{"id":13639605,"url":"https://github.com/pushbits/server","last_synced_at":"2026-01-12T12:27:52.240Z","repository":{"id":41889209,"uuid":"282535657","full_name":"pushbits/server","owner":"pushbits","description":"A simple server for push notifications via Matrix (and a minimalistic alternative to Pushover and Gotify) 🚀📯","archived":false,"fork":false,"pushed_at":"2026-01-10T16:49:35.000Z","size":807,"stargazers_count":353,"open_issues_count":9,"forks_count":20,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-01-11T05:08:29.762Z","etag":null,"topics":["cloud","gotify","matrix-org","notifications","privacy","push-notifications","pushbits","pushnotification","pushnotifications","pushover","self-hosted","selfhosted","selfhosting"],"latest_commit_sha":null,"homepage":"https://pushbits.github.io/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pushbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-07-25T22:32:28.000Z","updated_at":"2026-01-10T16:49:39.000Z","dependencies_parsed_at":"2023-01-29T17:15:15.981Z","dependency_job_id":"cdf368a6-5ec0-4a5a-8c8a-c5db6da0a5a7","html_url":"https://github.com/pushbits/server","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/pushbits/server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushbits%2Fserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushbits%2Fserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushbits%2Fserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushbits%2Fserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pushbits","download_url":"https://codeload.github.com/pushbits/server/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushbits%2Fserver/sbom","scorecard":{"id":750261,"data":{"date":"2025-08-11","repo":{"name":"github.com/pushbits/server","commit":"aa399b6738b053f9429a3b80eddd81ecf5b0138b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Code-Review","score":1,"reason":"Found 4/26 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":5,"reason":"3 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/documentation.yml:1","Warn: no topLevel permission defined: .github/workflows/publish.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: ISC License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/documentation.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/documentation.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/pushbits/server/test.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:21: pin your Docker image by updating docker.io/library/alpine to docker.io/library/alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: npmCommand not pinned by hash: .github/workflows/documentation.yml:32","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   6 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yml:33"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.10.7 not signed: https://api.github.com/repos/pushbits/server/releases/221951670","Warn: release artifact v0.10.6 not signed: https://api.github.com/repos/pushbits/server/releases/200566397","Warn: release artifact v0.10.5 not signed: https://api.github.com/repos/pushbits/server/releases/181080733","Warn: release artifact v0.10.3 not signed: https://api.github.com/repos/pushbits/server/releases/134845752","Warn: release artifact v0.10.2 not signed: https://api.github.com/repos/pushbits/server/releases/126128955","Warn: release artifact v0.10.7 does not have provenance: https://api.github.com/repos/pushbits/server/releases/221951670","Warn: release artifact v0.10.6 does not have provenance: https://api.github.com/repos/pushbits/server/releases/200566397","Warn: release artifact v0.10.5 does not have provenance: https://api.github.com/repos/pushbits/server/releases/181080733","Warn: release artifact v0.10.3 does not have provenance: https://api.github.com/repos/pushbits/server/releases/134845752","Warn: release artifact v0.10.2 does not have provenance: https://api.github.com/repos/pushbits/server/releases/126128955"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T20:07:24.579Z","repository_id":41889209,"created_at":"2025-08-22T20:07:24.579Z","updated_at":"2025-08-22T20:07:24.579Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338976,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T12:22:26.515Z","status":"ssl_error","status_checked_at":"2026-01-12T12:22:10.856Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","gotify","matrix-org","notifications","privacy","push-notifications","pushbits","pushnotification","pushnotifications","pushover","self-hosted","selfhosted","selfhosting"],"created_at":"2024-08-02T01:01:02.526Z","updated_at":"2026-01-12T12:27:52.234Z","avatar_url":"https://github.com/pushbits.png","language":"Go","funding_links":[],"categories":["Notification","Go","Software","self-hosted"],"sub_categories":["Selfhosted","Communication - Custom Communication Systems"],"readme":"| :exclamation:  **This software is currently in alpha phase.