Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cassanof/advisory-query
Server to query GitHub's advisory for a malicious package
https://github.com/cassanof/advisory-query
Last synced: about 2 months ago
JSON representation
Server to query GitHub's advisory for a malicious package
- Host: GitHub
- URL: https://github.com/cassanof/advisory-query
- Owner: cassanof
- Created: 2022-07-20T21:51:17.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-08-03T19:55:53.000Z (over 2 years ago)
- Last Synced: 2024-06-21T12:55:58.744Z (7 months ago)
- Language: Go
- Size: 76.2 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# A very simple server for querying GitHub's advisory for a malicious NPM package
## GitHub PAT API Key
You will need to put your PAT key in the `.env` file. For this project, you only need the `read:packages` permissions to be turned on.
It is possible to put more than one api key, such that if you get rate limited, the keys will rotate.
To do that, use this syntax (including the space in between):
`GITHUB_API_KEYS=", , "`
#### Supported ecosystems
- `rust`
- `npm`
- `pip`
#### Example
example query (for querying the `jquery` package from the `npm` ecosystem):
```
http GET http://127.0.0.1:13400/api/vuln/npm/jquery
```
output (as of when i'm writing this):
```json
[
{
"badness": 7.95,
"range": ">= 1.7.1, <= 1.8.3"
},
{
"badness": 3.1,
"range": "< 1.9.0"
},
{
"badness": 3.1,
"range": ">= 1.2, < 3.5.0"
},
{
"badness": 3.1,
"range": ">= 1.0.3, < 3.5.0"
},
{
"badness": 3.1,
"range": "< 3.4.0"
},
{
"badness": 3,
"range": "> 2.1.0, < 3.0.0"
},
{
"badness": 3,
"range": "< 3.0.0"
}
]
```