Gathering detailed insights and metrics for @bufbuild/buf-darwin-x64
Gathering detailed insights and metrics for @bufbuild/buf-darwin-x64
Installations
npm install @bufbuild/buf-darwin-x64Score
96
Supply Chain
35.8
Quality
97.2
Maintenance
100
Vulnerability
100
License
Releases
159
Contributors
91
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
![buf-release-bot[bot]](https://avatars.githubusercontent.com/in/251311?v=4){kind=avatar}
Developer
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
>=12
Typescript Support
No
Node Version
18.20.4
NPM Version
10.7.0
Statistics
9,229 Stars
2,220 Commits
280 Forks
80 Watching
35 Branches
91 Contributors
Updated on 29 Nov 2024
Languages
Go (98.91%)
Makefile (0.68%)
Shell (0.41%)
Total Downloads
Cumulative downloads
Total Downloads
1,173,990
Last day
-26.9%
4,258
Compared to previous day
Last week
4.4%
33,943
Compared to previous week
Last month
48.1%
137,417
Compared to previous month
Last year
229.1%
900,365
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Versions
Buf
The buf CLI is the best tool for working with Protocol Buffers. It provides:
- A linter that enforces good API design choices and structure.
- A breaking change detector that enforces compatibility at the source code or wire level.
- A generator that invokes your plugins based on configurable templates.
- A formatter that formats your Protobuf files in accordance with industry standards.
- Integration with the Buf Schema Registry, including full dependency management.
Installation
Homebrew
You can install buf using Homebrew (macOS or Linux):
1brew install bufbuild/buf/buf
This installs:
- The
buf,protoc-gen-buf-breaking, andprotoc-gen-buf-lintbinaries - Shell completion scripts for Bash, Fish, Powershell, and zsh
Other methods
For other installation methods, see our official documentation, which covers:
- Installing
bufvia npm - Installing
bufon Windows - Using
bufas a Docker image - Installing as a binary, from a tarball, and from source through GitHub Releases
- Verifying releases using a minisign public key
Usage
Buf's help interface provides summaries for commands and flags:
1buf --help
For more comprehensive usage information, consult Buf's documentation, especially these guides:
buf breakingbuf buildbuf generatebuf lintbuf formatbuf registry(for using the BSR)
CLI breaking change policy
We will never make breaking changes within a given major version of the CLI. After buf reached v1.0, you can expect no breaking changes until v2.0. But as we have no plans to ever release a v2.0, we will likely never break the buf CLI.
This breaking change policy does not apply to commands behind the
buf betagate, and you should expect breaking changes to commands likebuf beta registry. The policy does go into effect, however, when those commands or flags are elevated out of beta.
Our goals for Protobuf
Buf's goal is to replace the current paradigm of API development, centered around REST/JSON, with a schema-driven paradigm. Defining APIs using an IDL provides numerous benefits over REST/JSON, and Protobuf is by far the most stable and widely adopted IDL in the industry. We've chosen to build on this widely trusted foundation rather than creating a new IDL from scratch.
But despite its technical merits, actually using Protobuf has long been more challenging than it needs to be. The Buf CLI and the BSR are the cornerstones of our effort to change that for good and to make Protobuf reliable and easy to use for service owners and clients alike—in other words, to create a modern Protobuf ecosystem.
While we intend to incrementally improve on the buf CLI and the BSR, we're confident that the basic groundwork for such an ecosystem is already in place.
The Buf Schema Registry
The Buf Schema Registry (BSR) is a SaaS platform for managing your Protobuf APIs. It provides a centralized registry and a single source of truth for all of your Protobuf assets, including not just your .proto files but also remote plugins. Although the BSR provides an intuitive browser UI, buf enables you to perform most BSR-related tasks from the command line, such as pushing Protobuf sources to the registry and managing users and repositories.
The BSR is not required to use
buf. We've made the core features of thebufCLI available to all Protobuf users.