**   |\n|-----------------------------------------------------------------|\n\n\u003cdiv align=\"center\"\u003e\n\t\u003ca href=\"https://github.com/pushbits/logo\"\u003e\n\t\t\u003cimg height=\"200px\" src=\"https://raw.githubusercontent.com/pushbits/server/master/.github/logo.png\" /\u003e\n\t\u003c/a\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\t\u003ch1\u003ePushBits\u003c/h1\u003e\n\t\u003cp align=\"center\"\u003e\u003cb\u003eReceive your important notifications immediately, over \u003ca href=\"https://matrix.org/\"\u003eMatrix\u003c/a\u003e.\u003c/b\u003e\u003c/p\u003e\n\t\u003cp\u003ePushBits enables you to send push notifications via a simple web API, and delivers them to your users.\u003c/p\u003e\n\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\n\t\u003ca href=\"https://github.com/pushbits/server/actions\"\u003e\u003cimg alt=\"Build status\" src=\"https://img.shields.io/github/actions/workflow/status/pushbits/server/test.yml?branch=main\"/\u003e\u003c/a\u003e\u0026nbsp;\n\t\u003ca href=\"https://pushbits.github.io/docs/\"\u003e\u003cimg alt=\"Documentation\" src=\"https://img.shields.io/badge/docs-online-success\"/\u003e\u003c/a\u003e\u0026nbsp;\n\t\u003ca href=\"https://pushbits.github.io/api/\"\u003e\u003cimg alt=\"API Documentation\" src=\"https://img.shields.io/badge/api docs-online-success\"/\u003e\u003c/a\u003e\u0026nbsp;\n\t\u003ca href=\"https://matrix.to/#/#pushbits:matrix.org\"\u003e\u003cimg alt=\"Matrix\" src=\"https://img.shields.io/matrix/pushbits:matrix.org\"/\u003e\u003c/a\u003e\u0026nbsp;\n\t\u003c!--\u003ca href=\"https://github.com/pushbits/server/releases/latest\"\u003e\u003cimg alt=\"Latest release\" src=\"https://img.shields.io/github/release/pushbits/server\"/\u003e\u003c/a\u003e\u0026nbsp;--\u003e\n\t\u003ca href=\"https://github.com/pushbits/server/blob/master/LICENSE\"\u003e\u003cimg alt=\"License\" src=\"https://img.shields.io/github/license/pushbits/server\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Looking for Maintainers\n\nDue to time constraints, I can no longer actively work on this project, and there is no clear timeline for when that may change.\n\nTo keep the project healthy and moving forward, I am looking for one or more maintainers. If you are interested, please open an issue describing your background and interest.\n\n## 💡\u0026nbsp;About\n\nPushBits is a relay server for push notifications.\nIt enables you to send notifications via a simple web API, and delivers them to you through [Matrix](https://matrix.org/).\nThis is similar to what [Pushover](https://pushover.net/) and [Gotify](https://gotify.net/) offer, but it does not require an additional app.\n\nThe vision is to have compatibility with Gotify on the sending side, while on the receiving side an established service is used.\nThis has the advantages that we need to maintain neither plugins (like those for [Watchtower](https://containrrr.dev/watchtower/) and [Jellyfin](https://jellyfin.org/)) nor clients.\n\n## 🤘\u0026nbsp;Features\n\n- [x] Multiple users and multiple channels (applications) per user\n- [x] Compatibility with Gotify's API for sending messages\n- [x] API and CLI for managing users and applications\n- [x] Optional check for weak passwords using [HIBP](https://haveibeenpwned.com/)\n- [x] Argon2 as KDF for password storage\n- [ ] Two-factor authentication, [issue](https://github.com/pushbits/server/issues/19)\n- [ ] Bi-directional key verification, [issue](https://github.com/pushbits/server/issues/20)\n\n## 👮\u0026nbsp;License and Acknowledgments\n\nPlease refer to [the LICENSE file](LICENSE) to learn more about the license of this code.\nIt applies only where not specified differently.\n\nThe idea for this software was inspired by [Gotify](https://gotify.net/).\n\n## 💻\u0026nbsp;Development and Contributions\n\nThe source code is located [on GitHub](https://github.com/pushbits/server).\nYou can retrieve it by checking out the repository as follows:\n```bash\ngit clone https://github.com/pushbits/server.git\n```\n\n:wrench: **Want to contribute?**\nBefore moving forward, please refer to [our contribution guidelines](CONTRIBUTING.md).\n\n:mailbox: **Found a security vulnerability?**\nCheck [this document](SECURITY.md) for information on how you can bring it to our attention.\n\n:star: **Like fancy graphs?** See [our stargazers over time](https://starchart.cc/pushbits/server).\n\n## ❓\u0026nbsp;Frequently Asked Questions (FAQ)\n\n### Why Matrix instead of X?\n\nThis project totally would've used Signal if it would offer a proper API.\nSadly, neither [Signal](https://signal.org/) nor [WhatsApp](https://www.whatsapp.com/) come with an API (at the time of writing) through which PushBits could interact.\n\nIn [Telegram](https://telegram.org/) there is an API to run bots, but these are limited in that they cannot create chats by themselves.\nIf you insist on going with Telegram, have a look at [telepush](https://github.com/muety/telepush).\n\nThe idea of a federated, synchronized but yet end-to-end encrypted protocol is awesome, but its clients simply aren't really there yet.\nStill, if you haven't tried it yet, we'd encourage you to check it out.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpushbits%2Fserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpushbits%2Fserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpushbits%2Fserver/lists"}