{"id":18492701,"url":"https://github.com/voxpupuli/metadata-json-lint","last_synced_at":"2026-04-02T01:28:22.813Z","repository":{"id":21525628,"uuid":"24844861","full_name":"voxpupuli/metadata-json-lint","owner":"voxpupuli","description":"Tool to check the validity of Puppet metadata.json files","archived":false,"fork":false,"pushed_at":"2026-03-18T15:24:23.000Z","size":342,"stargazers_count":31,"open_issues_count":12,"forks_count":27,"subscribers_count":46,"default_branch":"master","last_synced_at":"2026-03-30T05:05:08.302Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voxpupuli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"open_collective":"vox-pupuli","github":"voxpupuli"}},"created_at":"2014-10-06T12:29:26.000Z","updated_at":"2026-03-18T15:24:39.000Z","dependencies_parsed_at":"2024-11-06T12:08:19.213Z","dependency_job_id":"d79b965e-e5a1-4f6a-b298-b677d83db383","html_url":"https://github.com/voxpupuli/metadata-json-lint","commit_stats":{"total_commits":177,"total_committers":33,"mean_commits":5.363636363636363,"dds":0.807909604519774,"last_synced_commit":"cea5e193ce26a3acd1139cc041e60b82e3e2dcd0"},"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/voxpupuli/metadata-json-lint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fmetadata-json-lint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fmetadata-json-lint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fmetadata-json-lint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fmetadata-json-lint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voxpupuli","download_url":"https://codeload.github.com/voxpupuli/metadata-json-lint/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fmetadata-json-lint/sbom","scorecard":{"id":1236461,"data":{"date":"2025-08-11","repo":{"name":"github.com/voxpupuli/metadata-json-lint","commit":"f803deb06fb41e9f52e78ef4a1d0907d81519490"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7,"checks":[{"name":"Maintained","score":10,"reason":"19 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:39","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:88","Info: found token with 'none' permissions: .github/workflows/release.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:11"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/voxpupuli/metadata-json-lint/test.yml/master?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 5.0.0 not signed: https://api.github.com/repos/voxpupuli/metadata-json-lint/releases/239375223","Warn: release artifact 4.3.0 not signed: https://api.github.com/repos/voxpupuli/metadata-json-lint/releases/239366655","Warn: release artifact 5.0.0 does not have provenance: https://api.github.com/repos/voxpupuli/metadata-json-lint/releases/239375223","Warn: release artifact 4.3.0 does not have provenance: https://api.github.com/repos/voxpupuli/metadata-json-lint/releases/239366655"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:51"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/voxpupuli/.github/SECURITY.md:1","Info: Found linked content: github.com/voxpupuli/.github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: github.com/voxpupuli/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 2 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-29T08:49:46.773Z","repository_id":21525628,"created_at":"2025-08-29T08:49:46.773Z","updated_at":"2025-08-29T08:49:46.773Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31282235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T12:11:05.055Z","status":"ssl_error","status_checked_at":"2026-04-01T12:10:26.478Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2024-11-06T13:10:23.603Z","updated_at":"2026-04-02T01:28:22.795Z","avatar_url":"https://github.com/voxpupuli.png","language":"Ruby","funding_links":["https://opencollective.com/vox-pupuli","https://github.com/sponsors/voxpupuli"],"categories":["Modules","Other"],"sub_categories":["Modules Development"],"readme":"# metadata-json-lint\n\n[![License](https://img.shields.io/github/license/voxpupuli/metadata-json-lint.svg)](https://github.com/voxpupuli/metadata-json-lint/blob/master/LICENSE)\n[![Test](https://github.com/voxpupuli/metadata-json-lint/actions/workflows/test.yml/badge.svg)](https://github.com/voxpupuli/metadata-json-lint/actions/workflows/test.yml)\n[![codecov](https://codecov.io/gh/voxpupuli/metadata-json-lint/branch/master/graph/badge.svg)](https://codecov.io/gh/voxpupuli/metadata-json-lint)\n[![Release](https://github.com/voxpupuli/metadata-json-lint/actions/workflows/release.yml/badge.svg)](https://github.com/voxpupuli/metadata-json-lint/actions/workflows/release.yml)\n[![RubyGem Version](https://img.shields.io/gem/v/metadata-json-lint.svg)](https://rubygems.org/gems/metadata-json-lint)\n[![RubyGem Downloads](https://img.shields.io/gem/dt/metadata-json-lint.svg)](https://rubygems.org/gems/metadata-json-lint)\n\nThe metadata-json-lint tool validates and lints `metadata.json` files in Puppet modules against style guidelines from the [Puppet Forge module metadata](https://docs.puppet.com/puppet/latest/modules_publishing.html#write-a-metadatajson-file) recommendations.