More advanced CLI features
While buf's core features should cover most use cases, we've included some more advanced features to cover edge cases:
- Automatic file discovery. Buf walks your file tree and builds your
.protofiles in accordance with your supplied build configuration, which means that you no longer need to manually specify--proto_paths. You can still, however, specify.protofiles manually through CLI flags in cases where file discovery needs to be disabled. - Fine-grained rule configuration for linting and breaking changes. While we do have recommended defaults, you can always select the exact set of rules that your use case requires, with 40 lint rules and 53 breaking change rules available.
- Configurable error formats for CLI output.
bufoutputs information infile:line:column:messageform by default for each lint error and breaking change it encounters, but you can also select JSON, MSVS, JUnit, and Github Actions output. - Editor integration driven by
buf's granular error output. We currently provide linting integrations for both Vim and Visual Studio Code and JetBrains IDEs like IntelliJ and GoLand, but we plan to support other editors such as Emacs in the future. - Universal Input targeting. Buf enables you to perform actions like linting and breaking change detection not just against local
.protofiles but also against a broad range of other Inputs, such as tarballs and ZIP files, remote Git repositories, and pre-built image files. - Speed. Buf's internal Protobuf compiler compiles your Protobuf sources using all available cores without compromising deterministic output, which is considerably faster than
protoc. This allows for near-instantaneous feedback, which is of special importance for features like editor integration.
Next steps
Once you've installed buf, we recommend completing the CLI tutorial, which provides a broad but hands-on overview of the core functionality of the CLI. The tour takes about 10 minutes to complete.
After completing the tour, check out the remainder of the docs for your specific areas of interest.
Community
For help and discussion around Protobuf, best practices, and more, join us on Slack.
For updates on the Buf CLI, follow this repo on GitHub.
For feature requests, bugs, or technical questions, email us at dev@buf.build. For general inquiries or inclusion in our upcoming feature betas, email us at info@buf.build.
No vulnerabilities found.
Reason
30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yaml:68
Reason
0 existing vulnerabilities detected
Reason
5 out of the last 5 releases have a total of 5 signed artifacts.
Details
- Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.47.2
- Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.47.1
- Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.47.0
- Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.46.0
- Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.45.0
- Warn: release artifact v1.47.2 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/185440718
- Warn: release artifact v1.47.1 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/185428440
- Warn: release artifact v1.47.0 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/185266000
- Warn: release artifact v1.46.0 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/182562066
- Warn: release artifact v1.45.0 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/178973850
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' github.event.inputs.version || github.head_ref': .github/workflows/build-and-draft-release.yaml:19
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/add-to-project.yaml:1
- Warn: no topLevel permission defined: .github/workflows/back-to-development.yaml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/buf-binary-size.yaml:5
- Info: topLevel 'contents' permission set to 'read': .github/workflows/buf-ci.yaml:8
- Warn: no topLevel permission defined: .github/workflows/build-and-draft-release.yaml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/ci.yaml:5
- Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql.yaml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yaml:8
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/codeql.yaml:9
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql.yaml:10
- Warn: no topLevel permission defined: .github/workflows/create-release-pr.yaml:1
- Warn: no topLevel permission defined: .github/workflows/make-upgrade.yaml:1
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/notify-approval-bypass.yaml:9
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pr-title.yaml:5
- Info: topLevel permissions set to 'read-all': .github/workflows/previous.yaml:5
- Warn: no topLevel permission defined: .github/workflows/verify-changelog.yaml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/windows.yaml:5
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/back-to-development.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/back-to-development.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/back-to-development.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/back-to-development.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/create-release-pr.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/create-release-pr.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-changelog.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/verify-changelog.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile.buf:1
- Warn: containerImage not pinned by hash: Dockerfile.buf:16: pin your Docker image by updating alpine:3.20.3 to alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
- Warn: containerImage not pinned by hash: Dockerfile.workspace:1: pin your Docker image by updating golang:1.23-alpine3.20 to golang:1.23-alpine3.20@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574
- Warn: containerImage not pinned by hash: make/buf/docker/Dockerfile.release:1: pin your Docker image by updating golang:1.22-bookworm to golang:1.22-bookworm@sha256:475ff60e52faaf037be2e7a1bc2ea5ea4aaa3396274af3def6545124a18b99b4
- Info: 0 out of 33 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 containerImage dependencies pinned
- Info: 1 out of 1 goCommand dependencies pinned
Score
5.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More