{"id":13412232,"url":"https://github.com/r-darwish/topgrade","last_synced_at":"2025-09-28T19:31:28.883Z","repository":{"id":37336640,"uuid":"135351354","full_name":"r-darwish/topgrade","owner":"r-darwish","description":"Upgrade everything","archived":true,"fork":false,"pushed_at":"2022-10-12T12:04:33.000Z","size":3084,"stargazers_count":3330,"open_issues_count":67,"forks_count":158,"subscribers_count":34,"default_branch":"master","last_synced_at":"2025-07-03T08:53:47.318Z","etag":null,"topics":["automation","package-manager","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/r-darwish.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-29T20:48:02.000Z","updated_at":"2025-06-25T08:05:31.000Z","dependencies_parsed_at":"2022-07-11T22:31:06.671Z","dependency_job_id":null,"html_url":"https://github.com/r-darwish/topgrade","commit_stats":null,"previous_names":[],"tags_count":135,"template":false,"template_full_name":null,"purl":"pkg:github/r-darwish/topgrade","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-darwish%2Ftopgrade","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-darwish%2Ftopgrade/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-darwish%2Ftopgrade/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-darwish%2Ftopgrade/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/r-darwish","download_url":"https://codeload.github.com/r-darwish/topgrade/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-darwish%2Ftopgrade/sbom","scorecard":{"id":756720,"data":{"date":"2025-08-11","repo":{"name":"github.com/r-darwish/topgrade","commit":"cc7e607a1ab8389a2cc8ab63d442cdeda8b8f0ff"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Code-Review","score":2,"reason":"Found 8/30 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cross.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cross.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cross.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cross.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cross.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cross.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cross.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cross.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release-cross.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/r-darwish/topgrade/release.yml/master?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  19 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/release-cross.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v9.0.1 not signed: https://api.github.com/repos/r-darwish/topgrade/releases/68075180","Warn: release artifact v9.0.0 not signed: https://api.github.com/repos/r-darwish/topgrade/releases/66894027","Warn: release artifact v8.3.1 not signed: https://api.github.com/repos/r-darwish/topgrade/releases/64138280","Warn: release artifact v8.3.0 not signed: https://api.github.com/repos/r-darwish/topgrade/releases/62622259","Warn: release artifact v8.2.0 not signed: https://api.github.com/repos/r-darwish/topgrade/releases/57814708","Warn: release artifact v9.0.1 does not have provenance: https://api.github.com/repos/r-darwish/topgrade/releases/68075180","Warn: release artifact v9.0.0 does not have provenance: https://api.github.com/repos/r-darwish/topgrade/releases/66894027","Warn: release artifact v8.3.1 does not have provenance: https://api.github.com/repos/r-darwish/topgrade/releases/64138280","Warn: release artifact v8.3.0 does not have provenance: https://api.github.com/repos/r-darwish/topgrade/releases/62622259","Warn: release artifact v8.2.0 does not have provenance: https://api.github.com/repos/r-darwish/topgrade/releases/57814708"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"28 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2021-0145 / GHSA-g98v-hv3f-hcfr","Warn: Project is vulnerable to: RUSTSEC-2024-0375","Warn: Project is vulnerable to: RUSTSEC-2022-0078 / GHSA-f85w-wvc7-crwc","Warn: Project is vulnerable to: RUSTSEC-2020-0159","Warn: Project is vulnerable to: RUSTSEC-2024-0388","Warn: Project is vulnerable to: RUSTSEC-2023-0035 / GHSA-qvc4-78gw-pv8p","Warn: Project is vulnerable to: RUSTSEC-2023-0034 / GHSA-f8vr-r385-rh5r","Warn: Project is vulnerable to: RUSTSEC-2024-0003 / GHSA-8r5v-vm4m-4g25","Warn: Project is vulnerable to: RUSTSEC-2024-0332 / GHSA-q6cp-qfwq-4gcv","Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq","Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7","Warn: Project is vulnerable to: RUSTSEC-2024-0370","Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr","Warn: Project is vulnerable