{"id":13619365,"url":"https://github.com/yaklang/yaklang","last_synced_at":"2026-02-28T12:15:06.323Z","repository":{"id":161318168,"uuid":"634117654","full_name":"yaklang/yaklang","owner":"yaklang","description":"A programming language exclusively designed for cybersecurity","archived":false,"fork":false,"pushed_at":"2026-01-30T12:10:39.000Z","size":268552,"stargazers_count":532,"open_issues_count":17,"forks_count":62,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-01-31T01:56:03.060Z","etag":null,"topics":["cybersecurity","dsl","go","security","security-tools"],"latest_commit_sha":null,"homepage":"https://www.yaklang.io/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yaklang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-04-29T05:21:07.000Z","updated_at":"2026-01-30T11:30:46.000Z","dependencies_parsed_at":"2023-09-21T16:16:06.170Z","dependency_job_id":"2b0f956d-196b-4773-b08f-d20f81871f38","html_url":"https://github.com/yaklang/yaklang","commit_stats":{"total_commits":6934,"total_committers":30,"mean_commits":"231.13333333333333","dds":0.8177098355927315,"last_synced_commit":"a2613cab690192c23f0576c27e8bc11e4b89b577"},"previous_names":[],"tags_count":550,"template":false,"template_full_name":null,"purl":"pkg:github/yaklang/yaklang","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaklang%2Fyaklang","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaklang%2Fyaklang/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaklang%2Fyaklang/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaklang%2Fyaklang/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yaklang","download_url":"https://codeload.github.com/yaklang/yaklang/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yaklang%2Fyaklang/sbom","scorecard":{"id":459827,"data":{"date":"2025-07-07","repo":{"name":"github.com/yaklang/yaklang","commit":"af76956bf0a2860c05d93dc3749906412bcf9f72"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":3.1,"checks":[{"name":"Code-Review","score":8,"reason":"Found 7/8 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/update-embed-fs.yml:63"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/auto-build-sfweb.yml:1","Warn: no topLevel permission defined: .github/workflows/build-aibalance.yml:1","Warn: no topLevel permission defined: .github/workflows/diff-code-check.yml:1","Warn: no topLevel permission defined: .github/workflows/essential-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/exp-cross-build.yml:1","Warn: no topLevel permission defined: .github/workflows/generate-web-doc.yml:1","Warn: no topLevel permission defined: .github/workflows/manual-build-target.yml:1","Warn: no topLevel permission defined: .github/workflows/manual-build.yml:1","Warn: no topLevel permission defined: .github/workflows/new-yak-engine-test.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-production-version.yml:1","Warn: no topLevel permission defined: .github/workflows/release-vulinbox.yml:1","Warn: no topLevel permission defined: .github/workflows/reuse-build-sfweb.yml:1","Warn: no topLevel permission defined: .github/workflows/reuse-build.yml:1","Warn: no topLevel permission defined: .github/workflows/ssa-program.yaml:1","Warn: no topLevel permission defined: .github/workflows/update-embed-fs.yml:1","Warn: no topLevel permission defined: .github/workflows/update-syntaxflow-meta.yml:1","Warn: no topLevel permission defined: .github/workflows/updateCve.yaml:1","Warn: no topLevel permission defined: .github/workflows/wip.yml:1","Warn: no topLevel permission defined: .github/workflows/wsm-test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 1.4.3-beta1 not signed: https://api.github.com/repos/yaklang/yaklang/releases/231719852","Warn: release artifact 1.4.2-beta12 not signed: https://api.github.com/repos/yaklang/yaklang/releases/231093853","Warn: release artifact 1.4.2-bate11 not signed: https://api.github.com/repos/yaklang/yaklang/releases/231062911","Warn: release artifact 1.4.2-beta10 not signed: https://api.github.com/repos/yaklang/yaklang/releases/231038151","Warn: release artifact 1.4.2-beta9 not signed: https://api.github.com/repos/yaklang/yaklang/releases/230469977","Warn: release artifact 1.4.3-beta1 does not have provenance: https://api.github.com/repos/yaklang/yaklang/releases/231719852","Warn: release artifact 1.4.2-beta12 does not have provenance: https://api.github.com/repos/yaklang/yaklang/releases/231093853","Warn: release artifact 1.4.2-bate11 does not have provenance: https://api.github.com/repos/yaklang/yaklang/releases/231062911","Warn: release artifact 1.4.2-beta10 does not have provenance: