osv

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 14, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package osv is the library behind the osv command line: the HTTP client, request shaping, and typed data models for the Google OSV (Open Source Vulnerabilities) API.

The Client here is the spine every command shares. It sets a real User-Agent, paces requests to stay polite, and retries transient failures (429 and 5xx) with exponential backoff.

Index

Constants

View Source
const BaseURL = "https://api.osv.dev/v1"

BaseURL is the OSV v1 API base URL.

View Source
const Host = "api.osv.dev"

Host is the OSV API host.

View Source
const SiteURL = "https://osv.dev"

SiteURL is the OSV web site, used by Locate.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client talks to the OSV API.

func NewClient

func NewClient(cfg Config) *Client

NewClient returns a Client using the supplied Config.

func (*Client) GetVuln

func (c *Client) GetVuln(ctx context.Context, id string) (*Vuln, error)

GetVuln fetches a single vulnerability by ID (GHSA-xxx, CVE-xxx, or OSV-xxx).

func (*Client) Query

func (c *Client) Query(ctx context.Context, ecosystem, name, version string, limit int) ([]Vuln, error)

Query returns vulnerabilities affecting the given package (and optionally version). If version is empty, all known vulnerabilities for the package are returned. If limit > 0, results are truncated to that count.

type Config

type Config struct {
	BaseURL   string
	UserAgent string
	Rate      time.Duration // min gap between requests
	Timeout   time.Duration
	Retries   int
}

Config holds all tunables for the OSV client.

func DefaultConfig

func DefaultConfig() Config

DefaultConfig returns the recommended defaults.

type Domain

type Domain struct{}

Domain is the OSV driver. It carries no state; the per-run client is built by newClient.

func (Domain) Classify

func (Domain) Classify(input string) (uriType, id string, err error)

Classify turns a vulnerability ID or OSV URL into (type, id).

func (Domain) Info

func (Domain) Info() kit.DomainInfo

Info describes the scheme, hostnames matched from pasted links, and the identity used for the binary's help and version.

func (Domain) Locate

func (Domain) Locate(uriType, id string) (string, error)

Locate returns the canonical OSV web URL for a (type, id).

func (Domain) Register

func (Domain) Register(app *kit.App)

Register installs the client factory and every operation onto app.

type Vuln

type Vuln struct {
	ID        string   `json:"id"                kit:"id"`
	Summary   string   `json:"summary"`
	Published string   `json:"published"`
	Modified  string   `json:"modified"`
	Details   string   `json:"details,omitempty" kit:"body"`
	CVSSScore string   `json:"cvss_score,omitempty"`
	Packages  []string `json:"affected_packages,omitempty"`
}

Vuln is a flat record extracted from the OSV API response.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL