{"id":28934078,"url":"https://github.com/verygoodsecurity/starlarky","last_synced_at":"2026-02-03T10:11:21.208Z","repository":{"id":38331950,"uuid":"300670787","full_name":"verygoodsecurity/starlarky","owner":"verygoodsecurity","description":"VGS edition of Google's safe and hermetically sealed Starlark language - a non-Turing complete subset of Python 3.","archived":false,"fork":false,"pushed_at":"2025-05-19T14:07:48.000Z","size":7281,"stargazers_count":32,"open_issues_count":34,"forks_count":37,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-05-19T15:34:31.778Z","etag":null,"topics":["faas","secure-computation","skylark","starlark","team-vault"],"latest_commit_sha":null,"homepage":"https://vgs.dev","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/verygoodsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-10-02T16:15:15.000Z","updated_at":"2025-05-19T14:07:46.000Z","dependencies_parsed_at":"2023-10-03T04:59:38.756Z","dependency_job_id":"8a2da89e-ae87-4088-b27e-2a629b935336","html_url":"https://github.com/verygoodsecurity/starlarky","commit_stats":null,"previous_names":[],"tags_count":122,"template":false,"template_full_name":null,"purl":"pkg:github/verygoodsecurity/starlarky","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verygoodsecurity%2Fstarlarky","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verygoodsecurity%2Fstarlarky/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verygoodsecurity%2Fstarlarky/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verygoodsecurity%2Fstarlarky/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/verygoodsecurity","download_url":"https://codeload.github.com/verygoodsecurity/starlarky/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/verygoodsecurity%2Fstarlarky/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261344959,"owners_count":23144960,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["faas","secure-computation","skylark","starlark","team-vault"],"created_at":"2025-06-22T18:39:37.904Z","updated_at":"2026-02-03T10:11:21.201Z","avatar_url":"https://github.com/verygoodsecurity.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003ca href=\"https://www.verygoodsecurity.com/\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/17788525\" width=\"256\" alt=\"VGS Logo\"\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\u003cb\u003e\u003ci\u003eStarlarky\u003c/i\u003e\u003c/b\u003e\u003cbr/\u003eVGS edition of Google's safe and hermetically sealed Starlark language\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://circleci.com/gh/verygoodsecurity/starlarky/tree/master\"\u003e\u003cimg src=\"https://circleci.com/gh/verygoodsecurity/starlarky/tree/master.svg?style=svg\" alt=\"circleci-test\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/verygoodsecurity/starlarky/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/verygoodsecurity/starlarky\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://pypi.org/project/pylarky/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/v/pylarky\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/verygoodsecurity/starlarky/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/verygoodsecurity/starlarky\"/\u003e\u003c/a\u003e\n\n\n\u003c!-- toc --\u003e\n* [Description](#description)\n* [Project overview](#project-overview)\n    * [Libstarlark](#libstarlark)\n    * [Larky](#larky)\n    * [Runlarky](#runlarky)\n    * [Pylarky](#pylarky)\n* [Developer setup](#developer-setup)\n* [Depoyment process](#deployment-process)\n\u003c!-- tocstop --\u003e\n\n## Description\nStarlarky is VGS in-house edition of [Bazel](https://bazel.build/)'s hermetically-sealed language created by Google called [Starlark](https://github.com/bazelbuild/starlark).\nThis language is used to run \"unsafe\" user-submitted code without exposing service at whole to possible attack and/or vulnerabilities.