{"id":13409190,"url":"https://github.com/tukaani-project/xz","last_synced_at":"2026-02-20T12:31:52.343Z","repository":{"id":65628518,"uuid":"553665726","full_name":"tukaani-project/xz","owner":"tukaani-project","description":"XZ Utils","archived":false,"fork":false,"pushed_at":"2026-02-16T16:42:10.000Z","size":8047,"stargazers_count":909,"open_issues_count":20,"forks_count":190,"subscribers_count":22,"default_branch":"master","last_synced_at":"2026-02-17T00:06:47.333Z","etag":null,"topics":["c","cli","compression","library"],"latest_commit_sha":null,"homepage":"https://tukaani.org/xz/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tukaani-project.png","metadata":{"files":{"readme":"README","changelog":"ChangeLog","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"liberapay":"Larhzu"}},"created_at":"2022-10-18T15:11:36.000Z","updated_at":"2026-02-16T21:45:36.000Z","dependencies_parsed_at":"2025-12-09T18:04:32.513Z","dependency_job_id":null,"html_url":"https://github.com/tukaani-project/xz","commit_stats":null,"previous_names":[],"tags_count":60,"template":false,"template_full_name":null,"purl":"pkg:github/tukaani-project/xz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tukaani-project%2Fxz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tukaani-project%2Fxz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tukaani-project%2Fxz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tukaani-project%2Fxz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tukaani-project","download_url":"https://codeload.github.com/tukaani-project/xz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tukaani-project%2Fxz/sbom","scorecard":{"id":902007,"data":{"date":"2025-08-11","repo":{"name":"github.com/tukaani-project/xz","commit":"dd4a1b259936880e04669b43e778828b60619860"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"9 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: CLibFuzzer integration found: tests/ossfuzz/fuzz_decode_alone.c:21","Info: CLibFuzzer integration found: tests/ossfuzz/fuzz_decode_stream.c:21","Info: CLibFuzzer integration found: tests/ossfuzz/fuzz_decode_stream_mt.c:20","Info: CLibFuzzer integration found: tests/ossfuzz/fuzz_encode_stream.c:21"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: xz-5.8.1-windows.7z.sig: https://github.com/tukaani-project/xz/releases/tag/v5.8.1","Info: signed release artifact: xz-5.8.0-windows.7z.sig: https://github.com/tukaani-project/xz/releases/tag/v5.8.0","Info: signed release artifact: xz-5.7.2beta.tar.gz.sig: https://github.com/tukaani-project/xz/releases/tag/v5.7.2beta","Info: signed release artifact: xz-5.7.1alpha.tar.gz.sig: https://github.com/tukaani-project/xz/releases/tag/v5.7.1alpha","Info: signed release artifact: xz-5.6.4-windows.7z.sig: https://github.com/tukaani-project/xz/releases/tag/v5.6.4","Warn: release artifact v5.8.1 does not have provenance: https://api.github.com/repos/tukaani-project/xz/releases/210105056","Warn: release artifact v5.8.0 does not have provenance: https://api.github.com/repos/tukaani-project/xz/releases/208192211","Warn: release artifact v5.7.2beta does not have provenance: https://api.github.com/repos/tukaani-project/xz/releases/204541081","Warn: release artifact v5.7.1alpha does not have provenance: https://api.github.com/repos/tukaani-project/xz/releases/196486145","Warn: release artifact v5.6.4 does not have provenance: https://api.github.com/repos/tukaani-project/xz/releases/196485281"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/tukaani-project/.github/SECURITY.md:1","Info: Found linked content: github.com/tukaani-project/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/tukaani-project/.github/SECURITY.md:1","Info: Found text in security policy: github.com/tukaani-project/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}}]},"last_synced_at":"2025-08-24T15:55:40.286Z","repository_id":65628518,"created_at":"2025-08-24T15:55:40.286Z","updated_at":"2025-08-24T15:55:40.286Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29650835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T09:27:29.698Z","status":"ssl_error","status_checked_at":"2026-02-20T09:26:12.373Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","cli","compression","library"],"created_at":"2024-07-30T20:00:58.749Z","updated_at":"2026-02-20T12:31:52.312Z","avatar_url":"https://github.com/tukaani-project.png","language":"C","funding_links":["https://liberapay.com/Larhzu"],"categories":["C"],"sub_categories":[],"readme":"\nXZ Utils\n========\n\n    0. Overview\n    1. Documentation\n       1.1. Overall documentation\n       1.2. Documentation for command-line tools\n       1.3. Documentation for liblzma\n    2. Version numbering\n    3. Reporting bugs\n    4. Translations\n       4.1. Testing translations\n    5. Other implementations of the .xz format\n    6. Contact information\n\n\n0. Overview\n-----------\n\n    XZ Utils provide a general-purpose data-compression library plus\n    command-line tools. The native file format is the .xz format, but\n    also the legacy .lzma format is supported. The .xz format supports\n    multiple compression algorithms, which are called \"filters\" in the\n    context of XZ Utils. The primary filter is currently LZMA2. With\n    typical files, XZ Utils create about 30 % smaller files than gzip.\n\n    To ease adapting support for the .xz format into existing applications\n    and scripts, the API of liblzma is somewhat similar to the API of the\n    popular zlib library. For the same reason, the command-line tool xz\n    has a command-line syntax similar to that of gzip.