https://api.github.com/repos/yaklang/yaklang/releases/231038151","Warn: release artifact 1.4.2-beta9 does not have provenance: https://api.github.com/repos/yaklang/yaklang/releases/230469977"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: common/javaclassparser/classes/static/AnnotationTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/ContinuousAssign.class:1","Warn: binary detected: common/javaclassparser/classes/static/FinalTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/IfTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/InterfaceTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/LambdaTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/LogicalOperation.class:1","Warn: binary detected: common/javaclassparser/classes/static/LogicalOperationMini.class:1","Warn: binary detected: common/javaclassparser/classes/static/LongTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/SelfOp.class:1","Warn: binary detected: common/javaclassparser/classes/static/StaticCodeBlockTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/SuperTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/SwitchTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/SynchronizedTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/TernaryExpressionTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/TryCatch.class:1","Warn: binary detected: common/javaclassparser/classes/static/TryCatch1.class:1","Warn: binary detected: common/javaclassparser/classes/static/VarFold.class:1","Warn: binary detected: common/javaclassparser/classes/static/syntax_test/SwitchScopeTest.class:1","Warn: binary detected: common/javaclassparser/classes/static/syntax_test/VarArgs.class:1","Warn: binary detected: common/javaclassparser/classes/static/test.jar:1","Warn: binary detected: common/javaclassparser/tests/accessflag.class:1","Warn: binary detected: common/javaclassparser/tests/annotationParam.class:1","Warn: binary detected: common/javaclassparser/tests/attribute-demo.class:1","Warn: binary detected: common/javaclassparser/tests/badstrconv.class:1","Warn: binary detected: common/javaclassparser/tests/basic1.class:1","Warn: binary detected: common/javaclassparser/tests/enum.class:1","Warn: binary detected: common/javaclassparser/tests/finallydemo.class:1","Warn: binary detected: common/javaclassparser/tests/interfaceExtends.class:1","Warn: binary detected: common/javaclassparser/tests/interfaceFieldLongType.class:1","Warn: binary detected: common/javaclassparser/tests/objectinit.class:1","Warn: binary detected: common/javaclassparser/tests/selfadd.class:1","Warn: binary detected: common/javaclassparser/tests/strconv.class:1","Warn: binary detected: common/javaclassparser/tests/synchronizeddemo.class:1","Warn: binary detected: common/javaclassparser/tests/tryonly.class:1","Warn: binary detected: common/wsm/payloads/behinder/static/BasicInfoGo.class:1","Warn: binary detected: common/wsm/payloads/behinder/static/CmdGo.class:1","Warn: binary detected: common/wsm/payloads/behinder/static/DatabaseGo.class:1","Warn: binary detected: common/wsm/payloads/behinder/static/EchoGo.class:1","Warn: binary detected: common/wsm/payloads/behinder/static/FileOperationGo.class:1","Warn: binary detected: common/wsm/payloads/godzilla/static/payload.class:1","Warn: binary detected: common/wsm/payloads/godzilla/static/payload2.class:1","Warn: binary detected: common/wsm/payloads/godzilla/static/payload_test.dll:1","Warn: binary detected: common/yak/antlr4thirdparty/antlr-4.11.1-complete.jar:1","Warn: binary detected: common/yak/ssaapi/test/ssatest/testfile/test.jar:1","Warn: binary detected: common/yso/resources/static/classes/DNSLog.class:1","Warn: binary detected: common/yso/resources/static/classes/EmptyClassInTemplate.class:1","Warn: binary detected: common/yso/resources/static/classes/ModifyTomcatMaxHeaderSize.class:1","Warn: binary detected: common/yso/resources/static/classes/MultiEcho.class:1","Warn: binary detected: common/yso/resources/static/classes/ProcessBuilderExec.class:1","Warn: binary detected: common/yso/resources/static/classes/ProcessImplExec.class:1","Warn: binary detected: common/yso/resources/static/classes/RuntimeExec.class:1","Warn: binary detected: common/yso/resources/static/classes/Sleep.class:1","Warn: binary detected: common/yso/resources/static/classes/SpringEcho.class:1","Warn: binary detected: common/yso/resources/static/classes/TcpReverse.class:1","Warn: binary detected: common/yso/resources/static/classes/TcpReverseShell.class:1","Warn: binary detected: common/yso/resources/static/classes/TemplateImplClassLoader.class:1","Warn: binary detected: common/yso/resources/static/classes/TomcatEcho.class:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/exp-cross-build.yml:188"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/exp-cross-build.yml:153","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: .github/workflows/reuse-build-sfweb.yml:70","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: .github/workflows/reuse-build.yml:88","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-aibalance.