{"id":13835675,"url":"https://github.com/rubygems/gemstash","last_synced_at":"2026-04-02T19:30:37.179Z","repository":{"id":38191924,"uuid":"42746109","full_name":"rubygems/gemstash","owner":"rubygems","description":"A RubyGems.org cache and private gem server","archived":false,"fork":false,"pushed_at":"2026-02-09T06:57:51.000Z","size":1207,"stargazers_count":785,"open_issues_count":50,"forks_count":136,"subscribers_count":17,"default_branch":"main","last_synced_at":"2026-03-29T13:57:51.891Z","etag":null,"topics":["rubygems"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rubygems.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":"https://rubycentral.org"}},"created_at":"2015-09-18T20:41:41.000Z","updated_at":"2026-03-03T00:43:32.000Z","dependencies_parsed_at":"2025-12-23T14:03:19.846Z","dependency_job_id":null,"html_url":"https://github.com/rubygems/gemstash","commit_stats":{"total_commits":810,"total_committers":64,"mean_commits":12.65625,"dds":0.6938271604938271,"last_synced_commit":"93a8a01ed4ce2d6e51ac0a15d9331cf0be7c5e6f"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/rubygems/gemstash","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rubygems%2Fgemstash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rubygems%2Fgemstash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rubygems%2Fgemstash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rubygems%2Fgemstash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rubygems","download_url":"https://codeload.github.com/rubygems/gemstash/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rubygems%2Fgemstash/sbom","scorecard":{"id":146753,"data":{"date":"2025-08-04","repo":{"name":"github.com/rubygems/gemstash","commit":"3ee6062aa23b217f3af0e540afb6f3227e7c9683"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":5.3,"checks":[{"name":"Code-Review","score":8,"reason":"Found 10/12 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":5,"reason":"5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/gemstash-ci.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gemstash-ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/rubygems/gemstash/gemstash-ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gemstash-ci.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/rubygems/gemstash/gemstash-ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rubygems/gemstash/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/rubygems/gemstash/lint.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T09:32:50.734Z","repository_id":38191924,"created_at":"2025-08-16T09:32:50.735Z","updated_at":"2025-08-16T09:32:50.735Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31238982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-31T13:32:58.087Z","status":"ssl_error","status_checked_at":"2026-03-31T13:32:57.391Z","response_time":111,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["rubygems"],"created_at":"2024-08-04T14:01:08.719Z","updated_at":"2026-04-02T19:30:37.172Z","avatar_url":"https://github.com/rubygems.png","language":"Ruby","funding_links":["https://rubycentral.org"],"categories":["Ruby","Gem Servers"],"sub_categories":[],"readme":"\u003c!-- Automatically generated by Pandoc --\u003e\n\n\n# Gemstash\n\n## What is Gemstash?\n\nGemstash is both a cache for remote servers such as\nhttps://rubygems.org, and a private gem source.\n\nIf you are using [bundler](https://bundler.io/) across many machines\nthat have access to a server within your control, you might want to use\nGemstash.\n\nIf you produce gems that you don’t want everyone in the world to have\naccess to, you might want to use Gemstash.\n\nIf you frequently bundle the same set of gems across multiple projects,\nyou might want to use Gemstash.\n\nAre you only using gems from https://rubygems.org, and don’t bundle the\nsame gems frequently? Well, maybe you don’t need Gemstash… yet.\n\n\u003ca href=\"https://rubycentral.org/\"\u003e\u003cimg src=\"https://global.discourse-cdn.com/business7/uploads/rubycentral/original/1X/43afd1ed967a1b6e3040965db20af65b665744ec.png\" width=200\u003e\u003c/a\u003e\u003cbr/\u003eGemstash\nis maintained by [Ruby Central](https://rubycentral.org/), a non-profit\ncommitted to supporting the critical Ruby infrastructure you rely on.\nContribute today [as an individual, or even better, as a\ncompany](https://rubycentral.org/#/portal/signup), and ensure that\nBundler, RubyGems, Gemstash, and other shared tooling is around for\nyears to come.\n\n## Quickstart Guide\n\n### Setup\n\nGemstash is designed to be quick and painless to get set up. By the end\nof this Quickstart Guide, you will be able to bundle stashed gems from\npublic sources against a Gemstash server running on your machine.\n\nInstall Gemstash to get started:\n\n    $ gem install gemstash\n\nAfter it is installed, starting Gemstash requires no additional steps.\nSimply start the Gemstash server with the `gemstash` command:\n\n    $ gemstash start\n\nThe server runs on port 9292.