{"id":32057975,"url":"https://github.com/ruby/rubygems","last_synced_at":"2026-04-30T06:01:17.388Z","repository":{"id":873103,"uuid":"614070","full_name":"ruby/rubygems","owner":"ruby","description":"Library packaging and distribution for Ruby.","archived":false,"fork":false,"pushed_at":"2026-02-18T08:00:01.000Z","size":224551,"stargazers_count":3898,"open_issues_count":226,"forks_count":1884,"subscribers_count":162,"default_branch":"master","last_synced_at":"2026-02-19T08:00:04.166Z","etag":null,"topics":["package-manager","ruby","rubygems"],"latest_commit_sha":null,"homepage":"https://rubygems.org/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ruby.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":"https://rubycentral.org/#/portal/signup"}},"created_at":"2010-04-16T19:02:44.000Z","updated_at":"2026-02-18T19:04:38.000Z","dependencies_parsed_at":"2023-11-17T00:06:11.926Z","dependency_job_id":"dee7a0bb-e0b5-40db-aca5-bff447c7a910","html_url":"https://github.com/ruby/rubygems","commit_stats":{"total_commits":23445,"total_committers":1266,"mean_commits":"18.518957345971565","dds":0.7985924504158669,"last_synced_commit":"d57d302cbb265f5164b0bc448191e9beec257c43"},"previous_names":["ruby/rubygems","rubygems/rubygems"],"tags_count":712,"template":false,"template_full_name":null,"purl":"pkg:github/ruby/rubygems","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Frubygems","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Frubygems/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Frubygems/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Frubygems/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruby","download_url":"https://codeload.github.com/ruby/rubygems/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Frubygems/sbom","scorecard":{"id":619873,"data":{"date":"2025-08-19T04:30:25Z","repo":{"name":"github.com/rubygems/rubygems","commit":"9934845c47225987e5afa78cec383473a8046d31"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.5,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Code-Review","score":3,"reason":"Found 4/11 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/weekly-update.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/bundler.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/daily-bundler.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/daily-rubygems.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/install-rubygems.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/read-only.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/realworld-bundler.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/ruby-core.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/rubygems.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/system-rubygems-bundler.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/truffleruby-bundler.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/ubuntu-lint.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/weekly-update.yml:9"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  29 out of  29 GitHub-owned GitHubAction dependencies pinned","Info:  29 out of  29 third-party GitHubAction dependencies pinned","Info:   1 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"11 out of 11 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 111 contributing companies or organizations","details":["Info: found contributions from: CocoaPods, Columbia-OpenAcademy, DunaOnline, EpicGames, Farmhouse, Konfire, RestKit, RubyElders, SeaRbSg, TTTAttributedLabel, activeadmin, activeadmin-plugins, antipop-rubykaigi, area17, asakusarb, automaticruby, awooos, bazel-ios, blueyard, bpm, buildpacks, bundler, carlhuda, cincinnatirb, cloudcity, components, contribute-md, cucumber, danger, dashbitco, documenting-ruby, eballance, edgecase, elixir-ecto, elixir-explorer, elixir-lang, elixir-plug, emberjs, emberjs-addons, erikhuda, fastladder, formtastic, gemsmithio, getbpm, globalize, google, groonga, guard, gusto @rubygems @cloudcity, hackingroom, haml, heroku, hexpm, hiki, holy quintet, jenkinsci, jquery, larb, milter-manager, mirendev, neo, netbrick, netflix, nihon ruby-no-kai, oneclick, package-community, patronus-io, phoenixframework, plataformatec, puma, rack, rails, rails-girls-summer-of-code, railsgirls, railsgirls-jp, railsinstaller, ranguba, rbenv, rdoc, refinery, refinerycms-contrib, resque, rgeo, rubinius, ruby, ruby @rubygems @rbenv @88labs @andpad-dev, rubyapi, rubycentral; previously @axodotdev, rubygems, rubysec, rubytogether, rubytogether @tidelift, seattlerb, seattlerb consulting, self - deli clerk at @rubyelders, semver, shopify, sigstore, sparklemotion, splinesoft, starbeamjs, tdiary, test-unit, tfc-code, tokaido, tuna-arch, vektra, w3ctag, warningfree, yarnpkg, zizkovrb"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-21T04:56:51.422Z","repository_id":873103,"created_at":"2025-08-21T04:56:51.422Z","updated_at":"2025-08-21T04:56:51.422Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29808929,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-24T22:43:48.403Z","status":"online","status_checked_at":"2026-02-25T02:00:07.329Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["package-manager","ruby","rubygems"],"created_at":"2025-10-18T17:00:45.289Z","updated_at":"2026-04-30T06:01:17.372Z","avatar_url":"https://github.com/ruby.png","language":"Ruby","funding_links":["https://rubycentral.org/#/portal/signup"],"categories":["Ruby"],"sub_categories":[],"readme":"# RubyGems\n\nRubyGems is a package management framework for Ruby.