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/build-aibalance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-aibalance.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/build-aibalance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff-code-check.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/diff-code-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff-code-check.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/diff-code-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff-code-check.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/diff-code-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff-code-check.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/diff-code-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff-code-check.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/diff-code-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff-code-check.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/diff-code-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/essential-tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/essential-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/essential-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/essential-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/essential-tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/essential-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/essential-tests.yml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/essential-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/essential-tests.yml:290: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/essential-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/essential-tests.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/essential-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/essential-tests.yml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/essential-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/exp-cross-build.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/exp-cross-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-web-doc.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/generate-web-doc.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-web-doc.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/generate-web-doc.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-web-doc.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/generate-web-doc.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/new-yak-engine-test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/new-yak-engine-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/new-yak-engine-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/new-yak-engine-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/new-yak-engine-test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/new-yak-engine-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-vulinbox.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/release-vulinbox.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse-build-sfweb.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/reuse-build-sfweb.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse-build-sfweb.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/reuse-build-sfweb.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse-build-sfweb.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/reuse-build-sfweb.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse-build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/reuse-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse-build.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/reuse-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse-build.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/reuse-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ssa-program.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/ssa-program.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ssa-program.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/ssa-program.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ssa-program.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/ssa-program.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-embed-fs.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/update-embed-fs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-embed-fs.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/update-embed-fs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-syntaxflow-meta.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/update-syntaxflow-meta.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-syntaxflow-meta.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/update-syntaxflow-meta.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updateCve.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/updateCve.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/updateCve.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/updateCve.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/wip.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/wip.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wsm-test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/wsm-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wsm-test.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/wsm-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wsm-test.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/wsm-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wsm-test.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/yaklang/yaklang/wsm-test.yml/main?enable=pin","Warn: containerImage not pinned by hash: common/yak/cmd/docker/Dockerfile:2: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: scripts/docker_builder/Dockerfile:1: pin your Docker image by updating golang:1.14.4-stretch to golang:1.14.4-stretch@sha256:b3a108bb5755799ca09aa46ce665a5084d546f4b55d07533bd7b008c5cb2be2d","Warn: containerImage not pinned by hash: scripts/docker_runnode/Dockerfile:1: pin your Docker image by updating ubuntu to ubuntu@sha256:440dcf6a5640b2ae5c77724e68787a906afb8ddee98bf86db94eea8528c2c076","Info:   0 out of  55 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   6 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned","Info:   4 out of   4 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: common/lowtun/offload_linux_test.go:276","Info: GoBuiltInFuzzer integration found: common/utils/fuzzy/fuzz_test.go:8","Info: GoBuiltInFuzzer integration found: common/yak/typescript/frontend/tspath/path_test.go:434","Info: GoBuiltInFuzzer integration found: common/yak/typescript/frontend/tspath/path_test.go:502","Info: GoBuiltInFuzzer integration found: common/yak/typescript/frontend/tspath/path_test.go:540"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"127 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-vmq6-5m68-f53m","Warn: Project is vulnerable to: GHSA-6v67-2wr5-gvf4","Warn: Project is vulnerable to: GHSA-pr98-23f8-jwxv","Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-m6vm-37g8-gqvh","Warn: Project is vulnerable to: GHSA-27hp-xhwr-wr2m","Warn: Project is vulnerable to: GHSA-5j33-cvvr-w245","Warn: Project is vulnerable to: GHSA-7w75-32cg-r6g2","Warn: Project is vulnerable to: GHSA-83qj-6fr2-vhqg","Warn: Project is vulnerable to: GHSA-fccv-jmmp-qg76","Warn: Project is vulnerable to: GHSA-g8pj-r55q-5c2v","Warn: Project is vulnerable to: GHSA-h2fw-rfh5-95r3","Warn: Project is vulnerable to: GHSA-h3gc-qfqq-6h8f","Warn: Project is vulnerable to: GHSA-hfrx-6qgj-fp6c","Warn: Project is vulnerable to: GHSA-p22x-g9px-3945","Warn: Project is vulnerable to: GHSA-q3mw-pvr8-9ggc","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GHSA-r6j3-px5g-cq3x","Warn: Project is vulnerable to: GHSA-rq2w-37h9-vg94","Warn: Project is vulnerable to: GHSA-wc4r-xq3c-5cf3","Warn: Project is vulnerable to: GHSA-wm9w-rjj3-j356","Warn: Project is vulnerable to: GHSA-v682-8vv8-vpwr","Warn: Project is vulnerable to: GHSA-rc42-6c7j-7h5r","Warn: Project is vulnerable to: GHSA-xf96-w227-r7c4","Warn: Project is vulnerable to: GHSA-36p3-wjmg-h94x","Warn: Project is vulnerable to: GHSA-hh26-6xwr-ggv7","Warn: Project is vulnerable to: GHSA-4gc7-5j7h-4qph","Warn: Project is vulnerable to: GHSA-4wp7-92pw-q264","Warn: Project is vulnerable to: GHSA-g5mm-vmx4-3rg7","Warn: Project is vulnerable to: GHSA-558x-2xjg-6232","Warn: Project is vulnerable to: GHSA-564r-hj7v-mcr5","Warn: Project is vulnerable to: GHSA-9cmq-m9j5-mvww","Warn: Project is vulnerable to: GHSA-wxqc-pxw9-g2p8","Warn: Project is vulnerable to: GHSA-2rmj-mq67-h97g","Warn: Project is vulnerable to: GHSA-2wrp-6fg6-hmc5","Warn: Project is vulnerable to: GHSA-4wrc-f8pq-fpqp","Warn: Project is vulnerable to: GHSA-ccgv-vj62-xf9h","Warn: Project is vulnerable