Convenience wrapper for Got to interact with the GitHub API
Installations
npm install gh-gotDeveloper Guide
Typescript
No
Module System
ESM
Min. Node Version
>=14.16
Node Version
14.19.3
NPM Version
8.3.2
Score
97
Supply Chain
99.4
Quality
75.8
Maintenance
100
Vulnerability
100
License
Releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (100%)
Developer
sindresorhus
Download Statistics
Total Downloads
138,133,182
Last Day
70,854
Last Week
309,567
Last Month
1,543,366
Last Year
19,663,717
GitHub Statistics
176 Stars
76 Commits
23 Forks
8 Watching
1 Branches
15 Contributors
Bundle Size
1.32 kB
Minified
734.00 B
Minified + Gzipped
Sponsor this package
Maintainers
Package Meta Information
Latest Version
10.0.0
Package Id
gh-got@10.0.0
Unpacked Size
7.31 kB
Size
3.07 kB
File Count
4
NPM Version
8.3.2
Node Version
14.19.3
Total Downloads
Cumulative downloads
Total Downloads
138,133,182
Last day
-8.7%
70,854
Compared to previous day
Last week
-20.7%
309,567
Compared to previous week
Last month
-1%
1,543,366
Compared to previous month
Last year
39.5%
19,663,717
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
4
gh-got
Convenience wrapper for Got to interact with the GitHub API
Unless you're already using Got, you should probably use GitHub's own @octokit/rest.js or @octokit/graphql.js packages instead.
Install
1npm install gh-got
Usage
Instead of:
1import got from 'got'; 2 3const token = 'foo'; 4 5const {body} = await got('https://api.github.com/users/sindresorhus', { 6 json: true, 7 headers: { 8 'accept': 'application/vnd.github.v3+json', 9 'authorization': `token ${token}` 10 } 11}); 12 13console.log(body.login); 14//=> 'sindresorhus'
You can do:
1import ghGot from 'gh-got'; 2 3const {body} = await ghGot('users/sindresorhus', { 4 context: { 5 token: 'foo' 6 } 7}); 8 9console.log(body.login); 10//=> 'sindresorhus'
Or:
1import ghGot from 'gh-got';
2
3const {body} = await ghGot('https://api.github.com/users/sindresorhus', {
4 context: {
5 token: 'foo'
6 }
7});
8
9console.log(body.login);
10//=> 'sindresorhus'API
Same API as got, including options, the stream API, aliases, pagination, etc, but with some additional options below.
Errors are improved by using the custom GitHub error messages. Doesn't apply to the stream API.
gh-got specific options
token
Type: string
GitHub access token.
Can be set globally with the GITHUB_TOKEN environment variable.
prefixUrl
Type: string
Default: https://api.github.com/
To support GitHub Enterprise.
Can be set globally with the GITHUB_ENDPOINT environment variable.
body
Type: object
Can be specified as a plain object and will be serialized as JSON with the appropriate headers set.
Rate limit
Responses and errors have a .rateLimit property with info about the current rate limit. (This is not yet implemented for the stream API)
1import ghGot from 'gh-got'; 2 3const {rateLimit} = await ghGot('users/sindresorhus'); 4 5console.log(rateLimit); 6//=> {limit: 5000, remaining: 4899, reset: [Date 2018-12-31T20:45:20.000Z]}
Authorization
Authorization for GitHub uses the following logic:
- If
options.headers.authorizationis passed togh-got, then this will be used as first preference. - If
options.tokenis provided, then theauthorizationheader will be set totoken <options.token>. - If
options.headers.authorizationandoptions.tokenare not provided, then theauthorizationheader will be set totoken <process.env.GITHUB_TOKEN>
In most cases, this means you can simply set GITHUB_TOKEN, but it also allows it to be overridden by setting options.token or options.headers.authorization explicitly. For example, if authenticating as a GitHub App, you could do the following:
1import ghGot from 'gh-got'; 2 3const options = { 4 headers: { 5 authorization: `Bearer ${jwt}` 6 } 7}; 8const {body} = await ghGot('app', options); 9 10console.log(body.name); 11//=> 'MyApp'
Pagination
See the Got docs.
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 10/30 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/gh-got/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/gh-got/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:22
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More