\n\nA package (also known as a library) contains a set of functionality that can be invoked by a Ruby program, such as reading and parsing an XML file.\nWe call these packages \"gems\" and RubyGems is a tool to install, create, manage and load these packages in your Ruby environment.\n\nRubyGems is also a client for [RubyGems.org](https://rubygems.org), a public repository of Gems that allows you to publish a Gem\nthat can be shared and used by other developers. See our guide on publishing a Gem at [guides.rubygems.org](https://guides.rubygems.org/publishing/)\n\n## Getting Started\n\nInstalling and managing a Gem is done through the `gem` command. To install a Gem such as [Faraday][faraday]:\n\n```bash\ngem install faraday\n```\n\n[faraday]: https://github.com/lostisland/faraday?tab=readme-ov-file\n\nRubyGems will download the Faraday Gem from RubyGems.org and install it into your Ruby environment.\n\nFinally, inside your Ruby program, load the Faraday gem and start hacking:\n\n```ruby\nrequire 'faraday'\nresponse = Faraday.get('https://rubygems.org')\n# do something with `response`...\n```\n\nFor more information about how to use RubyGems, see our RubyGems basics guide at [guides.rubygems.org](https://guides.rubygems.org/rubygems-basics/)\n\n## Requirements\n\n* RubyGems supports Ruby 3.0 or later.\n\n## Installation\n\nRubyGems is already installed in your Ruby environment, you can check the version you have installed by running `gem --version` in your terminal emulator.\n\nIn some cases Ruby \u0026 RubyGems may be provided as OS packages. This is not a\nrecommended way to use Ruby \u0026 RubyGems. It's better to use a Ruby Version\nManager, such as [rbenv](https://github.com/rbenv/rbenv) or\n[chruby](https://github.com/postmodern/chruby). If you still want to use the\nversion provided by your OS package manager, please also use your OS package\nmanager to upgrade rubygems, and disregard any other installation instructions\ngiven below.\n\nIf you would like to manually install RubyGems:\n\n* Download from https://rubygems.org/pages/download, unpack, and `cd` into RubyGems' src\n* OR clone this repository and `cd` into the repository\n\nInstall RubyGems by running:\n\n    $ ruby setup.rb\n\nFor more details and other options, see:\n\n    $ ruby setup.rb --help\n\n## Upgrading RubyGems\n\nTo upgrade to the latest RubyGems, run:\n\n    $ gem update --system\n\nSee [UPGRADING](doc/UPGRADING.md) for more details and alternative instructions.\n\n## Release policy\n\nRubyGems and Bundler are released in sync, although they do not share their\nmajor version number. It is planned that also their major version numbers will\nbe sync'ed in the future.\n\nThe release policy is somewhat similar to the release policy of Ruby itself:\n\n* Frequent patch releases (every 2-4 weeks) including bug fixes, minor\n  enhancements, small features, or even medium sized features declared as\n  experimental for battle testing.\n* Yearly minor releases including bigger features, and minor breaking changes\n  (affecting only edge cases and a very small set of users).\n* Occasional major releases (replacing yearly minors) including major breaking\n  changes.\n\n## Documentation\n\nRubyGems uses [rdoc](https://github.com/rdoc/rdoc) for documentation. A compiled set of the docs\ncan be viewed online at [docs.ruby-lang.org](https://docs.ruby-lang.org/en/master/Gem.html).\n\nRubyGems also provides a comprehensive set of guides which covers numerous topics such as\ncreating a new gem, security practices and other resources at https://guides.rubygems.org\n\n## Getting Help\n\n### Filing Tickets\n\nGot a bug and you're not sure?  You're sure you have a bug, but don't know\nwhat to do next?  In any case, let us know about it!  The best place\nfor letting the RubyGems team know about bugs or problems you're having is\n[on the RubyGems issues page at GitHub](https://github.com/ruby/rubygems/issues).\n\n### Bundler Compatibility\n\nSee https://bundler.io/compatibility for known issues.\n\n### Supporting\n\nRubyGems is a community project. Please consider sponsoring [individual contributors for their great OSS\nwork](https://github.com/ruby/rubygems/graphs/contributors).\n\nIn addition, Ruby Central administers grant-funded work for improvements to `ruby/rubygems`, as well as running\nRubyGems.org (the service). You can support Ruby Central by attending or [sponsoring](mailto:sponsors@rubycentral.org)\na [RubyConf](https://rubyconf.org/), or by [joining as a supporting member](https://rubycentral.org/#/portal/signup).\n\n### Contributing\n\nIf you'd like to contribute to RubyGems, that's awesome, and we \u003c3 you. Check out our [guide to contributing](CONTRIBUTING.md) for more information.\n\n### Code of Conduct\n\nEveryone interacting in the RubyGems project’s codebases, issue trackers, chat rooms, and mailing lists is expected to follow the [contributor code of conduct](https://github.com/ruby/rubygems/blob/master/CODE_OF_CONDUCT.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fruby%2Frubygems","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fruby%2Frubygems","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fruby%2Frubygems/lists"}