archives
An open API service for inspecting package archives and files from many open source software ecosystems.
Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (15.3%) to scientific vocabulary
Keywords from Contributors
Repository
An open API service for inspecting package archives and files from many open source software ecosystems.
Basic Info
- Host: GitHub
- Owner: ecosyste-ms
- License: agpl-3.0
- Language: Ruby
- Default Branch: main
- Homepage: https://archives.ecosyste.ms
- Size: 1.19 MB
Statistics
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 2
- Releases: 0
Metadata Files
README.md
Ecosyste.ms: Archives
An open API service for inspecting package archives and files from many open source software ecosystems.
What is Archives?
Archives provides a unified HTTP API to explore the contents of package archives (tarballs, zip files, etc.) from various package registries without needing to download and extract them locally. It acts as a caching proxy that:
- Lists files within package archives from npm, PyPI, RubyGems, and other ecosystems
- Fetches file contents directly from archives without full downloads
- Extracts metadata like READMEs and changelogs from packages
- Caches responses to improve performance and reduce load on upstream registries
Use Cases
- Security scanning: Inspect package contents for vulnerabilities without downloading
- Documentation extraction: Automatically fetch README files from packages
- Dependency analysis: Explore package structures and dependencies
- Package validation: Verify package contents match expectations
- Research: Analyze package ecosystems at scale
This project is part of Ecosyste.ms: Tools and open datasets to support, sustain, and secure critical digital infrastructure.
API
Documentation for the REST API is available here: https://archives.ecosyste.ms/docs
Quick Start
The API accepts URLs to package archives as parameters. These URLs typically point to: - npm package tarballs (e.g., from registry.npmjs.org) - PyPI package wheels/tarballs (e.g., from files.pythonhosted.org) - RubyGems .gem files (e.g., from rubygems.org) - Other package archive formats (zip, tar.gz, etc.)
Example API Calls
List files in an archive
```bash GET /api/v1/archives/list?url=https://registry.npmjs.org/express/-/express-4.18.2.tgz
Returns: JSON array of file paths in the archive
["package.json", "README.md", "lib/express.js", ...] ```
Get contents of a specific file
```bash GET /api/v1/archives/contents?url=https://registry.npmjs.org/express/-/express-4.18.2.tgz&path=package.json
Returns: JSON object with file contents
{ "name": "package.json", "directory": false, "contents": "{\n \"name\": \"express\",\n \"version\": \"4.18.2\",\n ..." } ```
Extract README
```bash GET /api/v1/archives/readme?url=https://registry.npmjs.org/express/-/express-4.18.2.tgz
Returns: README content in multiple formats (raw, HTML, plain text)
```
Rate Limits
The default rate limit for the API is 5000/req per hour based on your IP address, get in contact if you need to to increase your rate limit.
Development
For development and deployment documentation, check out DEVELOPMENT.md
Contribute
Please do! The source code is hosted at GitHub. If you want something, open an issue or a pull request.
If you need want to contribute but don't know where to start, take a look at the issues tagged as "Help Wanted".
You can also help triage issues. This can include reproducing bug reports, or asking for vital information such as version numbers or reproduction instructions.
Finally, this is an open source project. If you would like to become a maintainer, we will consider adding you if you contribute frequently to the project. Feel free to ask.
For other updates, follow the project on Twitter: @ecosyste_ms.
Note on Patches/Pull Requests
- Fork the project.
- Make your feature addition or bug fix.
- Add tests for it. This is important so we don't break it in a future version unintentionally.
- Send a pull request. Bonus points for topic branches.
Vulnerability disclosure
We support and encourage security research on Ecosyste.ms under the terms of our vulnerability disclosure policy.
Code of Conduct
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.
Maintainers
This project is maintained by the Ecosyste.ms team. You can reach us at:
- Email: support@ecosyste.ms
- Twitter: @ecosyste_ms
- GitHub: ecosyste-ms
Project lead: Andrew Nesbitt
Copyright
Code is licensed under GNU Affero License © 2023 Andrew Nesbitt.
Data from the API is licensed under CC BY-SA 4.0.
Owner
- Name: Ecosystems
- Login: ecosyste-ms
- Kind: organization
- Email: hello@ecosyste.ms
- Location: United Kingdom
- Website: https://ecosyste.ms
- Twitter: ecosyste_ms
- Repositories: 37
- Profile: https://github.com/ecosyste-ms
Tools and open datasets to support, sustain, and secure critical digital infrastructure
Citation (CITATION.cff)
cff-version: 1.2.0
title: 'Ecosyste.ms: Archives'
message: >-
If you use this software, please cite it using the
metadata from this file.
type: software
authors:
- given-names: Andrew
family-names: Nesbitt
email: andrew@ecosyste.ms
orcid: 'https://orcid.org/0009-0007-2710-1118'
repository-code: 'https://github.com/ecosyste-ms/archives'
url: 'https://archives.ecosyste.ms'
abstract: >-
An open API service for inspecting package archives and files from many open source software ecosystems.
