{"id":22917785,"url":"https://github.com/spachava753/kpkg","last_synced_at":"2026-05-07T11:33:51.842Z","repository":{"id":54394972,"uuid":"334519970","full_name":"spachava753/kpkg","owner":"spachava753","description":"A binary to install various K8s ecosystem related binaries","archived":false,"fork":false,"pushed_at":"2023-12-27T15:10:10.000Z","size":21754,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-31T15:45:19.293Z","etag":null,"topics":["arkade","binary","cli","go","golang","golang-cli","golang-tools","installer","k8s","k8s-ecosystem","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spachava753.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-30T21:58:53.000Z","updated_at":"2025-05-26T19:42:32.000Z","dependencies_parsed_at":"2024-06-21T14:36:17.473Z","dependency_job_id":null,"html_url":"https://github.com/spachava753/kpkg","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/spachava753/kpkg","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spachava753%2Fkpkg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spachava753%2Fkpkg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spachava753%2Fkpkg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spachava753%2Fkpkg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spachava753","download_url":"https://codeload.github.com/spachava753/kpkg/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spachava753%2Fkpkg/sbom","scorecard":{"id":840115,"data":{"date":"2025-08-11","repo":{"name":"github.com/spachava753/kpkg","commit":"ec5dca212301a445d49e5a9f7513125267e05c74"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/spachava753/kpkg/release.yml/main?enable=pin","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":10,"reason":"SAST tool detected: CodeQL","details":["Info: SAST configuration detected: CodeQL","Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.4.5 not signed: https://api.github.com/repos/spachava753/kpkg/releases/121183952","Warn: release artifact 0.4.4 not signed: https://api.github.com/repos/spachava753/kpkg/releases/121168282","Warn: release artifact 0.4.1 not signed: https://api.github.com/repos/spachava753/kpkg/releases/46076546","Warn: release artifact 0.4.0 not signed: https://api.github.com/repos/spachava753/kpkg/releases/45651843","Warn: release artifact 0.3.0 not signed: https://api.github.com/repos/spachava753/kpkg/releases/45650448","Warn: release artifact 0.4.5 does not have provenance: https://api.github.com/repos/spachava753/kpkg/releases/121183952","Warn: release artifact 0.4.4 does not have provenance: https://api.github.com/repos/spachava753/kpkg/releases/121168282","Warn: release artifact 0.4.1 does not have provenance: https://api.github.com/repos/spachava753/kpkg/releases/46076546","Warn: release artifact 0.4.0 does not have provenance: https://api.github.com/repos/spachava753/kpkg/releases/45651843","Warn: release artifact 0.3.0 does not have provenance: https://api.github.com/repos/spachava753/kpkg/releases/45650448"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2456 / GHSA-449p-3h89-pw88","Warn: Project is vulnerable to: GO-2024-2466 / GHSA-mw99-9chc-xw7r","Warn: Project is vulnerable to: GO-2025-3367 / GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2025-3368 / GHSA-v725-9546-7q7m"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T20:15:45.285Z","repository_id":54394972,"created_at":"2025-08-23T20:15:45.285Z","updated_at":"2025-08-23T20:15:45.285Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32735207,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-07T02:14:30.463Z","status":"ssl_error","status_checked_at":"2026-05-07T02:14:29.405Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arkade","binary","cli","go","golang","golang-cli","golang-tools","installer","k8s","k8s-ecosystem","kubernetes"],"created_at":"2024-12-14T06:20:21.598Z","updated_at":"2026-05-07T11:33:51.825Z","avatar_url":"https://github.com/spachava753.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kpkg\n\nA tool to install various K8s ecosystem related binaries.\n\nI needed a tool to solve my problem of installing a bunch of different binaries that are either necessary, helpful, or\nboth while working with the Kubernetes ecosystem. Although some tools can be installed using package managers, many\ntools cannot be installed using something like apt, yum, scoop, etc. I wanted something that was easy to use, and easy\nto remove. All tools are installed in the `$HOME/.kpkg` directory, so all installed tools can be removed by deleting the\nfolder. I wanted something that could install multiple versions of tools. This is especially useful; for example,\ninstalling the right version of the kubectl cli for your cluster.\n\n# What this tool is not\n\nThis tool does not download nor keep track of dependencies. However, this should not be a problem, as the tools\ninstalled usually do not have any dependencies in the first place.\n\n# Installation\n\n`kpkg` can be installed by running `go get github.com/spachava753/kpkg`, or you can run the installation\nscript `curl -sL https://raw.githubusercontent.com/spachava753/kpkg/0.4.1/install.sh | sh`. Optionally, you can just\ndownload the zip file from\nreleases: [https://github.com/spachava753/kpkg/releases/latest](https://github.com/spachava753/kpkg/releases/latest)\n\n# Goals\n\n## CLI tool management\n\n- [x] download the latest version of a binary\n- [x] download a specific version of a binary\n- [x] remove a specific version of binary\n- [x] purge all versions of binary\n- [x] show installed versions\n- [x] show installed tools\n- [x] show binary installation candidates\n- [x] easy to uninstall\n- [x] complete parity with [arkade](https://github.com/alexellis/arkade) (meaning all binaries supported by arkade is\n  also supported by kpkg)\n- [ ] add support for detecting if running on arm{5,6,7}\n- [ ] add support for checking checksum\n- [ ] add progress bar\n\n# UX\n\nThe experience of the CLI should look something like this:\n\nFor getting a list of all possible binary installs\n\n```bash\nkpkg list\n# or \nkpkg get\n```\n\nFor installing the latest version\n\n```bash\nkpkg get linkerd2\n```\n\nFor installing a specific version\n\n```bash\nkpkg get linkerd2 latest\nkpkg get linkerd2 2.9.2\n```\n\nYou might have multiple versions installed. To set to different version, use the same command\n\n```bash\nkpkg get linkerd2 2.9.2\n```\n\nTo force a re-installation:\n\n```bash\nkpkg get linkerd2 2.9.2 --force\n```\n\nFor listing installed binaries.