\n\n    When aiming for the highest compression ratio, the LZMA2 encoder uses\n    a lot of CPU time and may use, depending on the settings, even\n    hundreds of megabytes of RAM. However, in fast modes, the LZMA2 encoder\n    competes with bzip2 in compression speed, RAM usage, and compression\n    ratio.\n\n    LZMA2 is reasonably fast to decompress. It is a little slower than\n    gzip, but a lot faster than bzip2. Being fast to decompress means\n    that the .xz format is especially nice when the same file will be\n    decompressed very many times (usually on different computers), which\n    is the case e.g. when distributing software packages. In such\n    situations, it's not too bad if the compression takes some time,\n    since that needs to be done only once to benefit many people.\n\n    With some file types, combining (or \"chaining\") LZMA2 with an\n    additional filter can improve the compression ratio. A filter chain may\n    contain up to four filters, although usually only one or two are used.\n    For example, putting a BCJ (Branch/Call/Jump) filter before LZMA2\n    in the filter chain can improve compression ratio of executable files.\n\n    Since the .xz format allows adding new filter IDs, it is possible that\n    some day there will be a filter that is, for example, much faster to\n    compress than LZMA2 (but probably with worse compression ratio).\n    Similarly, it is possible that some day there is a filter that will\n    compress better than LZMA2.\n\n    XZ Utils supports multithreaded compression. XZ Utils doesn't support\n    multithreaded decompression yet. It has been planned though and taken\n    into account when designing the .xz file format. In the future, files\n    that were created in threaded mode can be decompressed in threaded\n    mode too.\n\n\n1. Documentation\n----------------\n\n1.1. Overall documentation\n\n    README                This file\n\n    INSTALL.generic       Generic install instructions for those not\n                          familiar with packages using GNU Autotools\n    INSTALL               Installation instructions specific to XZ Utils\n    PACKAGERS             Information to packagers of XZ Utils\n\n    COPYING               XZ Utils copyright and license information\n    COPYING.0BSD          BSD Zero Clause License\n    COPYING.GPLv2         GNU General Public License version 2\n    COPYING.GPLv3         GNU General Public License version 3\n    COPYING.LGPLv2.1      GNU Lesser General Public License version 2.1\n\n    AUTHORS               The main authors of XZ Utils\n    THANKS                Incomplete list of people who have helped making\n                          this software\n    NEWS                  User-visible changes between XZ Utils releases\n    ChangeLog             Detailed list of changes (commit log)\n    TODO                  Known bugs and some sort of to-do list\n\n    Note that only some of the above files are included in binary\n    packages.\n\n\n1.2. Documentation for command-line tools\n\n    The command-line tools are documented as man pages. In source code\n    releases (and possibly also in some binary packages), the man pages\n    are also provided in plain text (ASCII only) format in the directory\n    \"doc/man\" to make the man pages more accessible to those whose\n    operating system doesn't provide an easy way to view man pages.\n\n\n1.3. Documentation for liblzma\n\n    The liblzma API headers include short docs about each function\n    and data type as Doxygen tags. These docs should be quite OK as\n    a quick reference.\n\n    There are a few example/tutorial programs that should help in\n    getting started with liblzma. In the source package the examples\n    are in \"doc/examples\" and in binary packages they may be under\n    \"examples\" in the same directory as this README.\n\n    Since the liblzma API has similarities to the zlib API, some people\n    may find it useful to read the zlib docs and tutorial too:\n\n        https://zlib.net/manual.html\n        https://zlib.net/zlib_how.html\n\n\n2. Version numbering\n--------------------\n\n    The version number format of XZ Utils is X.Y.ZS:\n\n      - X is the major version. When this is incremented, the library\n        API and ABI break.\n\n      - Y is the minor version. It is incremented when new features\n        are added without breaking the existing API or ABI. An even Y\n        indicates a stable release and an odd Y indicates unstable\n        (alpha or beta version).\n\n      - Z is the revision. This has a different meaning for stable and\n        unstable releases:\n\n          * Stable: Z is incremented when bugs get fixed without adding\n            any new features. This is intended to be convenient for\n            downstream distributors that want bug fixes but don't want\n            any new features to minimize the risk of introducing new bugs.\n\n          * Unstable: Z is just a counter. API or ABI of features added\n            in earlier unstable releases having the same X.Y may break.\n\n      - S indicates stability of the release. It is missing from the\n        stable releases, where Y is an even number. When Y is odd, S\n        is either \"alpha\" or \"beta\" to make it very clear that such\n        versions are not stable releases. The same X.Y.Z combination is\n        not used for more than one stability level, i.e. after X.Y.Zalpha,\n        the next version can be X.Y.