keywords:
- open source
- package management
- software
license: AGPL-3.0
GitHub Events
Total
- Issues event: 2
- Watch event: 1
- Delete event: 146
- Issue comment event: 123
- Push event: 118
- Pull request review event: 3
- Pull request review comment event: 4
- Pull request event: 290
- Create event: 148
Last Year
- Issues event: 2
- Watch event: 1
- Delete event: 146
- Issue comment event: 123
- Push event: 118
- Pull request review event: 3
- Pull request review comment event: 4
- Pull request event: 290
- Create event: 148
Committers
Last synced: 8 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Andrew Nesbitt | a****z@g****m | 317 |
| dependabot[bot] | 4****] | 241 |
| github-actions[bot] | g****] | 6 |
Issues and Pull Requests
Last synced: 8 months ago
All Time
- Total issues: 5
- Total pull requests: 682
- Average time to close issues: 16 days
- Average time to close pull requests: 2 days
- Total issue authors: 4
- Total pull request authors: 3
- Average comments per issue: 0.8
- Average comments per pull request: 0.73
- Merged pull requests: 105
- Bot issues: 0
- Bot pull requests: 678
Past Year
- Issues: 2
- Pull requests: 356
- Average time to close issues: 2 days
- Average time to close pull requests: 2 days
- Issue authors: 2
- Pull request authors: 3
- Average comments per issue: 0.5
- Average comments per pull request: 0.74
- Merged pull requests: 44
- Bot issues: 0
- Bot pull requests: 352
Top Authors
Issue Authors
- andrew (2)
- magzim21 (1)
- simkim (1)
- jhiesey (1)
Pull Request Authors
- dependabot[bot] (665)
- github-actions[bot] (13)
- andrew (4)
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- actions/checkout v3 composite
- actions/setup-node v3.6.0 composite
- ruby/setup-ruby v1 composite
- ruby 3.2.1-alpine build
- mocha >= 0 development
- rails-controller-testing >= 0 development
- shoulda >= 0 development
- web-console >= 0 development
- webmock >= 0 development
- bootsnap >= 0
- bootstrap >= 0
- jbuilder >= 0
- nokogiri >= 0
- puma ~> 6.1
- rack-attack >= 0
- rack-attack-rate-limit >= 0
- rack-cors >= 0
- rails ~> 7.0.4
- rswag-api >= 0
- rswag-ui >= 0
- sassc-rails >= 0
- sprockets-rails >= 0
- typhoeus >= 0
- actioncable 7.0.4.2
- actionmailbox 7.0.4.2
- actionmailer 7.0.4.2
- actionpack 7.0.4.2
- actiontext 7.0.4.2
- actionview 7.0.4.2
- activejob 7.0.4.2
- activemodel 7.0.4.2
- activerecord 7.0.4.2
- activestorage 7.0.4.2
- activesupport 7.0.4.2
- addressable 2.8.1
- autoprefixer-rails 10.4.7.0
- bindex 0.8.1
- bootsnap 1.16.0
- bootstrap 5.2.3
- builder 3.2.4
- concurrent-ruby 1.2.0
- crack 0.4.5
- crass 1.0.6
- date 3.3.3
- debug 1.7.1
- erubi 1.12.0
- ethon 0.16.0
- execjs 2.8.1
- ffi 1.15.5
- globalid 1.1.0
- hashdiff 1.0.1
- i18n 1.12.0
- jbuilder 2.11.5
- loofah 2.19.1
- mail 2.8.1
- marcel 1.0.2
- method_source 1.0.0
- mini_mime 1.1.2
- mini_portile2 2.8.1
- minitest 5.17.0
- mocha 2.0.2
- msgpack 1.6.0
- net-imap 0.3.4
- net-pop 0.1.2
- net-protocol 0.2.1
- net-smtp 0.3.3
- nio4r 2.5.8
- nokogiri 1.14.2
- popper_js 2.11.6
- public_suffix 5.0.1
- puma 6.1.0
- racc 1.6.2
- rack 2.2.6.2
- rack-attack 6.6.1
- rack-attack-rate-limit 1.1.0
- rack-cors 2.0.0
- rack-test 2.0.2
- rails 7.0.4.2
- rails-controller-testing 1.0.5
- rails-dom-testing 2.0.3
- rails-html-sanitizer 1.5.0
- railties 7.0.4.2
- rake 13.0.6
- rexml 3.2.5
- rswag-api 2.8.0
- rswag-ui 2.8.0
- ruby2_keywords 0.0.5
- sassc 2.4.0
- sassc-rails 2.1.2
- shoulda 4.0.0
- shoulda-context 2.0.0
- shoulda-matchers 4.5.1
- sprockets 4.2.0
- sprockets-rails 3.4.2
- thor 1.2.1
- tilt 2.0.11
- timeout 0.3.1
- typhoeus 1.4.0
- tzinfo 2.0.6
- web-console 4.2.0
- webmock 3.18.1
- websocket-driver 0.7.5
- websocket-extensions 0.1.5
- zeitwerk 2.6.7