to: GHSA-hgjh-9rj2-g67j","Warn: Project is vulnerable to: GHSA-cx7f-g6mp-7hqm","Warn: Project is vulnerable to: GHSA-g5vr-rgqm-vf78","Warn: Project is vulnerable to: GHSA-w3c8-7r8f-9jp8","Warn: Project is vulnerable to: GHSA-3mc7-4q67-w48m","Warn: Project is vulnerable to: GHSA-98wm-3w3q-mw94","Warn: Project is vulnerable to: GHSA-9w3m-gqgf-c4p9","Warn: Project is vulnerable to: GHSA-c4r9-r8fh-9vj2","Warn: Project is vulnerable to: GHSA-hhhw-99gj-p3c3","Warn: Project is vulnerable to: GHSA-mjmj-j48q-9wg2","Warn: Project is vulnerable to: GHSA-w37g-rhq8-7m4j","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: PYSEC-2023-62 / GHSA-m2qf-hxjv-5gpq","Warn: Project is vulnerable to: GHSA-2g68-c3qc-8985","Warn: Project is vulnerable to: PYSEC-2020-157 / GHSA-3p3h-qghp-hvh2","Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j","Warn: Project is vulnerable to: PYSEC-2019-140 / GHSA-gq9m-qvpx-68hc","Warn: Project is vulnerable to: PYSEC-2017-43 / GHSA-h2fp-xgx6-xh6f","Warn: Project is vulnerable to: PYSEC-2023-221 / GHSA-hrfv-mqp8-q5rw","Warn: Project is vulnerable to: GHSA-j544-7q9p-6xp8","Warn: Project is vulnerable to: PYSEC-2023-57 / GHSA-px8h-6qxv-m22q","Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2","Warn: Project is vulnerable to: PYSEC-2023-58 / GHSA-xg9f-g7g7-2323","Warn: Project is vulnerable to: PYSEC-2022-203","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: GHSA-4g8v-vg43-wpgf","Warn: Project is vulnerable to: GHSA-9822-6m93-xqf4","Warn: Project is vulnerable to: GHSA-fwhr-88qx-h9g7","Warn: Project is vulnerable to: GHSA-vfg9-r3fq-jvx4","Warn: Project is vulnerable to: GHSA-vfm5-rmrh-j26v","Warn: Project is vulnerable to: GHSA-x76w-6vjr-8xgj","Warn: Project is vulnerable to: GHSA-cr5q-6q9f-rq6q","Warn: Project is vulnerable to: GHSA-5w6v-399v-w3cc","Warn: Project is vulnerable to: GHSA-mrxw-mxhj-p664","Warn: Project is vulnerable to: GHSA-r95h-9x8f-r3f7","Warn: Project is vulnerable to: GHSA-vvfq-8hwr-qm4m","Warn: Project is vulnerable to: GHSA-xc9x-jj77-9p9j","Warn: Project is vulnerable to: GHSA-68xg-gqqm-vgj8","Warn: Project is vulnerable to: GHSA-9hf4-67fc-4vf4","Warn: Project is vulnerable to: GHSA-c2f4-cvqm-65w2","Warn: Project is vulnerable to: GHSA-22f2-v57c-j9cx","Warn: Project is vulnerable to: GHSA-54rr-7fvw-6x8f","Warn: Project is vulnerable to: GHSA-7g2v-jj9q-g3rg","Warn: Project is vulnerable to: GHSA-7wqh-767x-r66v","Warn: Project is vulnerable to: GHSA-8cgq-6mh2-7j6v","Warn: Project is vulnerable to: GHSA-gjh7-p2fx-99vx","Warn: Project is vulnerable to: GHSA-vpfw-47h7-xj4g","Warn: Project is vulnerable to: GHSA-xj5v-6v4g-jfw6","Warn: Project is vulnerable to: GHSA-2x5m-9ch4-qgrr","Warn: Project is vulnerable to: GHSA-638j-pmjw-jq48","Warn: Project is vulnerable to: GHSA-cfjx-w229-hgx5","Warn: Project is vulnerable to: GHSA-rxv5-gxqc-xx8g","Warn: Project is vulnerable to: GHSA-w8gc-x259-rc7x","Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8","Warn: Project is vulnerable to: GHSA-5866-49gr-22v4","Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6","Warn: Project is vulnerable to: GHSA-vg3r-rm7w-2xgh","Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3","Warn: Project is vulnerable to: GHSA-hxx2-7vcw-mqr3","Warn: Project is vulnerable to: GHSA-6f62-3596-g6w7","Warn: Project is vulnerable to: GHSA-r995-q44h-hr64","Warn: Project is vulnerable to: GHSA-8mq4-9jjh-9xrc","Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2020-0017 / GHSA-w73w-5m7g-f7qc","Warn: Project is vulnerable to: GHSA-q7pp-wcgr-pffx","Warn: Project is vulnerable to: GHSA-fv92-fjc5-jj9h","Warn: Project is vulnerable to: GO-2024-3302 / GHSA-px8v-pp82-rcvr","Warn: Project is vulnerable to: GO-2025-3638 / GHSA-pmc3-p9hx-jq96","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T10:48:35.198Z","repository_id":161318168,"created_at":"2025-08-19T10:48:35.198Z","updated_at":"2025-08-19T10:48:35.198Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29006881,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-02T04:25:24.522Z","status":"ssl_error","status_checked_at":"2026-02-02T04:24:51.069Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","dsl","go","security","security-tools"],"created_at":"2024-08-01T21:00:39.260Z","updated_at":"2026-02-02T06:17:49.789Z","avatar_url":"https://github.com/yaklang.png","language":"Go","funding_links":[],"categories":["Development","开发工具\u0026框架"],"sub_categories":["Programming"],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://yaklang.io/\"\u003e\u003cimg src=\"imgs/yaklang-logo.png\" style=\"width: 400px\"/\u003e\u003c/a\u003e \n\u003ch2 align=\"center\"\u003eDSL designed for