314-b2ae-e0ba0647fe56","html_url":"https://github.com/pkgconf/pkgconf","commit_stats":{"total_commits":1372,"total_committers":65,"mean_commits":"21.107692307692307","dds":"0.17128279883381925","last_synced_commit":"78f3abc9359cbe08258c381445b445206b2a0485"},"previous_names":[],"tags_count":97,"template":false,"template_full_name":null,"purl":"pkg:github/pkgconf/pkgconf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgconf%2Fpkgconf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgconf%2Fpkgconf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgconf%2Fpkgconf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgconf%2Fpkgconf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pkgconf","download_url":"https://codeload.github.com/pkgconf/pkgconf/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkgconf%2Fpkgconf/sbom","scorecard":{"id":397708,"data":{"date":"2025-08-11","repo":{"name":"github.com/pkgconf/pkgconf","commit":"de3ffe21cfa4026175f5b7212473ce10e2d59485"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.4,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 4/22 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release-tarballs.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tarballs.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/release-tarballs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/pkgconf/pkgconf/test.yml/master?enable=pin","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 12 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T19:24:40.432Z","repository_id":3150331,"created_at":"2025-08-18T19:24:40.433Z","updated_at":"2025-08-18T19:24:40.433Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29608152,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T06:47:36.664Z","status":"ssl_error","status_checked_at":"2026-02-19T06:45:47.551Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T19:00:36.637Z","updated_at":"2026-02-19T08:01:13.485Z","avatar_url":"https://github.com/pkgconf.png","language":"C","funding_links":["https://opencollective.com/pkgconf"],"categories":["C","others"],"sub_categories":[],"readme":"# pkgconf [![test](https://github.com/pkgconf/pkgconf/actions/workflows/test.yml/badge.svg)](https://github.com/pkgconf/pkgconf/actions/workflows/test.yml)\n\n`pkgconf` is a program which helps to configure compiler and linker flags for\ndevelopment libraries.  It is a superset of the functionality provided by\npkg-config from freedesktop.org, but does not provide bug-compatibility with\nthe original pkg-config.\n\n`libpkgconf` is a library which provides access to most of `pkgconf`'s functionality, \nto allow other tooling such as compilers and IDEs to discover and use libraries \nconfigured by pkgconf.\n\n## release tarballs\n\nRelease tarballs are available on [distfiles.ariadne.space][distfiles].\n\n   [distfiles]: https://distfiles.ariadne.space/pkgconf/\n\n## build system setup\n\nIf you would like to use the git sources directly, or a snapshot of the\nsources from GitHub, you will need to regenerate the autotools build\nsystem artifacts yourself, or use Meson instead.  For example, on Alpine:\n\n    $ apk add autoconf automake libtool build-base\n    $ sh ./autogen.sh\n\n## pkgconf-lite\n\nIf you only need the original pkg-config functionality, there is also pkgconf-lite,\nwhich builds the `pkgconf` frontend and relevant portions of `libpkgconf` functionality\ninto a single binary:\n\n    $ make -f Makefile.lite\n\n## why `pkgconf` over original `pkg-config`?\n\npkgconf builds a flattened directed dependency graph, which allows for more insight\ninto relationships between dependencies, allowing for some link-time dependency\noptimization, which allows for the user to more conservatively link their binaries,\nwhich may be helpful in some environments, such as when prelink(1) is being used.\n\nThe solver is also optimized to handle large dependency graphs with hundreds of\nthousands of edges, which can be seen in any project using the Abseil frameworks\nfor example.\n\nIn addition, pkgconf has full support for virtual packages, while the original\npkg-config does not, as well as fully supporting `Conflicts` at dependency\nresolution time, which is more efficient than checking for `Conflicts` while\nwalking the dependency graph.\n\n## linker flags optimization\n\npkgconf, when used effectively, can make optimizations to avoid overlinking binaries.\n\nThis functionality depends on the pkg-config module properly declaring its dependency\ntree instead of using `Libs` and `Cflags` fields to directly link against other modules\nwhich have pkg-config metadata files installed.\n\nThe practice of using `Libs` and `Cflags` to describe unrelated dependencies is\nnot recommended in [Dan Nicholson's pkg-config tutorial][fd-tut] for this reason.\n\n   [fd-tut]: http://people.freedesktop.org/~dbn/pkg-config-guide.html\n\n## bug compatibility with original pkg-config\n\nIn general, we do not provide bug-level compatibility with pkg-config.\n\nWhat that means is, if you feel that there is a legitimate regression versus pkg-config,\ndo let us know, but also make sure that the .pc files are valid and follow the rules of\nthe [pkg-config tutorial][fd-tut], as most likely fixing them to follow the specified\nrules will solve the problem.\n\n## debug output\n\nPlease use only the stable interfaces to query pkg-config.  Do not screen-scrape the\noutput from `--debug`: this is sent to `stderr` for a reason, it is not intended to be\nscraped.  The `--debug` output is **not** a stable interface, and should **never** be\ndepended on as a source of information.  If you need a stable interface to query pkg-config\nwhich is not covered, please get in touch.\n\n## compiling `pkgconf` and `libpkgconf` on UNIX\n\npkgconf is basically compiled the same way any other autotools-based project is\ncompiled:\n\n    $ ./configure\n    $ make\n    $ sudo make install\n\nIf you are installing pkgconf into a custom prefix, such as `/opt/pkgconf`, you will\nlikely want to define the default system includedir and libdir for your toolchain.\nTo do this, use the `--with-system-includedir` and `--with-system-libdir` configure\nflags like so:\n\n    $ ./configure \\\n         --prefix=/opt/pkgconf \\\n         --with-system-libdir=/lib:/usr/lib \\\n         --with-system-includedir=/usr/include\n    $ make\n    $ sudo make install\n\n## compiling `pkgconf` and `libpkgconf` with Meson (usually for Windows)\n\npkgconf is compiled using [Meson](https://mesonbuild.com) on Windows. In theory, you could also use\nMeson to build on UNIX, but this is not recommended at this time as pkgconf is typically built\nmuch earlier than Meson.\n\n    $ meson setup build -Dtests=disabled\n    $ meson compile -C build\n    $ meson install -C build\n\nThere are a few defines such as `SYSTEM_LIBDIR`, `PKGCONFIGDIR` and `SYSTEM_INCLUDEDIR`.\nHowever, on Windows, the default `PKGCONFIGDIR` value is usually overridden at runtime based\non path relocation.\n\n## pkg-config symlink\n\nIf you want pkgconf to be used when you invoke `pkg-config`, you should install a\nsymlink for this.  We do not do this for you, as we believe it is better for vendors\nto make this determination themselves.\n\n    $ ln -sf pkgconf /usr/bin/pkg-config\n\n## contacts\n\nYou can report bugs at \u003chttps://github.com/pkgconf/pkgconf/issues\u003e.\n\nThere is a mailing list at \u003chttps://lists.sr.ht/~kaniini/pkgconf\u003e.\n\nYou can contact us via IRC at `#pkgconf` at `irc.oftc.net`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpkgconf%2Fpkgconf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpkgconf%2Fpkgconf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpkgconf%2Fpkgconf/lists"}