{"id":32611508,"url":"https://github.com/swiftpackageindex/packagelist","last_synced_at":"2025-10-30T13:59:31.585Z","repository":{"id":37010307,"uuid":"186566917","full_name":"SwiftPackageIndex/PackageList","owner":"SwiftPackageIndex","description":"The master list of repositories for the Swift Package Index.","archived":false,"fork":false,"pushed_at":"2025-10-23T16:08:59.000Z","size":10544,"stargazers_count":815,"open_issues_count":0,"forks_count":613,"subscribers_count":19,"default_branch":"main","last_synced_at":"2025-10-23T18:12:17.342Z","etag":null,"topics":["spm","swift"],"latest_commit_sha":null,"homepage":"https://swiftpackageindex.com","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SwiftPackageIndex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":"FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["SwiftPackageIndex"]}},"created_at":"2019-05-14T07:20:31.000Z","updated_at":"2025-10-23T16:09:03.000Z","dependencies_parsed_at":"2023-09-25T04:03:05.283Z","dependency_job_id":"e5816aec-31b8-40fa-aa6e-06fb8e61702d","html_url":"https://github.com/SwiftPackageIndex/PackageList","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/SwiftPackageIndex/PackageList","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SwiftPackageIndex%2FPackageList","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SwiftPackageIndex%2FPackageList/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SwiftPackageIndex%2FPackageList/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SwiftPackageIndex%2FPackageList/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SwiftPackageIndex","download_url":"https://codeload.github.com/SwiftPackageIndex/PackageList/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SwiftPackageIndex%2FPackageList/sbom","scorecard":{"id":136246,"data":{"date":"2025-08-11","repo":{"name":"github.com/SwiftPackageIndex/PackageList","commit":"3696202bdae4408f88bab6a9be1b0e5134ae7464"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.2,"checks":[{"name":"Code-Review","score":-1,"reason":"Found no human activity in the last 15 changesets","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/issues.yml:1","Warn: no topLevel permission defined: .github/workflows/nightly.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/SwiftPackageIndex/PackageList/nightly.yml/main?enable=pin","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T06:38:20.960Z","repository_id":37010307,"created_at":"2025-08-16T06:38:20.960Z","updated_at":"2025-08-16T06:38:20.960Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281818072,"owners_count":26566859,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-30T02:00:06.501Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["spm","swift"],"created_at":"2025-10-30T13:58:45.105Z","updated_at":"2025-10-30T13:59:31.579Z","avatar_url":"https://github.com/SwiftPackageIndex.png","language":"Swift","funding_links":["https://github.com/sponsors/SwiftPackageIndex"],"categories":[],"sub_categories":[],"readme":"![Valid JSON](https://github.com/SwiftPackageIndex/PackageList/workflows/Valid%20JSON/badge.svg)\n\n# The Swift Package Index\n\nAnyone can add a package to the Swift Package Index. Please feel free to submit any package repository to the index, whether it's a package written by you or someone else. There's also no quality threshold. As long as the packages are valid and meet the requirements below, we will accept them. If you're unsure about any of the requirements, please submit the package(s), and we'll happily provide help.\n\nThere are a few requirements for inclusion in the index, but they aren't onerous:\n\n- The package repositories must all be publicly accessible.\n- The packages must all contain a valid `Package.swift` file in the root folder.\n- The packages must be written in Swift 5.0 or later.\n- The packages should have at least one release tagged as a [semantic version](https://semver.org/).\n- The packages must all output valid JSON when running `swift package dump-package` with the latest Swift toolchain.\n- The package URLs must include the protocol (usually `https`) and the `.git` extension.\n- The packages must all compile without errors.\n- All package content must comply with our [code of conduct](https://github.com/SwiftPackageIndex/SwiftPackageIndex-Server/blob/main/CODE_OF_CONDUCT.md).\n\n\u003ca href=\"https://github.com/SwiftPackageIndex/PackageList/issues/new/choose\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/5180/156020907-8bebd0ca-c1ca-4a6f-9771-11a4037002a3.png\" width=\"170\" alt=\"Add Packages Button\"\u003e\u003c/a\u003e\n\n\u003e **Note:** Our build system can now generate and host DocC documentation and make it available from your package’s page in the index. All we need is a little configuration data so that we know how best to build your docs.\n\u003e\n\u003e [More information here](https://blog.swiftpackageindex.com/posts/auto-generating-auto-hosting-and-auto-updating-docc-documentation/).\n\n\u003e **Note:** If submitting your own packages, don't forget to add shields.io badges to your package's README to always have up to date swift version and platform compatibility information readily available. Once your package appears in the index, use the \"Do you maintain this package?\" link in the right-hand sidebar of your package page and use the provided markdown.\n\u003e\n\u003e For example: [![](https://img.shields.io/endpoint?url=https%3A%2F%2Fswiftpackageindex.com%2Fapi%2Fpackages%2Fdaveverwer%2FLeftPad%2Fbadge%3Ftype%3Dplatforms)](https://swiftpackageindex.com/daveverwer/LeftPad) [![](https://img.shields.io/endpoint?url=https%3A%2F%2Fswiftpackageindex.com%2Fapi%2Fpackages%2Fdaveverwer%2FLeftPad%2Fbadge%3Ftype%3Dswift-versions)](https://swiftpackageindex.com/daveverwer/LeftPad)\n\n### Removing a Package\n\nYou can request to have a package removed from the index with [this GitHub workflow](https://github.com/SwiftPackageIndex/PackageList/issues/new/choose).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswiftpackageindex%2Fpackagelist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswiftpackageindex%2Fpackagelist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswiftpackageindex%2Fpackagelist/lists"}