{"id":51463663,"url":"https://github.com/xero/covcom","last_synced_at":"2026-07-06T08:30:45.429Z","repository":{"id":352931705,"uuid":"1217050028","full_name":"xero/covcom","owner":"xero","description":"Covert communications for private group conversations. Share an invite, talk, close the tab, and it's gone. End-to-end encrypted with post-quantum cryptography, so the messages stay private today and unreadable to the computers coming tomorrow.","archived":false,"fork":false,"pushed_at":"2026-06-06T06:07:37.000Z","size":574,"stargazers_count":3,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-06T07:12:19.853Z","etag":null,"topics":["bun","chat","cli","containerized","covertcommunication","e2ee","ephemeral","kyber","kyber-crystal","leviathan","messenger","ml-kem","ml-kem-768","n-party-protocol","post-quantum-cryptography","ratchet","self-hosted","web","xchacha20","xchacha20-poly1305"],"latest_commit_sha":null,"homepage":"https://xero.github.io/covcom/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xero.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-21T13:49:54.000Z","updated_at":"2026-06-01T01:56:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/xero/covcom","commit_stats":null,"previous_names":["xero/covcom"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/xero/covcom","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xero%2Fcovcom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xero%2Fcovcom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xero%2Fcovcom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xero%2Fcovcom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xero","download_url":"https://codeload.github.com/xero/covcom/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xero%2Fcovcom/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35184015,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-06T02:00:07.184Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bun","chat","cli","containerized","covertcommunication","e2ee","ephemeral","kyber","kyber-crystal","leviathan","messenger","ml-kem","ml-kem-768","n-party-protocol","post-quantum-cryptography","ratchet","self-hosted","web","xchacha20","xchacha20-poly1305"],"created_at":"2026-07-06T08:30:44.482Z","updated_at":"2026-07-06T08:30:45.416Z","avatar_url":"https://github.com/xero.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"```\n  ▄██▀ ▀█  ▄██▀ █▄  ▀██  ██▀  ▄██▀ ▀█  ▄██▀ █▄   █▄   ▄█\n ▐▒▒▒     ▐▒▒▒  ▒▒▌  ▒▒  ▒▒  ▐▒▒▒     ▐▒▒▒  ▒▒▌  ▒▒▒▄▒▒▒\n ▐▒▒▒     ▐▒▒▒  ▒▒▌  ▒▒▌ ▒▒  ▐▒▒▒     ▐▒▒▒  ▒▒▌  ▒▒ ▀ ▒▒\n  ▀██▄ ▄█  ▀██▄ █▀    ▀█▄▀    ▀██▄ ▄█  ▀██▄ █▀  ▄██▄ ▄██▄\n\n  Covert communications for private group conversations.\n  Invite, talk, close the client, and the chat vanishes.\n  Every message is encrypted with XChaCha20 and signed\n  with Ed25519. A BLAKE3 fingerprint on each key allows\n  peers to verify one another. SPQR's manual and epoch\n  ratchets add forward secrecy, while post-quantum\n  ML-KEM-768 encapsulation keeps recorded communications\n  unreadable and secure against future cryptanalysis.\n```\n\n[![GitHub Release](https://img.shields.io/github/v/release/xero/covcom?display_name=release\u0026style=flat-square\u0026logo=contributorcovenant\u0026logoColor=%23bcb83a\u0026color=%2378740b)](https://github.com/xero/covcom/releases/latest) [![Container Image Size](https://img.shields.io/docker/image-size/xerostyle/covcom/latest?arch=amd64\u0026style=flat-square\u0026logo=developmentcontainers\u0026logoColor=%23bcb83a\u0026color=%2378740b)](https://hub.docker.com/r/xerostyle/covcom) [![GitHub Wiki Publish](https://img.shields.io/github/actions/workflow/status/xero/covcom/wiki.yml?branch=main\u0026style=flat-square\u0026logo=gitbook\u0026logoColor=%23bcb83a\u0026label=wiki\u0026color=%2378740b)](https://github.com/xero/covcom/wiki) [![MIT Licensed](https://img.shields.io/badge/MIT-License?style=flat-square\u0026logo=internetarchive\u0026logoColor=%23bcb83a\u0026label=License\u0026color=%2378740b)](https://github.com/xero/covcom/blob/main/LICENSE)\n\n**CLI \u0026 Web Client Previews**\n\n[![cli and web client previews](https://raw.githubusercontent.com/wiki/xero/covcom/log.png)](https://raw.githubusercontent.com/wiki/xero/covcom/log.png)\n\n# https://xero.github.io/covcom/\n\n\u003e ### Table of Contents\n\u003e - [How it works](#how-it-works)\n\u003e - [Quickstart](#quickstart)\n\u003e - [Requirements](#requirements)\n\u003e - [Installation](#installation)\n\u003e - [Server](#server)\n\u003e - [Web client](#web-client)\n\u003e - [CLI client](#cli-client)\n\u003e - [Starting a session](#starting-a-session)\n\u003e - [Documentation](#documentation)\n\u003e - [Development](#development)\n\u003e - [Screenshots](#screenshots)\n\u003e - [License](#license)\n\n---\n\n## How it works\n\nEvery message is encrypted with [XChaCha20-Poly1305](https://github.com/xero/covcom/wiki/CRYPTOGRAPHY#message-encryption). That is the core cipher.