{"id":13493144,"url":"https://github.com/sanity-io/groq-cli","last_synced_at":"2025-10-12T11:53:48.200Z","repository":{"id":57254371,"uuid":"194835924","full_name":"sanity-io/groq-cli","owner":"sanity-io","description":"Run GROQ in your command line","archived":false,"fork":false,"pushed_at":"2025-09-25T17:26:31.000Z","size":420,"stargazers_count":226,"open_issues_count":5,"forks_count":15,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-10-11T01:39:22.033Z","etag":null,"topics":["groq","json","json-api","json-parser","query-language","sanity-io"],"latest_commit_sha":null,"homepage":"https://groq.dev","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sanity-io.png","metadata":{"files":{"readme":"readme.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-07-02T09:47:39.000Z","updated_at":"2025-10-08T17:52:44.000Z","dependencies_parsed_at":"2024-05-13T17:34:59.479Z","dependency_job_id":"3283cd61-996c-4f3a-bb43-4ffd6b269be0","html_url":"https://github.com/sanity-io/groq-cli","commit_stats":{"total_commits":19,"total_committers":3,"mean_commits":6.333333333333333,"dds":"0.21052631578947367","last_synced_commit":"c5e71b34dd631eb85e01ac0dc445887a2e57a48d"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":"sindresorhus/node-cli-boilerplate","purl":"pkg:github/sanity-io/groq-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanity-io%2Fgroq-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanity-io%2Fgroq-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanity-io%2Fgroq-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanity-io%2Fgroq-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sanity-io","download_url":"https://codeload.github.com/sanity-io/groq-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sanity-io%2Fgroq-cli/sbom","scorecard":{"id":799636,"data":{"date":"2025-08-11","repo":{"name":"github.com/sanity-io/groq-cli","commit":"1ab5df2f207c6d50a0f1c6c4928f2bda9d5b0eac"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":4,"reason":"Found 7/16 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:28","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/groq-cli/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/groq-cli/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/groq-cli/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/groq-cli/test.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:46","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:73","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.4.1 not signed: https://api.github.com/repos/sanity-io/groq-cli/releases/188573180","Warn: release artifact v0.4.0 not signed: https://api.github.com/repos/sanity-io/groq-cli/releases/167193075","Warn: release artifact v0.3.1 not signed: https://api.github.com/repos/sanity-io/groq-cli/releases/155675337","Warn: release artifact v0.3.0 not signed: https://api.github.com/repos/sanity-io/groq-cli/releases/147445674","Warn: release artifact v0.4.1 does not have provenance: https://api.github.com/repos/sanity-io/groq-cli/releases/188573180","Warn: release artifact v0.4.0 does not have provenance: https://api.github.com/repos/sanity-io/groq-cli/releases/167193075","Warn: release artifact v0.3.1 does not have provenance: https://api.github.com/repos/sanity-io/groq-cli/releases/155675337","Warn: release artifact v0.3.0 does not have provenance: https://api.github.com/repos/sanity-io/groq-cli/releases/147445674"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'main'","Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/test.yml:51"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/sanity-io/.github/SECURITY.md:1","Info: Found linked content: github.com/sanity-io/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/sanity-io/.github/SECURITY.md:1","Info: Found text in security policy: github.com/sanity-io/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-x4c5-c7rf-jjgv","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T10:03:45.530Z","repository_id":57254371,"created_at":"2025-08-23T10:03:45.531Z","updated_at":"2025-08-23T10:03:45.531Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279011191,"owners_count":26084900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["groq","json","json-api","json-parser","query-language","sanity-io"],"created_at":"2024-07-31T19:01:12.670Z","updated_at":"2025-10-12T11:53:48.113Z","avatar_url":"https://github.com/sanity-io.png","language":"JavaScript","funding_links":[],"categories":["Data Manipulation","JavaScript","\u003ca name=\"data-management-json\"\u003e\u003c/a\u003eData management - JSON/YAML/etc."],"sub_categories":["JSON"],"readme":"# groq-cli\n\n_Currently in alpha._\n\n\u003e Easy wrangling of JSON documents with [GROQ](https://github.com/sanity-io/groq) in the command line.\n\nThe CLI tool consumes both JSON and [NDJSON](https://github.com/ndjson/ndjson-spec)) documents. You can pass in data from a local file, or from piping to standard input.\n\nRead the [announcement blog post](https://www.sanity.io/blog/we-re-open-sourcing-groq-a-query-language-for-json-documents), and the [getting started guide](https://www.sanity.io/docs/data-store/how-queries-work).\n\n## Install\n\n```bash\nnpm install --global groq-cli\n```\n\n## Requirements\n\nThis CLI requires Node v18 or later.\n\n## Usage\n\n```bash\n$ groq --help\n  Run GROQ in the command line\n\n  Usage\n    $ groq '*[\u003cfilter\u003e]{\u003cprojection\u003e}'\n    # Remember to alternate quotation marks inside of the query\n\n  Options\n    -i, --input   One of: ndjson, json, null\n    -o, --output  One of: ndjson, json, pretty, type-nodes\n    -p, --pretty  Shortcut for --output=pretty\n    -n, --ndjson  Shortcut for --input=ndjson --output=ndjson\n    -s, --schema  Path to a schema file, only required when output is set to \"type-nodes\"\n\n  Input formats\n    json      Reads a JSON object from stdin.\n    ndjson    Reads a JSON stream from stdin.\n    null      Reads nothing.\n\n  Output formats\n    json      Formats the output as JSON.\n    pretty    Formats the output as pretty JSON.\n    ndjson    Streams the result as NDJSON.\n\n  Examples\n    # Query data in a file\n    $ cat blog.json | groq 'count(posts)'\n\n    # Query data in a NDJSON file\n    $ cat blog.ndjson | groq --input ndjson '*[_type == \"post\"]{title}'\n\n    # Query JSON data from an URL\n    $ curl -s https://jsonplaceholder.typicode.com/todos | groq  --pretty '*[completed == false]{title}'\n```\n\n## Similar tools\n\nGROQ-cli isn't the only tool to work with JSON data in the command line. If it doesn't do exactly what you need, you can check out these other tools that might help you:\n\n- [jq](https://stedolan.github.io/jq/) — a lightweight and flexible command-line JSON processor.\n- [gron](https://github.com/tomnomnom/gron) - Make JSON greppable!\n\n\n\n\n\n## License\n\nMIT – Copyright 2019–present Sanity Inc.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsanity-io%2Fgroq-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsanity-io%2Fgroq-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsanity-io%2Fgroq-cli/lists"}