CyberSecurity Domain\u003c/h2\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://img.shields.io/github/issues-pr/yaklang/yaklang\"\u003e\n\u003ca href=\"https://github.com/yaklang/yaklang/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/downloads/yaklang/yaklang/total\"\u003e\n\u003ca href=\"https://github.com/yaklang/yaklang/graphs/contributors\"\u003e\u003cimg src=\"https://img.shields.io/github/contributors-anon/yaklang/yaklang\"\u003e\n\u003ca href=\"https://github.com/yaklang/yaklang/releases/\"\u003e\u003cimg src=\"https://img.shields.io/github/release/yaklang/yaklang\"\u003e\n\u003ca href=\"https://github.com/yaklang/yaklang/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues-raw/yaklang/yaklang\"\u003e\n\u003ca href=\"https://deepwiki.com/yaklang/yaklang\"\u003e\u003cimg src=\"https://deepwiki.com/badge.svg\" alt=\"Ask DeepWiki\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/yaklang/yaklang/blob/main/LICENSE.md\"\u003e\u003cimg src=\"https://img.shields.io/github/license/yaklang/yaklang\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#Quick Start\"\u003eQuick Start\u003c/a\u003e •\n  \u003ca href=\"https://yaklang.com/docs/intro\"\u003eOfficial Documentation\u003c/a\u003e •\n  \u003ca href=\"https://github.com/yaklang/yaklang/issues\"\u003eFeedback\u003c/a\u003e •\n  \u003ca href=\"https://yaklang.com/api-manual/intro\"\u003eAPI Reference\u003c/a\u003e •\n  \u003ca href=\"#Contributing Code\"\u003eContributing Code\u003c/a\u003e •\n  \u003ca href=\"#Community \"\u003eCommunity\u003c/a\u003e •\n  \u003ca href=\"#Project Architecture\"\u003eProject Architecture\u003c/a\u003e \n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n:book:Languages: \u003ca href=\"https://github.com/yaklang/yaklang/blob/main/README.md\"\u003eEnglish\u003c/a\u003e • \n \u003ca href=\"https://github.com/yaklang/yaklang/blob/main/README_ZH.md\"\u003e中文\u003c/a\u003e \n\u003c/p\u003e\n\n---\n\n# YAK: A CDSL-Centric Cybersecurity Technology Stack\n\nYAK is a large-scale cybersecurity technology stack built around a domain-specific language. It spans compiler technology, security infrastructure, vulnerability analysis, and many other areas. Its compiler core components include:\n\n- CDSL Yaklang: a domain-specific language for cybersecurity\n- YakVM: a dedicated virtual machine for the cybersecurity DSL\n- YAK SSA: a static single assignment form optimized for static analysis\n- SyntaxFlow: a DSL for syntax pattern matching and vulnerability signature modeling\n- LSP DSP Server: language-server-protocol and debug-server-protocol services\n\n![yaklang-architecture](imgs/yaklang-ecosystem.png)\n\n## CDSL-Yaklang\n\nCDSL stands for Cybersecurity Domain Specific Language.\n\nThe Yaklang team combined the philosophy of domain-specific languages to create the CDSL concept and built the Yak (also called Yaklang) language around it to power infrastructure and ecosystem development.\n\nYaklang is a high-level programming language designed for the cybersecurity field. It offers strong typing with dynamic characteristics and supports both bytecode compilation and interpreted execution.\n\nIts runtime depends only on YakVM, delivering \"write once, run anywhere\" execution as long as YakVM is deployed.\n\nYaklang became fully open source in 2023 under the academic guidance of the School of Cyberspace Security at the University of Electronic Science and Technology of China. The Yaklang.io R\u0026D team iterated on it for years, covering extensive foundational security capabilities and supporting macOS, Linux, and Windows out of the box.\n\n### Advantages of CDSL-Yaklang\n\n- Simplicity: CDSL-based security products naturally separate business intent from capability layers, keeping solutions intuitive.\n- Usability: Non-specialists can build security products with CDSL and avoid the information gap common in engineering-heavy tooling.\n- Flexibility: A CDSL can be used standalone or embedded. Users write DSL scripts to implement strategies and detection rules that directly express their reasoning without excessive boilerplate.\n\n## YAK Capability Infrastructure\n\nYaklang's infrastructure revolves around two cores—general-purpose capabilities plus security capabilities. The foundational layer provides development and runtime support on par with Go/Python, covering operating systems and storage, network I/O, data and encoding processing, AI and automation, and comprehensive application frameworks. The upper security layer targets the full cybersecurity lifecycle: web security, network mapping and scanning, exploit payloads, traffic analysis and monitoring, vulnerability data and analytics, and infrastructure simulation. Clear dependency relationships connect the two—foundational HTTP, regex, filesystem, and concurrency libraries underpin crawlers, PoCs, fuzzers, Nuclei-compatible engines, traffic interception, and fingerprint recognition, while vertical security modules feed improvements back into the base.