\nEverything else exists to get a fresh, unique XChaCha20 key to the right\npeople at the right time.\n\nEach participant owns one send chain: a stateful [`KDFChain`](https://github.com/xero/leviathan-crypto/wiki/ratchet#kdfchain) that steps\nforward on every message via HKDF-SHA-256, producing a unique 32-byte key\nand [wiping](https://github.com/xero/leviathan-crypto/wiki/utils#wipe) the previous chain key. Message keys are wiped after use.\nPast keys are unrecoverable from current state.\n\nEpoch transitions use [ML-KEM-768](https://github.com/xero/leviathan-crypto/wiki/mlkem) (FIPS 203). When a [ratchet fires](https://github.com/xero/covcom/wiki/PROTOCOL#the-ratchet), the\nsender generates a shared seed, KEM-encapsulates it separately for each\npeer, and [broadcasts the result](https://github.com/xero/covcom/wiki/CRYPTOGRAPHY#chain-seed-distribution). Every peer derives the same new chain from\nthat seed. The KEM ciphertext travels in-band; the decapsulator's keypair\nrotates immediately after use.\n\nThe group uses a Sender Keys model: one send chain per participant, not one\nper pair. O(N) state regardless of room size.\n\nEvery session mints a fresh [Ed25519](https://github.com/xero/leviathan-crypto/wiki/signaturesuite#ed25519-suites) signing keypair on construction. Every\nidentity claim and every broadcast is [signed](https://github.com/xero/leviathan-crypto/wiki/signing) under it, so each peer can\nauthenticate where a message came from.\n\nEach peer's claims form a [BLAKE3](https://github.com/xero/leviathan-crypto/wiki/blake3#blake3)-chained log: every claim binds the previous\npayload's hash. The server cannot reorder, drop, or substitute a structural\nevent mid-session without breaking the chain.\n\nThe signing public key derives a [fingerprint](https://github.com/xero/covcom/wiki/CRYPTOGRAPHY#fingerprint-derivation) for out-of-band verification:\n`BLAKE3(sessionPk, 16)` rendered as eight OKLCh swatches and a 16-char hex\nstring. Compare it with your peers over a trusted channel to rule out a\nmachine-in-the-middle.\n\nThis implements the [Sparse Post-Quantum Ratchet](https://signal.org/docs/specifications/doubleratchet/#the-sparse-post-quantum-ratchet) from Signal's Double Ratchet spec (§5, Revision 4). For more detail, see [PROTOCOL](https://github.com/xero/covcom/wiki/PROTOCOL).\n\nCryptographic primitives are provided by [leviathan-crypto](https://github.com/xero/leviathan-crypto).\n\n## Quickstart\n\nPoint `chat.example.com` at the host you'll run on, then:\n\n```sh\ndocker pull xerostyle/covcom:latest\ndocker run -d \\\n  -p 80:80 -p 443:443 \\\n  -e DOMAIN=chat.example.com \\\n  xerostyle/covcom:latest\n```\n\nOpen https://chat.example.com in a browser. Create a room, share the invite, \u0026 chat.\n\n---\n\n## Requirements\n\nNothing needs [Bun](https://bun.sh) at runtime. Every component installs\nmanually (a release binary, the Docker image, or the single-file\n`covcom.html` web page) or from the npm registry with any JS package\nmanager. Bun is required only to develop or build from source.\n\n| Component  | Channel                      | Requires                                       |\n| ---------- | ---------------------------- | ---------------------------------------------- |\n| Web client | hosted page                  | a modern browser (Chrome, Firefox, or Safari)  |\n| Web client | `covcom.html` release asset  | a modern browser; open from disk or any static host |\n| CLI        | release binary               | nothing                                        |\n| CLI        | `npm i -g covcom`            | Node 18 or newer, or Bun (launcher shim only)  |\n| Server     | release binary               | nothing                                        |\n| Server     | Docker image                 | [Docker](https://docker.com)                   |\n| Server     | `npm i -g covcom-server`     | Node 18 or newer, or Bun (launcher shim only)  |\n| All of it  | source: develop, build, test | Bun v1.3.14 or later (the `packageManager` pin) |\n\nThe release binaries and the npm platform packages embed the runtime they\nwere compiled with, which is why the shim's Node is the only requirement on\nthe npm rows. See [SECURITY-POLICY](./SECURITY.md) for how that frozen\nruntime is patched.