\n\n### Bundling\n\nWith the server running, you can bundle against it. Tell Bundler that\nyou want to use Gemstash to find gems from RubyGems.org:\n\n    $ bundle config mirror.https://rubygems.org http://localhost:9292\n\nNow you can create a Gemfile and install gems through Gemstash:\n\n``` ruby\n# ./Gemfile\nsource \"https://rubygems.org\"\ngem \"rubywarrior\"\n```\n\nThe gems you include should be gems you don’t yet have installed,\notherwise Gemstash will have nothing to stash. Now bundle:\n\n    $ bundle install --path .bundle\n\nYour Gemstash server has fetched the gems from https://rubygems.org and\ncached them for you! To prove this, you can disable your Internet\nconnection and try again. Gem files (\\*.gem) are cached indefinitely.\nGem dependencies metadata are cached for 30 minutes, so if you bundle\nagain before that, you can successfully bundle without an Internet\nconnection:\n\n    $ # Disable your Internet first!\n    $ rm -rf Gemfile.lock .bundle\n    $ bundle\n\n### Falling back to rubygems.org\n\nIf you want to make sure that your bundling from https://rubygems.org\nstill works as expected when the Gemstash server is not running, you can\neasily configure Bundler to fallback to https://rubygems.org.\n\n    $ bundle config mirror.https://rubygems.org.fallback_timeout true\n\nYou can also configure this fallback as a number of seconds in case the\nGemstash server is simply unresponsive. This example uses a 3 second\ntimeout:\n\n    $ bundle config mirror.https://rubygems.org.fallback_timeout 3\n\n### Stopping the Server\n\nOnce you’ve finish using your Gemstash server, you can stop it just as\neasily as you started it:\n\n    $ gemstash stop\n\nYou’ll also want to tell Bundler that it can go back to getting gems\nfrom RubyGems.org directly, instead of going through Gemstash:\n\n    $ bundle config --delete mirror.https://rubygems.org\n\n### Under the Hood\n\nYou might wonder where the gems are stored. After running the commands\nabove, you will find a new directory at `~/.gemstash`. This directory\nholds all the cached and private gems. It also has a server log, the\ndatabase, and configuration for Gemstash. If you prefer, you can [point\nto a different directory](docs/gemstash-customize.7.md#files).\n\nGemstash uses [SQLite](https://www.sqlite.org/) to store details about\nprivate gems. The database will be located in `~/.gemstash`, however you\nwon’t see the database appear until you start using private gems. If you\nprefer, you can [use a different\ndatabase](docs/gemstash-customize.7.md#database).\n\nGemstash temporarily caches things like gem dependencies in memory.\nAnything cached in memory will last for 30 minutes before being\nretrieved again. You can [use\nmemcached](docs/gemstash-customize.7.md#cache) instead of caching in\nmemory. Gem files are always cached permanently, so bundling with a\n`Gemfile.lock` with all gems cached will never call out to\nhttps://rubygems.org.\n\nThe server you ran is provided via [Puma](https://puma.io/) and\n[Rack](https://github.com/rack/rack), however they are not customizable\nat this point.\n\n## Deep Dive\n\nDeep dive into more subjects:\n\n- [Private gems](docs/gemstash-private-gems.7.md)\n- [Multiple gem sources](docs/gemstash-multiple-sources.7.md)\n- [Using Gemstash as a mirror](docs/gemstash-mirror.7.md)\n- [Customizing the server (database, storage, caching, and\n  more)](docs/gemstash-customize.7.md)\n- [Deploying Gemstash](docs/gemstash-deploy.7.md)\n- [Debugging Gemstash](docs/gemstash-debugging.7.md)\n\n## Reference\n\nAn anatomy of various configuration and commands:\n\n- [Configuration](docs/gemstash-configuration.5.md)\n- [Authorize](docs/gemstash-authorize.1.md)\n- [Start](docs/gemstash-start.1.md)\n- [Stop](docs/gemstash-stop.1.md)\n- [Status](docs/gemstash-status.1.md)\n- [Setup](docs/gemstash-setup.1.md)\n- [Version](docs/gemstash-version.1.md)\n\nTo see what has changed in recent versions of Gemstash, see the\n[CHANGELOG](https://github.com/rubygems/gemstash/blob/main/CHANGELOG.md).\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies.\nThen, run `rake` to run RuboCop and the tests. While developing, you can\nrun `bin/gemstash` to run Gemstash. You can also run `bin/console` for\nan interactive prompt that will allow you to experiment.\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at\nhttps://github.com/rubygems/gemstash. This project is intended to be a\nsafe, welcoming space for collaboration, and contributors are expected\nto adhere to the [Contributor\nCovenant](https://github.com/rubygems/gemstash/blob/main/CODE_OF_CONDUCT.md)\ncode of conduct.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT\nLicense](http://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frubygems%2Fgemstash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frubygems%2Fgemstash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frubygems%2Fgemstash/lists"}