\n\n```bash\nkpkg list -i\n```\n\nFor listing possible versions of a binary.\n\n```bash\nkpkg list linkerd2\n```\n\nFor listing only installed versions of a binary\n\n```bash\nkpkg list linkerd2 --installed\n# or\nkpkg list linkerd2 -i\n```\n\nFor removing a version(s) of a binary. The command will fail if the current version installed points to version you are\nremoving. This prevents broken symlinks.\n\n```bash\nkpkg rm linkerd2 2.9.2\n```\n\nFor removing all versions of a binary. This completely removes any traces of the binary.\n\n```bash\nkpkg rm linkerd2 --purge\n```\n\n# Binary List\n\n```plain\n  argocd           Declarative continuous deployment for Kubernetes\n  argocd-autopilot The Argo-CD Autopilot is a tool which offers an opinionated way of installing Argo-CD and managing GitOps repositories\n  buildx           Docker CLI plugin for extended build capabilities with BuildKit\n  civo             Civo CLI is a tool to manage your Civo.com account from the terminal\n  clairctl         Vulnerability Static Analysis for Containers\n  copilot          The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on Amazon ECS and AWS Fargate\n  dive             A tool for exploring each layer in a docker image\n  docker-compose   Define and run multi-container applications with Docker\n  doctl            The official command line interface for the DigitalOcean API\n  eksctl           The official CLI for Amazon EKS\n  faas-cli         openfaas CLI plugin for extended build capabilities with BuildKit\n  flux             The GitOps Kubernetes operator\n  fzf              🌸 A command-line fuzzy finder\n  gh               GitHub’s official command line tool\n  golangci-lint    Fast linters Runner for Go\n  goreleaser       Deliver Go binaries as fast and easily as possible\n  helm             The Kubernetes Package Manager\n  helmfile         Deploy Kubernetes Helm Charts\n  hugo             The world’s fastest framework for building websites\n  inletsctl        The fastest way to create self-hosted exit-servers\n  istioctl         Connect, secure, control, and observe services\n  k3d              Little helper to run Rancher Lab's k3s in Docker\n  k3s              Lightweight Kubernetes\n  k3sup            bootstrap Kubernetes with k3s over SSH \u003c 1 min 🚀\n  k9s              🐶 Kubernetes CLI To Manage Your Clusters In Style!\n  kail             kubernetes log viewer\n  kind             Kubernetes IN Docker - local clusters for testing Kubernetes\n  kops             Kubernetes Operations (kops) - Production Grade K8s Installation, Upgrades, and Management\n  kpkg             A binary to install various K8s ecosystem related binaries\n  krew             📦 Find and install kubectl plugins\n  kube-bench       Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark\n  kube-prompt      An interactive kubernetes client featuring auto-complete\n  kubebuilder      SDK for building Kubernetes APIs using CRDs\n  kubectl          kubectl is a cli to communicate k8s clusters\n  kubectx          Faster way to switch between clusters in kubectl\n  kubens           Faster way to switch between namespaces in kubectl\n  kubeseal         A Kubernetes tool for one-way encrypted Secrets\n  kustomize        Customization of kubernetes YAML configurations\n  linkerd2         linkerd2 is a cli to install linkerd2 service mesh\n  mc               MinIO Client (mc) provides a modern alternative to UNIX commands like ls, cat, cp, mirror, diff, find etc\n  minikube         Run Kubernetes locally\n  nats             The NATS Command Line Interface\n  nerdctl          Docker-compatible CLI for containerd\n  opa              An open source, general-purpose policy engine\n  osm              Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments\n  pack             CLI for building apps using Cloud Native Buildpacks\n  packer           Packer is a tool for creating identical machine images for multiple platforms from a single source configuration\n  polaris          Validation of best practices in your Kubernetes clusters\n  popeye           👀 A Kubernetes cluster resource sanitizer\n  stern            ⎈ Multi pod and container log tailing for Kubernetes\n  terraform        Write infrastructure as code using declarative configuration files\n  terrascan        Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure\n  tkn              A CLI for interacting with Tekton!\n  trivy            A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI\n  vagrant          Vagrant is a tool for building and distributing development environments\n  virtctl          Kubernetes Virtualization API and runtime in order to define and manage virtual machines\n  yq               yq is a portable command-line YAML processor\n```\n\nOther alternatives:\n- [arkade](https://github.com/alexellis/arkade)\n- [ubi](https://github.com/houseabsolute/ubi)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspachava753%2Fkpkg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspachava753%2Fkpkg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspachava753%2Fkpkg/lists"}