\n\n---\n\n## Installation\n\nGrab a release binary. Every asset is xz-compressed, checksummed, and\ncovered by a build-provenance attestation:\n\n```sh\ncurl -sLO https://github.com/xero/covcom/releases/latest/download/covcom-linux-x64.xz\nxz -d covcom-linux-x64.xz \u0026\u0026 chmod +x covcom-linux-x64\nsudo mv covcom-linux-x64 /usr/local/bin/covcom\n```\n\nOr install from npm. The packages carry the same prebuilt binaries, so npm\ninstalls need no Bun:\n\n```sh\nnpm i -g covcom         # CLI client\nnpm i -g covcom-server  # relay server\n```\n\nThe server also ships as a Docker image (see [Quickstart](#quickstart)), and\nthe web client as a single `covcom.html` page that opens straight from disk.\nPlatform targets, server one-liners, and download verification (checksums\nand `gh attestation verify`) are in\n[USAGE § install](https://github.com/xero/covcom/wiki/USAGE#installation). Building from source is covered in\n[Development](#development).\n\n### Platform Support\n\nBoth the server and cli are build for the following platforms:\n\n| Binary                     | Target              |\n|----------------------------|---------------------|\n| `covcom*-linux-x64`        | Linux x86_64, glibc |\n| `covcom*-linux-x64-musl`   | Linux x86_64, musl  |\n| `covcom*-linux-arm64`      | Linux arm64, glibc  |\n| `covcom*-linux-arm64-musl` | Linux arm64, musl   |\n| `covcom*-macos-arm64`      | macOS Apple Silicon |\n| `covcom*-macos-x64`        | macOS Intel         |\n| `covcom*-win-x64.exe`      | Windows x86_64      |\n\n---\n\n## Server\n\nThe Docker image from the [Quickstart](#quickstart) is the recommended\ndeployment: Caddy terminates TLS automatically via ACME and serves the web\nclient at your domain. It is published to\n[Docker Hub](https://hub.docker.com/r/xerostyle/covcom) as\n`xerostyle/covcom` and [GHCR](https://github.com/xero/covcom/pkgs/container/covcom)\nas `ghcr.io/xero/covcom`. Pin a specific version (e.g. `:3.0.0`) in production\nso a vulnerability disclosure does not silently upgrade you. See\n[USAGE § Docker](https://github.com/xero/covcom/wiki/USAGE#docker) for tag conventions and how to extend the\nimage.\n\n**Standalone binary.** Every release attaches compiled server binaries\n(Linux x64/arm64 in glibc and musl flavors, macOS arm64 and x64, and\nWindows x64): one downloaded file, no bun, no node, no npm. See\n[USAGE § stand-alone-bin](https://github.com/xero/covcom/wiki/USAGE#standalone-binary) for verification and target\ndetails.\n\n**npm.** `npm i -g covcom-server`, then `covcom-server --port 1337`. The\nmeta package pulls the matching `@covcom/server-\u003cplatform\u003e` binary for your\nos, cpu, and libc, and a small shim execs it.\n\n**Behind your own proxy.** Outside the Docker image the server speaks plain\nHTTP on `127.0.0.1:1337`; your reverse proxy must terminate TLS and set the\nsecurity headers. See [USAGE § prod-no-docker](https://github.com/xero/covcom/wiki/USAGE#production-no-docker).\n\nConfiguration is flags and matching env vars (`--port`, `--host`,\n`--max-room-size`, `--admin-token`, `--room-ttl`, plus `--help` and\n`--version`; flags beat env vars), identical in every mode. See\n[USAGE § flags](https://github.com/xero/covcom/wiki/USAGE#command-line-flags) for the full tables and the\n`ps`-visibility caveat on `--admin-token`.\n\n---\n\n## Web Client\n\nNothing to install. Download `covcom.html` from any\n[release](https://github.com/xero/covcom/releases) and open it straight from\ndisk (`file://`) or serve it from any static host, or open the page a Docker\ndeployment already hosts at your domain. All crypto, including chunked\nencrypted file transfer, runs as WASM in the page under the strictest\npossible CSP, `default-src 'none'`, and works in Chrome, Firefox, and\nSafari/WebKit.