(Z+1)beta but not X.Y.Zbeta.\n\n\n3. Reporting bugs\n-----------------\n\n    Naturally it is easiest for me if you already know what causes the\n    unexpected behavior. Even better if you have a patch to propose.\n    However, quite often the reason for unexpected behavior is unknown,\n    so here are a few things to do before sending a bug report:\n\n      1. Try to create a small example how to reproduce the issue.\n\n      2. Compile XZ Utils with debugging code using configure switches\n         --enable-debug and, if possible, --disable-shared. If you are\n         using GCC, use CFLAGS='-O0 -ggdb3'. Don't strip the resulting\n         binaries.\n\n      3. Turn on core dumps. The exact command depends on your shell;\n         for example in GNU bash it is done with \"ulimit -c unlimited\",\n         and in tcsh with \"limit coredumpsize unlimited\".\n\n      4. Try to reproduce the suspected bug. If you get \"assertion failed\"\n         message, be sure to include the complete message in your bug\n         report. If the application leaves a coredump, get a backtrace\n         using gdb:\n           $ gdb /path/to/app-binary   # Load the app to the debugger.\n           (gdb) core core   # Open the coredump.\n           (gdb) bt   # Print the backtrace. Copy \u0026 paste to bug report.\n           (gdb) quit   # Quit gdb.\n\n    Report your bug via email or IRC (see Contact information below).\n    Don't send core dump files or any executables. If you have a small\n    example file(s) (total size less than 256 KiB), please include\n    it/them as an attachment. If you have bigger test files, put them\n    online somewhere and include a URL to the file(s) in the bug report.\n\n    Always include the exact version number of XZ Utils in the bug report.\n    If you are using a snapshot from the git repository, use \"git describe\"\n    to get the exact snapshot version. If you are using XZ Utils shipped\n    in an operating system distribution, mention the distribution name,\n    distribution version, and exact xz package version; if you cannot\n    repeat the bug with the code compiled from unpatched source code,\n    you probably need to report a bug to your distribution's bug tracking\n    system.\n\n\n4. Translations\n---------------\n\n    The xz command line tool and all man pages can be translated.\n    The translations are handled via the Translation Project. If you\n    wish to help translating xz, please join the Translation Project:\n\n        https://translationproject.org/html/translators.html\n\n    Updates to translations won't be accepted by methods that bypass\n    the Translation Project because there is a risk of duplicate work:\n    translation updates made in the xz repository aren't seen by the\n    translators in the Translation Project. If you have found bugs in\n    a translation, please report them to the Language-Team address\n    which can be found near the beginning of the PO file.\n\n    If you find language problems in the original English strings,\n    feel free to suggest improvements. Ask if something is unclear.\n\n\n4.1. Testing translations\n\n    Testing can be done by installing xz into a temporary directory.\n\n    If building from Git repository (not tarball), generate the\n    Autotools files:\n\n        ./autogen.sh\n\n    Create a subdirectory for the build files. The tmp-build directory\n    can be deleted after testing.\n\n        mkdir tmp-build\n        cd tmp-build\n        ../configure --disable-shared --enable-debug --prefix=$PWD/inst\n\n    Edit the .po file in the po directory. Then build and install to\n    the \"tmp-build/inst\" directory, and use translations.bash to see\n    how some of the messages look. Repeat these  steps if needed:\n\n        make -C po update-po\n        make -j\"$(nproc)\" install\n        bash ../debug/translation.bash | less\n        bash ../debug/translation.bash | less -S  # For --list outputs\n\n    To test other languages, set the LANGUAGE environment variable\n    before running translations.bash. The value should match the PO file\n    name without the .po suffix. Example:\n\n        export LANGUAGE=fi\n\n\n5. Other implementations of the .xz format\n------------------------------------------\n\n    7-Zip and the p7zip port of 7-Zip support the .xz format starting\n    from the version 9.00alpha.\n\n        https://7-zip.org/\n        https://p7zip.sourceforge.net/\n\n    XZ Embedded is a limited implementation written for use in the Linux\n    kernel, but it is also suitable for other embedded use.\n\n        https://tukaani.org/xz/embedded.html\n\n    XZ for Java is a complete implementation written in pure Java.\n\n        https://tukaani.org/xz/java.html\n\n\n6. Contact information\n----------------------\n\n    XZ Utils in general:\n      - Home page: https://tukaani.org/xz/\n      - Email to maintainer(s): xz@tukaani.org\n      - IRC: #tukaani on Libera Chat\n      - GitHub: https://github.com/tukaani-project/xz\n\n    Lead maintainer:\n      - Email: Lasse Collin \u003classe.collin@tukaani.org\u003e\n      - IRC: Larhzu on Libera Chat\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftukaani-project%2Fxz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftukaani-project%2Fxz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftukaani-project%2Fxz/lists"}