\n\nThe overall design emphasizes modularity, composability, and extensibility: from CLI/logging/context/performance profiling to JSON/YAML/XML, media processing, speech recognition, and document conversion; from TCP/UDP/TLS/SSH, user-space network stacks, and intelligent payload delivery to AI agent frameworks and lightweight application construction. Together they form a scripting- and engineering-friendly ecosystem that lets developers build general-purpose software, security testing workflows, offensive/defensive simulations, and automation pipelines with one language and library stack.\n\n![yaklang-libraries](imgs/yaklang-libs.jpg)\n\nWithin this capability infrastructure, Yaklang already provides complete general-purpose and security foundations. What brings these capabilities to diverse roles and turns them into productivity is the user ecosystem and interaction layer. Through a unified language (Yaklang), virtual machine and compilation/execution engine (YAKVM), and tooling for development and security work, the foundational libraries become visual, orchestratable, and extensible workflows. The core entry point, Yakit, is both a GUI platform and Yaklang IDE: it unifies script editing, runtime debugging, log monitoring, workflow orchestration, plugin management, rule/PoC reuse, data analysis, and report generation so developers, security researchers, enterprise teams, and system administrators can collaborate within a single workspace and project capabilities into practical scenarios.\n\n# YAK User Ecosystem and Yakit\n\nA key application in the YAK ecosystem is Yakit. It is more than a graphical entry point—it is Yaklang's native IDE that converts the infrastructure's general-purpose and security capabilities into deliverable productivity through visualization, modularization, and orchestration. Visit https://github.com/yaklang/yakit to explore the project and download releases.\n\n* Role coverage: security researchers, developers, system administrators, enterprise users, penetration testers, and more can access the Yaklang capability stack through a unified interaction layer.\n* Interaction-layer components:\n  * Yakit (GUI/IDE): Yaklang's flagship entry and IDE with code editing, runtime debugging, visual workflow orchestration, logs/events, plugin marketplace, rule/PoC management, data analytics, and reporting.\n  * Yak CLI: scripting and pipeline integration for CI/CD and automation scenarios.\n  * VSCode/IDE plugins: extensions for mainstream editors that provide syntax highlighting, LSP/DSP features, syntax-flow analysis, and static auditing hints.\n  * Engine and platform: the Yaklang core language plus the YAKVM execution engine, offering a strongly typed, dynamic, compilable runtime tuned for high-concurrency security workloads.\n  * SSA and SyntaxFlow: foundational layers for code auditing and static analysis.\n  * IRify: a Yak-based auditing platform that supports multi-language analysis and report generation.\n  * Capability delivery: network I/O, concurrency, filesystem, data processing/parsing, and specialized engines (MITM, fuzzing, scanning and exploitation, port/protocol multiplexing) are organized through the interaction layer into repeatable workflows.\n\n![user-ecosystem](imgs/user-ecosystem.jpg)\n\n- Why choose Yakit as the IDE:\n  - Unified development experience: authoring Yak scripts, dependency management, local execution, remote execution, log inspection, and performance profiling all happen inside Yakit.\n  - Direct access to security capabilities: crawlers, fuzzers, Nuclei compatibility, MITM/traffic analysis, fingerprint recognition, PoC validation, and report generation are integrated as native plugins and modules, reducing glue code and context switching.\n  - Workflow and automation: integrations with AI agents, task orchestration, and rule/PoC marketplaces weave general-purpose and security capabilities into reusable, scenario-driven solutions.\n  - Team collaboration and extensibility: the plugin store and community ecosystem support sharing scripts, rules, and best practices. Enterprises can wrap Yakit or integrate it into existing platforms through secondary development and third-party integrations.