\n\nThe interface mirrors the CLI: a chat pane plus the **Verify** and\n**Event Log** sidebars. **Verify** lists your fingerprint and every peer's\nside by side; **Event Log** records every inbound and outbound WebSocket\nframe and crypto action, with redacted payloads and expandable detail rows.\nDrag the divider between the chat and sidebar to resize, or double-click it\nto reset. The eye button in the header hides or shows system messages\n(joins, leaves, ratchets). Drag a file anywhere onto an open chat to send\nit; drop a `.room` file on the lobby to load an invite. Press `Esc` in the\nmessage box to open the keys-display (`R` ratchet, `E` events, `V` verify,\n`Esc` return); the `/ratchet`, `/events`, and `/verify` commands work too.\n\nThe full interface tour, panel reference, and command list are in\n[USAGE § interface](https://github.com/xero/covcom/wiki/USAGE#the-interface).\n\n---\n\n## CLI client\n\nThe CLI is a compiled standalone binary with a custom zero-dependency TUI.\n\n```sh\nnpm i -g covcom\ncovcom\n```\n\nPrebuilt binaries ship as `@covcom/cli-\u003cplatform\u003e` packages for macOS\narm64 and x64, Linux x64/arm64 in glibc and musl flavors, and Windows\nx64; the install needs no Bun. Other platforms can grab a\n[release binary](https://github.com/xero/covcom/releases) or build from\nsource (see [Development](#development)).\n\n**Join directly from a `.room` file:**\n\n```sh\ncovcom --join /path/to/invite.room\n```\n\n**Two paranoia flags** control how the config file is used:\n\n```sh\ncovcom --clean  # config neither read nor written; fully ephemeral\ncovcom --anon   # saved server and username neither read nor written\n```\n\n`--clean` ignores `~/.config/covcom/config.json` entirely: no saved server\nor username is prefilled, and nothing is written back. `--anon` is the\nnarrower variant: theme, copy command, sidebar width, and icons still load\nand persist as usual. Combine either with `--join` for a fully ephemeral\nsession, e.g. `covcom --clean --join /path/to/invite.room`.\n\nSettings persist to `~/.config/covcom/config.json`: server, username,\nclipboard command, sidebar width, button glyphs, and a full color theme\n(ansi16, xterm 256, or truecolor hex per slot). The flag reference, every\nconfig field, the theme slot table, and keyboard navigation are in\n[USAGE § cli-client](https://github.com/xero/covcom/wiki/USAGE#cli-client).\n\n---\n\n## Starting a session\n\n**Create a room:**\n\n1. Enter a username and select **Create Room**.\n2. On the create screen, enter a server address and select **Create Room**. An\n   **Advanced** toggle reveals an optional server password. The web client\n   prefills the server with the host serving the page, which is the relay in the\n   single-container deployment; edit it to target a separate relay.\n3. The lobby screen shows an armored invite block, a QR code of the same\n   bytes, and copy/download buttons. Share it via any channel.\n4. The screen waits until a peer joins.\n\nSample armored invite:\n```\n-----BEGIN COVCOM INVITE-----\nAWU5YTYyMWVhMzQwOTM2MDRkMTM5M2MxNTQ0ZDBjNjg0gCIiZMnOHFyPCn5zIfaLsGNvdmNvbS4zeGkuY2x1Yg==\n-----END COVCOM INVITE-----\n```\n\n**Join a room:**\n\n1. Enter a username and select **Join Room**.\n2. On the join screen, paste the armored invite text, drag-drop the `.room`\n   file (web), or enter the file path and select **Browse** (CLI). A dropped or\n   browsed file fills the paste box.\n3. Select **Join Room**. It parses the invite and connects; there is no separate\n   parse or connect step.\n\nOnce both sides complete the handshake, the chat opens. The server has relayed\na sequence of encrypted blobs and learned nothing about the content. Version\nnegotiation, reconnect behavior, and late-join semantics are covered in\n[USAGE § starting-a-session](https://github.com/xero/covcom/wiki/USAGE#starting-a-session).\n\n---\n\n## Documentation\n\nDeeper references for users, auditors, contributors, and the curious.