\n\n## Compatibility\n\nmetadata-json-lint is tested on Ruby 2.7 to 3.3. The the authoritative source,\ncheck the `required_ruby_version` attribute in the gemspec file.\n\n## Installation\n\nvia `gem` command:\n``` shell\ngem install metadata-json-lint\n```\n\nvia Gemfile:\n``` ruby\ngem 'metadata-json-lint'\n```\n\n## Usage\n\n### Testing with metadata-json-lint\n\nOn the command line, run `metadata-json-lint` with the path of your `metadata.json` file:\n\n```shell\nmetadata-json-lint /path/to/metadata.json\n```\n\n### Testing with metadata-json-lint as a Rake task\n\nIf you are already using `puppet_spec_helper`, the 'validate' task already includes `metadata-json-lint`.\n\nYou can also integrate `metadata-json-lint` checks into your tests using the Rake task. Add `require 'metadata-json-lint/rake_task'` to your `Rakefile`, and then run:\n\n```ruby\nrake metadata_lint\n```\n\nTo set options for the Rake task, include them when you define the task:\n\n```ruby\nrequire 'metadata_json_lint'\ntask :metadata_lint do\n  MetadataJsonLint.parse('metadata.json') do |options|\n      options.strict_license = false\n  end\nend\n```\n\nAlternatively, set the option after requiring the Rake task:\n\n```ruby\nrequire 'metadata-json-lint/rake_task'\nMetadataJsonLint.options.strict_license = false\n```\n\n### Options\n\n* `--[no-]strict-dependencies`: Whether to fail if module version dependencies are open-ended. Defaults to `false`.\n* `--[no-]strict-license`: Whether to fail on strict license check. Defaults to `true`.\n* `--[no-]fail-on-warnings`: Whether to fail on warnings. Defaults to `true`.\n* `--[no-]strict-puppet-version`: Whether to fail if Puppet version requirements are open-ended or no longer supported. Defaults to `false`.\n\n## Contributors\n\nA big thank you to the [contributors](https://github.com/voxpupuli/metadata-json-lint/graphs/contributors).\n\n## Making a new release\n\nHow to make a new release?\n\n* update the gemspec file with the desired version\n\n```console\n$ git diff\ndiff --git a/metadata-json-lint.gemspec b/metadata-json-lint.gemspec\nindex c86668e..6a3ad38 100644\n--- a/metadata-json-lint.gemspec\n+++ b/metadata-json-lint.gemspec\n@@ -2,7 +2,7 @@ require 'date'\n\n Gem::Specification.new do |s|\n   s.name        = 'metadata-json-lint'\n-  s.version     = '2.4.0'\n+  s.version     = '2.5.0'\n   s.date        = Date.today.to_s\n   s.summary     = 'metadata-json-lint /path/to/metadata.json'\n   s.description = 'Utility to verify Puppet metadata.json files'\n```\n\n* export a GitHub access token as environment variable:\n\n```console\nexport CHANGELOG_GITHUB_TOKEN=*token*\n```\n\n* Install deps and generate the changelog\n\n```console\n$ bundle install --path .vendor/ --jobs=$(nproc) --with release\n$ bundle exec rake changelog\nFound 25 tags\nFetching tags dates: 25/25\nSorting tags...\nReceived issues: 103\nPull Request count: 77\nFiltered pull requests: 72\nFiltered issues: 26\nFetching events for issues and PR: 98\nFetching closed dates for issues: 98/98\nFetching SHAs for tags: 25\nAssociating PRs with tags: 72/72\nGenerating entry...\nDone!\nGenerated log placed in ~/metadata-json-lint/CHANGELOG.md\n```\n\n* Check the diff for `CHANGELOG.md`. Does it contain a breaking change but the\nnew version is only a minor bump? Does the new release only contains bug fixes?\nAdjust the version properly while honouring semantic versioning. If required,\nregenerate the `CHANGELOG.md`. Afterwards submit it as a PR.\n\n* If it gets approved, merge the PR, create a git tag on that and push it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fmetadata-json-lint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoxpupuli%2Fmetadata-json-lint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fmetadata-json-lint/lists"}