{"id":13493183,"url":"https://github.com/tummychow/git-absorb","last_synced_at":"2026-02-14T05:21:47.509Z","repository":{"id":38391732,"uuid":"121587348","full_name":"tummychow/git-absorb","owner":"tummychow","description":"git commit --fixup, but automatic","archived":false,"fork":false,"pushed_at":"2026-02-09T17:29:06.000Z","size":320,"stargazers_count":5385,"open_issues_count":22,"forks_count":93,"subscribers_count":18,"default_branch":"master","last_synced_at":"2026-02-12T09:49:01.552Z","etag":null,"topics":["git","rebase"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/git-absorb","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tummychow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-02-15T03:24:09.000Z","updated_at":"2026-02-11T18:39:00.000Z","dependencies_parsed_at":"2023-02-12T06:45:32.518Z","dependency_job_id":"68981cc3-b937-4892-990e-2b6a7b7de3d0","html_url":"https://github.com/tummychow/git-absorb","commit_stats":{"total_commits":172,"total_committers":30,"mean_commits":5.733333333333333,"dds":"0.40697674418604646","last_synced_commit":"d84f5604eb67967a573a671d34914b10ed56a298"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/tummychow/git-absorb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tummychow%2Fgit-absorb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tummychow%2Fgit-absorb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tummychow%2Fgit-absorb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tummychow%2Fgit-absorb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tummychow","download_url":"https://codeload.github.com/tummychow/git-absorb/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tummychow%2Fgit-absorb/sbom","scorecard":{"id":902162,"data":{"date":"2025-08-11","repo":{"name":"github.com/tummychow/git-absorb","commit":"696db7b3df90327734711a6f017c8e0d19518548"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.4,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":9,"reason":"Found 11/12 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":7,"reason":"7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/tummychow/git-absorb/release.yml/master?enable=pin","Info:   0 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   6 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.8.0 not signed: https://api.github.com/repos/tummychow/git-absorb/releases/214382032","Warn: release artifact 0.7.0 not signed: https://api.github.com/repos/tummychow/git-absorb/releases/204608891","Warn: release artifact 0.6.17 not signed: https://api.github.com/repos/tummychow/git-absorb/releases/194022462","Warn: release artifact 0.6.16 not signed: https://api.github.com/repos/tummychow/git-absorb/releases/183268543","Warn: release artifact 0.6.15 not signed: https://api.github.com/repos/tummychow/git-absorb/releases/164317075","Warn: release artifact 0.8.0 does not have provenance: https://api.github.com/repos/tummychow/git-absorb/releases/214382032","Warn: release artifact 0.7.0 does not have provenance: https://api.github.com/repos/tummychow/git-absorb/releases/204608891","Warn: release artifact 0.6.17 does not have provenance: https://api.github.com/repos/tummychow/git-absorb/releases/194022462","Warn: release artifact 0.6.16 does not have provenance: https://api.github.com/repos/tummychow/git-absorb/releases/183268543","Warn: release artifact 0.6.15 does not have provenance: https://api.github.com/repos/tummychow/git-absorb/releases/164317075"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T15:58:48.326Z","repository_id":38391732,"created_at":"2025-08-24T15:58:48.326Z","updated_at":"2025-08-24T15:58:48.326Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29390894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-13T00:53:09.511Z","status":"ssl_error","status_checked_at":"2026-02-13T00:53:09.126Z","response_time":55,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git","rebase"],"created_at":"2024-07-31T19:01:12.998Z","updated_at":"2026-02-14T05:21:47.488Z","avatar_url":"https://github.com/tummychow.png","language":"Rust","readme":"# git absorb\n\nThis is a port of Facebook's [`hg absorb`](https://www.mercurial-scm.org/repo/hg/rev/5111d11b8719), which I first read about on [mozilla.dev.version-control](https://groups.google.com/forum/#!msg/mozilla.dev.version-control/nh4fITFlEMk/ZNXgnAzxAQAJ):\n\n\u003e * Facebook demoed `hg absorb` which is probably the coolest workflow enhancement I've seen