npmpackage.info

@bufbuild/buf-darwin-x64

The best way of working with Protocol Buffers.

1.47.2

9,229

Apache-2.0

Installations

npm install @bufbuild/buf-darwin-x64

Score

Supply Chain

35.8

Quality

97.2

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

9

Total

2,573

Closed

491

Merged

2,073

Issues

Open

39

Total

875

Closed

836

Releases

159

v1.47.2

Published on 14 Nov 2024

v1.47.1

Published on 14 Nov 2024

v1.47.0

Published on 13 Nov 2024

v1.46.0

Published on 29 Oct 2024

v1.45.0

Published on 08 Oct 2024

v1.44.0

Published on 03 Oct 2024

View all 159 releases

Contributors

View all 91 contributors

Developer

bufbuild

Developer Guide

BETA

Module System

Unable to determine the module system for this package.

Min. Node Version

>=12

Typescript Support

No

Node Version

18.20.4

NPM Version

10.7.0 Statistics

9,229 Stars

2,220 Commits

280 Forks

80 Watching

35 Branches

91 Contributors

Updated on 29 Nov 2024

Languages

Go (98.91%)

Makefile (0.68%)

Shell (0.41%)

Total Downloads

Cumulative downloads

Total Downloads

1,173,990

Last day

-26.9%

4,258

Compared to previous day

Last week

4.4%

33,943

Compared to previous week

Last month

48.1%

137,417

Compared to previous month

Last year

229.1%

900,365

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

No dependencies detected.

Versions

Buf

The buf CLI is the best tool for working with Protocol Buffers. It provides:

A linter that enforces good API design choices and structure.
A breaking change detector that enforces compatibility at the source code or wire level.
A generator that invokes your plugins based on configurable templates.
A formatter that formats your Protobuf files in accordance with industry standards.
Integration with the Buf Schema Registry, including full dependency management.

Installation

Homebrew

You can install buf using Homebrew (macOS or Linux):

1brew install bufbuild/buf/buf

This installs:

The buf, protoc-gen-buf-breaking, and protoc-gen-buf-lint binaries
Shell completion scripts for Bash, Fish, Powershell, and zsh

Other methods

For other installation methods, see our official documentation, which covers:

Installing buf via npm
Installing buf on Windows
Using buf as a Docker image
Installing as a binary, from a tarball, and from source through GitHub Releases
Verifying releases using a minisign public key

Usage

Buf's help interface provides summaries for commands and flags:

1buf --help

For more comprehensive usage information, consult Buf's documentation, especially these guides:

CLI breaking change policy

We will never make breaking changes within a given major version of the CLI. After buf reached v1.0, you can expect no breaking changes until v2.0. But as we have no plans to ever release a v2.0, we will likely never break the buf CLI.

This breaking change policy does not apply to commands behind the buf beta gate, and you should expect breaking changes to commands like buf beta registry. The policy does go into effect, however, when those commands or flags are elevated out of beta.

Our goals for Protobuf

Buf's goal is to replace the current paradigm of API development, centered around REST/JSON, with a schema-driven paradigm. Defining APIs using an IDL provides numerous benefits over REST/JSON, and Protobuf is by far the most stable and widely adopted IDL in the industry. We've chosen to build on this widely trusted foundation rather than creating a new IDL from scratch.

But despite its technical merits, actually using Protobuf has long been more challenging than it needs to be. The Buf CLI and the BSR are the cornerstones of our effort to change that for good and to make Protobuf reliable and easy to use for service owners and clients alike—in other words, to create a modern Protobuf ecosystem.

While we intend to incrementally improve on the buf CLI and the BSR, we're confident that the basic groundwork for such an ecosystem is already in place.

The Buf Schema Registry

The Buf Schema Registry (BSR) is a SaaS platform for managing your Protobuf APIs. It provides a centralized registry and a single source of truth for all of your Protobuf assets, including not just your .proto files but also remote plugins. Although the BSR provides an intuitive browser UI, buf enables you to perform most BSR-related tasks from the command line, such as pushing Protobuf sources to the registry and managing users and repositories.

The BSR is not required to use buf. We've made the core features of the buf CLI available to all Protobuf users.

More advanced CLI features

While buf's core features should cover most use cases, we've included some more advanced features to cover edge cases:

Automatic file discovery. Buf walks your file tree and builds your .proto files in accordance with your supplied build configuration, which means that you no longer need to manually specify --proto_paths. You can still, however, specify .proto files manually through CLI flags in cases where file discovery needs to be disabled.
Fine-grained rule configuration for linting and breaking changes. While we do have recommended defaults, you can always select the exact set of rules that your use case requires, with 40 lint rules and 53 breaking change rules available.
Configurable error formats for CLI output. buf outputs information in file:line:column:message form by default for each lint error and breaking change it encounters, but you can also select JSON, MSVS, JUnit, and Github Actions output.
Editor integration driven by buf's granular error output. We currently provide linting integrations for both Vim and Visual Studio Code and JetBrains IDEs like IntelliJ and GoLand, but we plan to support other editors such as Emacs in the future.
Universal Input targeting. Buf enables you to perform actions like linting and breaking change detection not just against local .proto files but also against a broad range of other Inputs, such as tarballs and ZIP files, remote Git repositories, and pre-built image files.
Speed. Buf's internal Protobuf compiler compiles your Protobuf sources using all available cores without compromising deterministic output, which is considerably faster than protoc. This allows for near-instantaneous feedback, which is of special importance for features like editor integration.

Next steps

Once you've installed buf, we recommend completing the CLI tutorial, which provides a broad but hands-on overview of the core functionality of the CLI. The tour takes about 10 minutes to complete.

After completing the tour, check out the remainder of the docs for your specific areas of interest.

Community

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/back-to-development.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/back-to-development.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/back-to-development.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/back-to-development.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/create-release-pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/create-release-pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-changelog.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/verify-changelog.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile.buf:1
Warn: containerImage not pinned by hash: Dockerfile.buf:16: pin your Docker image by updating alpine:3.20.3 to alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
Warn: containerImage not pinned by hash: Dockerfile.workspace:1: pin your Docker image by updating golang:1.23-alpine3.20 to golang:1.23-alpine3.20@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574
Warn: containerImage not pinned by hash: make/buf/docker/Dockerfile.release:1: pin your Docker image by updating golang:1.22-bookworm to golang:1.22-bookworm@sha256:475ff60e52faaf037be2e7a1bc2ea5ea4aaa3396274af3def6545124a18b99b4
Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 6 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned
Info: 1 out of 1 goCommand dependencies pinned

Score

5.5

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More