\n\n| Document                                                         | Purpose                                                               |\n| ---------------------------------------------------------------- | --------------------------------------------------------------------- |\n| [USAGE](https://github.com/xero/covcom/wiki/USAGE)               | Install, configure, and run the server and clients; developer tooling |\n| [SECURITY-POLICY](./SECURITY.md)                                 | Supported versions, disclosure policy, cryptographic foundation       |\n| [DIAGRAM](https://xero.github.io/covcom/diagram.html)            | Animated and annotated visualization of a complete three peer session |\n| [PROTOCOL](https://github.com/xero/covcom/wiki/PROTOCOL)         | Cipher, chains, ratchet, group model, session lifecycle, server role  |\n| [CRYPTOGRAPHY](https://github.com/xero/covcom/wiki/CRYPTOGRAPHY) | Primitives, KDF chains, wire format, invite encoding                  |\n| [THREAT-MODEL](https://github.com/xero/covcom/wiki/THREAT-MODEL) | Principals, adversary tiers, guarantees, non-goals                    |\n| [LIB-SPEC](https://github.com/xero/covcom/wiki/LIB-SPEC)         | Shared library API, session and identity surface, invites, \u0026 files    |\n| [SERVER-SPEC](https://github.com/xero/covcom/wiki/SERVER-SPEC)   | Server wire contract, message handlers, room lifecycle, \u0026 config      |\n| [WEB-SPEC](https://github.com/xero/covcom/wiki/WEB-SPEC)         | Web client architecture, state, session, views, \u0026 single-file build   |\n| [CLI-SPEC](https://github.com/xero/covcom/wiki/CLI-SPEC)         | CLI architecture, rendering, input, widgets, views, \u0026 color system    |\n| [TESTING](https://github.com/xero/covcom/wiki/TESTING)           | Test layers, unit and end-to-end suites, cross-client interop, and CI |\n\n\u003e [!TIP]\n\u003e Documentation is available in the repo `./docs` folder and published to the project [Wiki](https://github.com/xero/covcom/wiki).\n\n---\n\n## Development\n\nEverything below needs [Bun](https://bun.sh) v1.3.14 or later\n\n```sh\ngit clone https://github.com/xero/covcom\ncd covcom\nbun i        # install workspaces\nbun dev      # relay + web client together, prewired\nbun run test # the four unit suites in parallel\nbun check    # full release gate: codegen, lint, typecheck, bake, test:all\n```\n\nNote the `bun run` prefix on `test`: a bare `bun test` invokes Bun's\nbuilt-in runner with the script name treated as a path filter, not the\npackage script.\n\n**Repository layout:**\n\n```\nserver/    WebSocket broker\nlib/       Shared crypto session layer\nweb/       Vanilla SPA web client\ncli/       Custom zero-dependency TUI client\nscripts/   Dev tooling: build orchestrator, release scripts\ndocker/    Dockerfile, Caddyfile template, entrypoint\ndocs/      Project documentation / Wiki sources\n```\n\nThe full developer reference (per-component and per-target builds, the\nlocal Docker build, single test suites, the cross-client interop and\nPlaywright e2e runs, lint, typecheck, and release artifacts) is\n[USAGE § development ](https://github.com/xero/covcom/wiki/USAGE#development). The test architecture is\n[TESTING](https://github.com/xero/covcom/wiki/TESTING).\n\n---\n\n## Screenshots\n\nleft side is the CLI client (custom theme) / right side is the web client\n\n**Main client lobby**\n\n[![lobby](https://raw.githubusercontent.com/wiki/xero/covcom/lobby.png)](https://raw.githubusercontent.com/wiki/xero/covcom/lobby.png)\n\n**Invite screen**\n\n[![invite](https://raw.githubusercontent.com/wiki/xero/covcom/invite.png)](https://raw.githubusercontent.com/wiki/xero/covcom/invite.png)\n\n**Crypto log**\n\n[![log](https://raw.githubusercontent.com/wiki/xero/covcom/log.png)](https://raw.githubusercontent.com/wiki/xero/covcom/log.png)\n\n**Login screen**\n\n[![login](https://raw.githubusercontent.com/wiki/xero/covcom/login.png)](https://raw.githubusercontent.com/wiki/xero/covcom/login.png)\n\n**Modal hotkey bindings display**\n\n[![modal](https://raw.githubusercontent.com/wiki/xero/covcom/modal.png)](https://raw.githubusercontent.com/wiki/xero/covcom/modal.png)\n\n---\n\n## License\n\n```\n▄─┐ ▄─┐ ▄ ╷ ▄─┐ ▄─┐ ▄─┌┐\n█   █ │ █ │ █   █ │ █ ╵│\n▀─┘ ▀─┘  ▀┘ ▀─┘ ▀─┘ ▀  ╵\n```\nReleased under the [MIT license](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxero%2Fcovcom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxero%2Fcovcom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxero%2Fcovcom/lists"}