to version control in years. Essentially, when your working directory has uncommitted changes on top of draft changesets, you can run `hg absorb` and the uncommitted modifications are automagically folded (\"absorbed\") into the appropriate draft ancestor changesets. This is essentially doing `hg histedit` + \"roll\" actions without having to make a commit or manually make history modification rules. The command essentially looks at the lines that were modified, finds a changeset modifying those lines, and amends that changeset to include your uncommitted changes. If the changes can't be made without conflicts, they remain uncommitted. This workflow is insanely useful for things like applying review feedback. You just make file changes, run `hg absorb` and the mapping of changes to commits sorts itself out. It is magical. \n\n## Elevator Pitch\n\nYou have a feature branch with a few commits. Your teammate reviewed the branch and pointed out a few bugs. You have fixes for the bugs, but you don't want to shove them all into an opaque commit that says `fixes`, because you believe in atomic commits. Instead of manually finding commit SHAs for `git commit --fixup`, or running a manual interactive rebase, do this:\n\n```\ngit add $FILES_YOU_FIXED\ngit absorb --and-rebase\n```\n\n`git absorb` will automatically identify which commits are safe to modify, and which staged changes belong to each of those commits. It will then write `fixup!` commits for each of those changes.\n\nWith the `--and-rebase` flag, these fixup commits will be automatically integrated into the corresponding ones. Alternatively, you can check its output manually if you don't trust it, and then fold the fixups into your feature branch with git's built-in [autosquash](https://git-scm.com/docs/git-rebase#Documentation/git-rebase.txt---autosquash) functionality:\n\n```\ngit add $FILES_YOU_FIXED\ngit absorb\ngit log # check the auto-generated fixup commits\ngit rebase -i --autosquash master\n```\n\n## Installing\n\nThe easiest way to install `git absorb` is to download an artifact from the latest [tagged release](https://github.com/tummychow/git-absorb/releases). Artifacts are available for Windows, MacOS, and Linux (built on Ubuntu with statically linked libgit2). If you need a commit that hasn't been released yet, check the [latest CI artifact](https://github.com/tummychow/git-absorb/actions/workflows/build.yml?query=event%3Apush+branch%3Amaster) or file an issue.\n\nAlternatively, `git absorb` is available in the following system package managers:\n\n\u003ca href=\"https://repology.org/project/git-absorb/versions\"\u003e\n    \u003cimg src=\"https://repology.org/badge/vertical-allrepos/git-absorb.svg\" alt=\"Packaging status\" align=\"right\"\u003e\n\u003c/a\u003e\n\n| Repository                  | Command                                      |\n| --------------------------- | -------------------------------------------- |\n| Arch Linux                  | `pacman -S git-absorb`                       |\n| Debian                      | `apt install git-absorb`                     |\n| DPorts                      | `pkg install git-absorb`                     |\n| Fedora                      | `dnf install git-absorb`                     |\n| Flox                        | `flox install git-absorb`                    |\n| FreeBSD Ports               | `pkg install git-absorb`                     |\n| Homebrew and Linuxbrew      | `brew install git-absorb`                    |\n| MacPorts                    | `sudo port install git-absorb`               |\n| nixpkgs stable and unstable | `nix-env -iA nixpkgs.git-absorb`             |\n| openSUSE                    | `zypper install git-absorb`                  |\n| Ubuntu                      | `apt install git-absorb`                     |\n| Void Linux                  | `xbps-install -S git-absorb`                 |\n| GNU Guix                    | `guix install git-absorb`                    |\n| Windows Package Manager     | `winget install tummychow.git-absorb`        |\n\n## Compiling from Source\n\n[![crates.io badge](https://img.shields.io/crates/v/git-absorb.svg)](https://crates.io/crates/git-absorb) [![Build](https://github.com/tummychow/git-absorb/actions/workflows/build.yml/badge.svg?branch=master\u0026event=push)](https://github.com/tummychow/git-absorb/actions/workflows/build.yml)\n\nYou will need the following:\n\n- [cargo](https://github.com/rust-lang/cargo)\n\nThen `cargo install git-absorb`. Make sure that `$CARGO_HOME/bin` is on your `$PATH` so that git can find the command. (`$CARGO_HOME` defaults to `~/.cargo`.)