to: RUSTSEC-2025-0010","Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6","Warn: Project is vulnerable to: RUSTSEC-2025-0009","Warn: Project is vulnerable to: GHSA-c86p-w88r-qvqr","Warn: Project is vulnerable to: RUSTSEC-2024-0336","Warn: Project is vulnerable to: RUSTSEC-2018-0017","Warn: Project is vulnerable to: RUSTSEC-2020-0071 / GHSA-wcg3-cvx6-7396","Warn: Project is vulnerable to: RUSTSEC-2023-0001 / GHSA-7rrj-xr53-82p7","Warn: Project is vulnerable to: RUSTSEC-2023-0005 / GHSA-4q83-7cq4-p6wg","Warn: Project is vulnerable to: GHSA-rr8g-9fpq-6wmg","Warn: Project is vulnerable to: RUSTSEC-2025-0023","Warn: Project is vulnerable to: GHSA-f2wx-xjfw-xjv6","Warn: Project is vulnerable to: RUSTSEC-2023-0052 / GHSA-8qv2-5vq6-g2g7","Warn: Project is vulnerable to: RUSTSEC-2022-0008 / GHSA-x4mq-m75f-mx8m"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T21:53:26.170Z","repository_id":37336640,"created_at":"2025-08-22T21:53:26.170Z","updated_at":"2025-08-22T21:53:26.170Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277422021,"owners_count":25815336,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-28T02:00:08.834Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","package-manager","rust"],"created_at":"2024-07-30T20:01:22.406Z","updated_at":"2025-09-28T19:31:28.500Z","avatar_url":"https://github.com/r-darwish.png","language":"Rust","funding_links":[],"categories":["Rust","Operating Systems","Command Line","Projects by main language","Command Line Tools","automation","Applications","CLI Applications"],"sub_categories":["General","Dependency Management","rust"],"readme":"![Topgrade](doc/topgrade.png)\n\n# No longer maintained\n\nThis repository is no longer maintained. An effort was made by the community to keep maintaining the project at https://github.com/topgrade-rs/topgrade. I am not involved in this effort nor do I know the people behind it, so I encourage you to inspect their work before using the fork.\n\nI'm not the owner of the packages that ship Topgrade for various package managers, so their maintainers will need to decide what to do. I'm only the owner of the package in creates.io, which will no longer be updated.\n\n[![Travis](https://api.travis-ci.org/r-darwish/topgrade.svg?branch=master)](https://travis-ci.org/r-darwish/topgrade)\n[![AppVeyor](https://ci.appveyor.com/api/projects/status/github/r-darwish/topgrade?svg=true)](https://ci.appveyor.com/project/r-darwish/topgrade)\n![GitHub release](https://img.shields.io/github/release/r-darwish/topgrade.svg)\n[![Crates.io](https://img.shields.io/crates/v/topgrade.svg)](https://crates.io/crates/topgrade)\n[![AUR](https://img.shields.io/aur/version/topgrade.svg)](https://aur.archlinux.org/packages/topgrade/)\n![homebrew](https://img.shields.io/homebrew/v/topgrade.svg)\n\n![Demo](doc/screenshot.gif)\n\nKeeping your system up to date usually involves invoking multiple package managers.\nThis results in big, non-portable shell one-liners saved in your shell.\nTo remedy this, _topgrade_ detects which tools you use and runs the appropriate commands to update them.\n\n## Installation\n- Arch Linux: [AUR](https://aur.archlinux.org/packages/topgrade/) package.\n- NixOS: _topgrade_ package in `nixpkgs`.\n- macOS: [Homebrew](https://brew.sh/) or [MacPorts](https://www.macports.org/install.php).\n\nOther systems users can either use `cargo install` or use the compiled binaries from the release page.\nThe compiled binaries contain a self-upgrading feature.\n\nTopgrade requires Rust 1.51 or above.\n\n## Usage\nJust run `topgrade`.\nSee [the wiki](https://github.com/r-darwish/topgrade/wiki/Step-list) for the list of things Topgrade supports.\n\n## Customization\nSee `config.example.toml` for an example configuration file.\n\n### Configuration path\n\nThe configuration should be placed in the following paths depending by the operating system:\n\n* **Windows** - `%APPDATA%/topgrade.toml`\n* **macOS** and **other Unix systems** - `${XDG_CONFIG_HOME:-~/.config}/topgrade.toml`\n\n## Remote execution\nYou can specify a key called `remote_topgrades` in the configuration file.\nThis key should contain a list of hostnames that have topgrade installed on them.\nTopgrade will use `ssh` to run `topgrade` on remote hosts before acting locally.\nTo limit the execution only to specific hosts use the `--remote-host-limit` parameter.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr-darwish%2Ftopgrade","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr-darwish%2Ftopgrade","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr-darwish%2Ftopgrade/lists"}