pkgproxy

package module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 1, 2025 License: MIT Imports: 4 Imported by: 0

README

Go Reference CI CVE Scan Go Report Card CodeQL GitHub go.mod Go version GitHub License

pkgproxy

pkgproxy is a proxy and a cli for pkg.go.dev service. It allows to query package and get info using REST API and a command line.

CLI

Install the binary

go install github.com/qba73/pkgproxy/cmd/pkg@latest

Getting help

pkg
Usage: pkg package

Checks the Go package, and reports basic information.

Examples

Getting information about Go packages
pkg github.com/bitfield/weaver | jq .

{
  "name": "github.com/bitfield/weaver",
  "repository": "github.com/bitfield/weaver",
  "version": "v0.3.3",
  "publishedDate": "Apr 20, 2025",
  "license": "MIT",
  "imports": "15",
  "importedBy": "0",
  "validGomod": "Yes",
  "redistributableLicense": "Yes",
  "taggedVersion": "Yes",
  "stableVersion": "No"
}

pkg go.opentelemetry.io/otel | jq .

{
  "name": "go.opentelemetry.io/otel",
  "repository": "github.com/open-telemetry/opentelemetry-go",
  "version": "v1.37.0",
  "publishedDate": "Jun 25, 2025",
  "license": "Apache-2.0",
  "imports": "5",
  "importedBy": "12,010",
  "validGomod": "Yes",
  "redistributableLicense": "Yes",
  "taggedVersion": "Yes",
  "stableVersion": "Yes"
}

pkg github.com/qba73/meteo | jq .

{
  "name": "github.com/qba73/meteo",
  "repository": "github.com/qba73/meteo",
  "version": "v0.0.0",
  "publishedDate": "Jun 10, 2025",
  "license": "MIT",
  "imports": "14",
  "importedBy": "0",
  "validGomod": "Yes",
  "redistributableLicense": "Yes",
  "taggedVersion": "No",
  "stableVersion": "No"
}
Using pkg with scorecard

Checking OpenSSF score for a Go package.

  1. Generate and export GITHUB_AUTH_TOKEN env var.

  2. Verify scorecard is installed:

scorecard version
         __  ____     ____    ___    ____    _____    ____      _      ____    ____
        / / / ___|   / ___|  / _ \  |  _ \  | ____|  / ___|    / \    |  _ \  |  _ \
       / /  \___ \  | |     | | | | | |_) | |  _|   | |       / _ \   | |_) | | | | |
  _   / /    ___) | | |___  | |_| | |  _ <  | |___  | |___   / ___ \  |  _ <  | |_| |
 (_) /_/    |____/   \____|  \___/  |_| \_\ |_____|  \____| /_/   \_\ |_| \_\ |____/
./scorecard: OpenSSF Scorecard

GitVersion:    5.2.1
GitCommit:     ab2f6e92482462fe66246d9e32f642855a691dc1
GitTreeState:  clean
BuildDate:     2025-05-30T16:02:02Z
GoVersion:     go1.24.3
Compiler:      gc
Platform:      darwin/arm64

To check the score, we need to pass the Go package URL. But what if we have only the package name? This is where the pkg CLI comes in handy. pkg queries the pkg.go.dev service for information and returns package info in JSON format.

  1. Send a query to pkg.go.dev:
pkg go.opentelemetry.io/otel | jq -r '.repository'

response:

github.com/open-telemetry/opentelemetry-go
  1. Send a query to scorecard
scorecard --repo github.com/open-telemetry/opentelemetry-go --format json | jq .score

9.6

How to use pkg and scorecard together?

scorecard --repo $(pkg go.opentelemetry.io/otel | jq -r '.repository' ) --format json | jq .score

response:

9.6

scorecard --repo $(pkg github.com/qba73/inspector | jq -r '.repository' ) --format json | jq .score

response:

6.4

Documentation

Overview

Package pkgproxy provides functions for getting Go package data from pkg.go.dev.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetJSON 

func GetJSON(name string) (string, error)

GetJSON takes a name representing the Go package name and returns JSON representation of the package info or an error.

It uses default PkgCollector configured to interact with pkg.go.dev.

Types

type Package 

type Package struct {
	Name                   string `json:"name"`
	Repository             string `json:"repository"`
	Version                string `json:"version"`
	PublishedDate          string `json:"publishedDate"`
	License                string `json:"license"`
	Imports                string `json:"imports"`
	ImportedBy             string `json:"importedBy"`
	ValidGoMod             string `json:"validGomod"`
	RedistributableLicense string `json:"redistributableLicense"`
	TaggedVersion          string `json:"taggedVersion"`
	StableVersion          string `json:"stableVersion"`
}

Package represents information about Go package received from the pkg.go.dev.

func Get 

func Get(name string) Package

Get takes a string representing Go pkg name and returns the Package info. It uses default collector configured to interact with pkg.go.dev.

type PkgCollector 

type PkgCollector struct {
	BaseURL   string
	Collector *colly.Collector
}

PkgCollector represents the web scraper (collector).

func NewPkgCollector 

func NewPkgCollector() *PkgCollector

NewPkCollector configures and returns defualt PkgCollector ready to interact with pkg.go.dev.

The collector creates a default cache dir `.pkg_cache`.

func (*PkgCollector) Get 

func (p *PkgCollector) Get(pkgName string) Package

Get takes the Go package name, collects information and returns Package type populated with data.

Source Files

View all Source files

Directories

Path Synopsis
cmd
pkg command
examples
custom_colly_collector command
simple command
simple_json command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.