\n\nNote that `git absorb` does _not_ use the system libgit2. This means you do not need to have libgit2 installed to build or run it. However, this does mean you have to be able to build libgit2. (Due to [recent changes](https://github.com/alexcrichton/git2-rs/commit/76f4b74aef2bc2a54906ddcbf7fbe0018936a69d) in the git2 crate, CMake is no longer needed to build it.)\n\nNote: `cargo install` does not currently know how to install manpages ([cargo#2729](https://github.com/rust-lang/cargo/issues/2729)), so if you use `cargo` for installation then `git absorb --help` will not work. There are two manual workarounds, assuming your system has a `~/.local/share/man/man1` directory that `man --path` knows about:\n\n1. build the man page from source and copy\n   This requires that the [a2x](https://asciidoc-py.github.io/a2x.1.html) tool be installed on your system.\n   ```bash\n   cd ./Documentation\n   make\n   mv git-absorb.1 ~/.local/share/man/man1\n   ```\n2. download a recently-built man page\n   1. find a recent build as in [Installing](#installing) above\n   2. download the `git-absorb.1` file and unzip\n   3. move it to `~/.local/share/man/man1`\n\n\n## Usage\n\n1. `git add` any changes that you want to absorb. By design, `git absorb` will only consider content in the git index (staging area).\n2. `git absorb`. This will create a sequence of commits on `HEAD`. Each commit will have a `fixup!` message indicating the message (if unique) or SHA of the commit it should be squashed into.\n3. If you are satisfied with the output, `git rebase -i --autosquash` to squash the `fixup!` commits into their predecessors. You can set the [`GIT_SEQUENCE_EDITOR`](https://stackoverflow.com/a/29094904) environment variable if you don't need to edit the rebase TODO file.\n4. If you are not satisfied (or if something bad happened), `git reset --soft PRE_ABSORB_HEAD` will reset to the pre-absorption commit and recover your old state. (You can also find the commit in question with `git reflog`.) And if you think `git absorb` is at fault, please [file an issue](https://github.com/tummychow/git-absorb/issues/new).\n\n## How it works (roughly)\n\n`git absorb` works by checking if two patches P1 and P2 *commute*, that is, if applying P1 before P2 gives the same result as applying P2 before P1.\n\n`git absorb` considers a range of commits ending at HEAD. The first commit can be specified explicitly with `--base \u003cref\u003e`. By default the last 10 commits will be considered (see [STACK SIZE in git-absorb.adoc](Documentation/git-absorb.adoc#stack-size) for how to change this).\n\nFor each hunk in the index, `git absorb` will check if that hunk commutes with the last commit, then the one before that, etc. When it finds a commit that does not commute with the hunk, it infers that this is the right parent commit for this change, and the hunk is turned into a fixup commit. If the hunk commutes with all commits in the range, it means we have not found a suitable parent commit for this change; a warning is displayed, and this hunk remains uncommitted in the index. \n\n## Documentation\n\nFor additional information about git-absorb, including all arguments and configuration options, see [Documentation/git-absorb.adoc](Documentation/git-absorb.adoc),\nor the git-absorb manual page.\n\n\n## TODO\n\n- implement remote default branch check\n- stop using `failure::err_msg` and ensure all error output is actionable by the user\n- slightly more log output in the success case\n- more tests (esp main module and integration tests)\n- document stack and commute details\n- more commutation cases (esp copy/rename detection)\n- don't load all hunks in memory simultaneously because they could be huge\n- implement some kind of index locking to protect against concurrent modifications\n","funding_links":[],"categories":["Rust","Uncategorized","Git","Tools","git","Dev-Utilities","\u003ca name=\"git\"\u003e\u003c/a\u003eGit and accessories"],"sub_categories":["Uncategorized","Comparing workflows"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftummychow%2Fgit-absorb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftummychow%2Fgit-absorb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftummychow%2Fgit-absorb/lists"}