Gathering detailed insights and metrics for gh-got
Gathering detailed insights and metrics for gh-got
Convenience wrapper for Got to interact with the GitHub API
Installations
npm install gh-gotDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=14.16
Node Version
14.19.3
NPM Version
8.3.2
Score
96.8
Supply Chain
99.4
Quality
75.8
Maintenance
100
Vulnerability
100
License
Releases
4
Languages
1
JavaScript
JavaScript (100%)
Developer
sindresorhus
Download Statistics
Total Downloads
144,972,886
Last Day
81,760
Last Week
469,093
Last Month
1,963,576
Last Year
21,353,960
GitHub Statistics
MIT License
177 Stars
76 Commits
23 Forks
7 Watchers
1 Branches
15 Contributors
Updated on Apr 22, 2025
Bundle Size
1.32 kB
Minified
734.00 B
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
10.0.0
Package Id
gh-got@10.0.0
Unpacked Size
7.31 kB
Size
3.07 kB
File Count
4
NPM Version
8.3.2
Node Version
14.19.3
Total Downloads
Cumulative downloads
Total Downloads
144,972,886
Last Day
-19.1%
81,760
Compared to previous day
Last Week
-9%
469,093
Compared to previous week
Last Month
12.5%
1,963,576
Compared to previous month
Last Year
44.9%
21,353,960
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
4
gh-got
Convenience wrapper for Got to interact with the GitHub API
Unless you're already using Got, you should probably use GitHub's own @octokit/rest.js or @octokit/graphql.js packages instead.
Install
1npm install gh-got
Usage
Instead of:
1import got from 'got'; 2 3const token = 'foo'; 4 5const {body} = await got('https://api.github.com/users/sindresorhus', { 6 json: true, 7 headers: { 8 'accept': 'application/vnd.github.v3+json', 9 'authorization': `token ${token}` 10 } 11}); 12 13console.log(body.login); 14//=> 'sindresorhus'
You can do:
1import ghGot from 'gh-got'; 2 3const {body} = await ghGot('users/sindresorhus', { 4 context: { 5 token: 'foo' 6 } 7}); 8 9console.log(body.login); 10//=> 'sindresorhus'
Or:
1import ghGot from 'gh-got';
2
3const {body} = await ghGot('https://api.github.com/users/sindresorhus', {
4 context: {
5 token: 'foo'
6 }
7});
8
9console.log(body.login);
10//=> 'sindresorhus'API
Same API as got, including options, the stream API, aliases, pagination, etc, but with some additional options below.
Errors are improved by using the custom GitHub error messages. Doesn't apply to the stream API.
gh-got specific options
token
Type: string
GitHub access token.
Can be set globally with the GITHUB_TOKEN environment variable.
prefixUrl
Type: string
Default: https://api.github.com/
To support GitHub Enterprise.
Can be set globally with the GITHUB_ENDPOINT environment variable.
body
Type: object
Can be specified as a plain object and will be serialized as JSON with the appropriate headers set.
Rate limit
Responses and errors have a .rateLimit property with info about the current rate limit. (This is not yet implemented for the stream API)
1import ghGot from 'gh-got'; 2 3const {rateLimit} = await ghGot('users/sindresorhus'); 4 5console.log(rateLimit); 6//=> {limit: 5000, remaining: 4899, reset: [Date 2018-12-31T20:45:20.000Z]}
Authorization
Authorization for GitHub uses the following logic:
- If
options.headers.authorizationis passed togh-got, then this will be used as first preference. - If
options.tokenis provided, then theauthorizationheader will be set totoken <options.token>. - If
options.headers.authorizationandoptions.tokenare not provided, then theauthorizationheader will be set totoken <process.env.GITHUB_TOKEN>
In most cases, this means you can simply set GITHUB_TOKEN, but it also allows it to be overridden by setting options.token or options.headers.authorization explicitly. For example, if authenticating as a GitHub App, you could do the following:
1import ghGot from 'gh-got'; 2 3const options = { 4 headers: { 5 authorization: `Bearer ${jwt}` 6 } 7}; 8const {body} = await ghGot('app', options); 9 10console.log(body.name); 11//=> 'MyApp'
Pagination
See the Got docs.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 10/30 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/gh-got/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/gh-got/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:22
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2025-05-12
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More