\n- Relationship with CLI/VSCode:\n  - Yak CLI focuses on automation, batch work, and pipelines, making it suitable for CI/CD or operations systems.\n  - VSCode/IDE plugins target developers who prefer mainstream editors and provide lightweight editing and auditing assistance.\n  - All three share the same language and capability stack, with Yakit offering the most complete visualization and operations features.\n\n## Yaklang Command-Line Software\n\nYAK can also be used from the command line, which is convenient for professionals and developers.\n\n### Install via command line\n\nFollow the guidance at **https://www.yaklang.com/** or **https://www.yaklang.io/**, or execute:\n\n#### macOS / Linux\n\n```bash\nbash \u003c(curl -sS -L http://oss.yaklang.io/install-latest-yak.sh)\n```\n\n#### Windows\n\n```bash\npowershell (new-object System.Net.WebClient).DownloadFile('https://yaklang.oss-cn-beijing.aliyuncs.com/yak/latest/yak_windows_amd64.exe','yak_windows_amd64.exe') \u0026\u0026 yak_windows_amd64.exe install \u0026\u0026 del /f yak_windows_amd64.exe\n```\n\n## Community\n\n1. Use the Yaklang or Yakit issue trackers to discuss topics or share feedback in either English or Chinese—we respond as quickly as possible.\n2. Users in mainland China can follow the \"Yak Project\" WeChat public account to join the community and group chats.\n\n## Contributing Code\n\nThis is an advanced topic—please make sure you understand Yaklang's overall structure before contributing.\n\nIf you intend to modify the core syntax of Yaklang or YakVM, contact the R\u0026D team first.\n\nIf you only want to extend libraries or fix bugs, feel free to submit a PR (ideally with unit tests) to help us maintain quality.\n\n## Project Members\n\n### Maintainer\n\n[v1ll4n](https://github.com/VillanCh): Yak Project Maintainer.\n\n### yaklang Core Developers / Active Contributors\n\n1. [z3](https://github.com/OrangeWatermelon)\n2. [Longlone](https://github.com/way29)\n3. [Go0p](https://github.com/Go0p)\n4. [Matrix-Cain](https://github.com/Matrix-Cain)\n5. [bcy2007](https://github.com/bcy2007)\n6. [naiquan](https://github.com/naiquann)\n7. [Rookie-is](https://github.com/Rookie-is)\n8. [wlingze](https://github.com/wlingze)\n\n## Open-Source License\n\nThis repository uses the AGPL, a strict and contagious open-source license. If you use this codebase, your derived code must also be open source.\n\n1. Mandatory open sourcing of network services: any service you operate with this code must publish its source to uphold open-source principles online.\n2. Other terms match the GPL: free open source, open modification, and open derivatives.\n\nThis repository is intended for personal open-source research and learning.\n\n## Acknowledgements\n\nThe project is academically advised by Professor Zhang Xiaosong from the School of Cyberspace Security at the University of Electronic Science and Technology of China.\n\n\u003ch3 align=\"center\"\u003e\n\u003cimg src=\"imgs/lab-logo.png\" style=\"width: 150px\"/\u003e\n\u003c/h3\u003e\n\n### Fundamental Theory\n\n1. Alonzo Church, \"A set of postulates for the foundation of logic\", Annals of Mathematics, 33(2), 346-366, 1932.\n2. Dana Scott, Christopher Strachey, \"Toward a mathematical semantics for computer languages\", Proceedings of the Symposium on Computers and Automata, Microwave Research Institute Symposia Series Vol. 21, New York, 1971.\n3. Henk Barendregt, Wil Dekkers, Richard Statman, Lambda Calculus with Types, Perspectives in Logic. Cambridge University Press, 2013.\n4. Braun, M., Buchwald, S., Hack, S., Leißa, R., Mallon, C., Zwinkau, A. (2013). Simple and Efficient Construction of Static Single Assignment Form. In: Jhala, R., De Bosschere, K. (eds) Compiler Construction. CC 2013. Lecture Notes in Computer Science, vol 7791. Springer, Berlin, Heidelberg.\n\n### Engineering Technology\n\n1. Terence Parr, \"The Definitive ANTLR 4 Reference\", Pragmatic Bookshelf, 2013.\n2. Terence Parr, \"Simplifying Complex Networks Using Temporal Pattern Mining: The Case of AT\u0026T's Observed Data Network\", Dissertation, 1995.\n3. Terence Parr, Russell Quong, \"ANTLR: A Predicated-LL(k) Parser Generator\", Journal of Software Practice and Experience, July 1995.\n4. Google Inc., \"Protocol Buffers\", https://developers.google.com/protocol-buffers, 2020.\n5. Google Inc., \"gRPC\", https://grpc.io/, 2020.\n6. Microsoft Inc., \"Monaco Editor\", https://microsoft.github.io/monaco-editor/, 2020.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyaklang%2Fyaklang","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyaklang%2Fyaklang","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyaklang%2Fyaklang/lists"}