\nStarlark has Python-like syntax and is created to support same structure of additional libraries. \nKey differences between Starlark and Python can be found [here](https://docs.bazel.build/versions/master/skylark/language.html#differences-with-python)\n\n\n## Project overview\n\nStarlarky is presented as a monorepo with different modules\n\n### Libstarlark\n\n_Libstarlark_ is a maven module, that contains Starlark compiler from [bazelbuild](https://github.com/bazelbuild/bazel/tree/master/src/main/java/net/starlark/java)\nThis module is being periodically updated from bazelbuild via this [script](https://github.com/verygoodsecurity/starlarky/blob/master/bin/update-starlark.py)\nto maintain relevancy.\n\nSee more at Libstarlarky [README](https://github.com/verygoodsecurity/starlarky/blob/master/libstarlark/README.md)\n\nTo build run this command:\n```bash\nmvn versions:set -DnewVersion=\u003cyour-version\u003e -pl libstarlark (optional)\nmvn clean package -pl libstarlark\n```\n\n### Larky\n\n_Larky_ is a maven module, that contains VGS additions to Starlark language.\nSome additions ispired and taken from [Copybara](https://github.com/google/copybara/)\n\nHere are some of them:\n- JSR223 script engine\n- Annotations to define additional libraries\n- Extension [modules](https://github.com/verygoodsecurity/starlarky/blob/master/larky/src/main/java/com/verygood/security/larky/modules/README.md)\n\nTo build run this command:\n```bash\nmvn versions:set -DnewVersion=\u003cyour-version\u003e -pl larky (optional)\nmvn versions:set-property -Dproperty=libstarlark.version -DnewVersion=\u003clarky-version\u003e -pl larky\nmvn clean package -pl larky\n```\n\n### Runlarky\n\n_Runlarky_ is an example Larky invocation application\nIt builds as a Quarkus executable and gives ability to run Larky with input parameters.\n\nTo build run this command:\n```bash\nmvn versions:set -DnewVersion=\u003cyour-version\u003e -pl runlarky (optional)\nmvn versions:set-property -Dproperty=starlarky.version -DnewVersion=\u003clarky-version\u003e -pl runlarky\nmvn clean package -pl runlarky -Pnative\n```\n\nThis would build `larky-runner` executable in `runlarky/target` directory, that can be run from terminal\n\n### Pylarky\n\n_Pylarky_ is pip lib-wrapper for runlarky to make larky calls conveniently from Python.\n\n### Building and Running Tests\n\n```bash\ndocker-compose build\ndocker-compose run local bash /src/build-and-test-java.sh\ndocker-compose run local bash /src/build-and-test-python.sh\n```\n\n### Run individual larky stdlib test\n\n```bash\nmvn -Dtest='StdLibTest*' -Dlarky.stdlib_test=test_bytes.star org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5:test -pl larky\n```\n\n## Developer setup\n\nIn addition to having Maven installed, it must be configured to retrieve artifacts from Github.\n1) Generate an access token using [Github's instructions](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token).  The token needs `read:packages` scopes.\n2) You must enable SSO for verygoodsecurity\n\n3) Place the token in your `~/.m2/settings.xml` file.  For example (look for `github-username` and `github-api-key` to be replaced with your values):\n```\n\u003c?xml version='1.0' encoding='us-ascii'?\u003e\n\u003csettings xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://maven.apache.org/SETTINGS/1.0.0                           https://maven.apache.org/xsd/settings-1.0.0.xsd\"\u003e\n      \u003clocalRepository /\u003e\n      \u003cinteractiveMode /\u003e\n      \u003cusePluginRegistry /\u003e\n      \u003coffline /\u003e\n      \u003cpluginGroups /\u003e\n      \u003cservers\u003e\n          \u003cserver\u003e\n              \u003cid\u003egithub\u003c/id\u003e\n              \u003cusername\u003egithub-username\u003c/username\u003e\n              \u003cpassword\u003egithub-api-key\u003c/password\u003e\n          \u003c/server\u003e\n      \u003c/servers\u003e\n      \u003cmirrors /\u003e\n      \u003cproxies /\u003e\n      \u003cprofiles /\u003e\n      \u003cactiveProfiles /\u003e\n    \u003c/settings\u003e\n```\n\n## Deployment process\n\nTo rollout a new verion of libstarlark/larky/larky-api create a new tag\n```\ngit tag x.x.x\ngit push origin x.x.x\n```\nThan, after CircleCI build, publish the draft release\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fverygoodsecurity%2Fstarlarky","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fverygoodsecurity%2Fstarlarky","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fverygoodsecurity%2Fstarlarky/lists"}