{"id":4397,"url":"https://github.com/curl/curl","last_synced_at":"2026-05-16T12:20:47.709Z","repository":{"id":844074,"uuid":"569041","full_name":"curl/curl","owner":"curl","description":"A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features","archived":false,"fork":false,"pushed_at":"2026-04-17T16:12:31.000Z","size":135647,"stargazers_count":41334,"open_issues_count":28,"forks_count":7131,"subscribers_count":764,"default_branch":"master","last_synced_at":"2026-04-17T19:08:26.201Z","etag":null,"topics":["c","client","curl","ftp","gopher","hacktoberfest","http","https","imaps","ldap","libcurl","library","mqtt","pop3","scp","sftp","transfer-data","transferring-data","user-agent","websocket"],"latest_commit_sha":null,"homepage":"https://curl.se/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curl.png","metadata":{"files":{"readme":"README","changelog":"CHANGES.md","contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"COPYING","code_of_conduct":"docs/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":"docs/GOVERNANCE.md","roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"curl","open_collective":"curl"}},"created_at":"2010-03-18T22:32:22.000Z","updated_at":"2026-04-17T17:37:36.000Z","dependencies_parsed_at":"2024-11-05T13:37:42.975Z","dependency_job_id":"b3b1003e-7835-421d-9df5-fecba28d98ce","html_url":"https://github.com/curl/curl","commit_stats":{"total_commits":33455,"total_committers":1348,"mean_commits":"24.818249258160236","dds":0.4447466746375729,"last_synced_commit":"a79f20d37612fbc1150a01840967b95a210a574d"},"previous_names":[],"tags_count":252,"template":false,"template_full_name":null,"purl":"pkg:github/curl/curl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curl%2Fcurl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curl%2Fcurl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curl%2Fcurl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curl%2Fcurl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curl","download_url":"https://codeload.github.com/curl/curl/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curl%2Fcurl/sbom","scorecard":{"id":307301,"data":{"date":"2022-11-09","repo":{"name":"github.com/curl/curl","commit":"ca76c79b34f9d90105674a2151bf228ff7b13bef"},"scorecard":{"version":"v4.8.0","commit":"c40859202d739b31fd060ac5b30d17326cd74275"},"score":6.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":10,"reason":"badge detected: gold","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"0 out of last 30 changesets reviewed before merge -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"40 different organizations found -- score normalized to 10","details":["Info: contributors work for Bumblebee-Project,Debian,GitHub-Stars,HTTPArchive,NEAT-project,Pivotal-DataFabric,Rockbox,SOCI,TKCERT,c-ares,cloudflare,cpredef,csutils,curl,e2ebridge,git,git-for-windows,gitgitgadget,greenplum-db,harbour,head of @tkcert,itkinside,libssh2,logrotate,maintainers,maven-nar,microsoft,mpv-player,msysgit,phpseclib,pwr-Solaar,pycurl,quicwg,red hat,scheer pas schweiz ag,stratum0,teamviewer,vmware,wireshark,wolfssl"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":0,"reason":"no update tool detected","details":["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.","Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed with [OSSFuzz]","details":null,"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: : COPYING:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) out of 30 and 25 issue activity out of 30 found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/codeql-analysis.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fuzz.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/fuzz.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fuzz.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/fuzz.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/fuzz.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/hacktoberfest-accepted.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/hacktoberfest-accepted.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linkcheck.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/linkcheck.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linkcheck.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/linkcheck.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linux.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/linux.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ngtcp2-gnutls.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/ngtcp2-gnutls.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ngtcp2-wolfssl.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/ngtcp2-wolfssl.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proselint.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/proselint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/reuse.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/reuse.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/reuse.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spellcheck.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/spellcheck.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/spellcheck.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/spellcheck.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/torture.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/torture.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/wolfssl.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/wolfssl.yml/master?enable=pin","Warn: downloadThenRun not pinned by hash: scripts/zuul/before_script.sh:100","Warn: pipCommand not pinned by hash: .github/workflows/linux.yml:111","Warn: downloadThenRun not pinned by hash: .github/workflows/linux.yml:179","Warn: pipCommand not pinned by hash: .github/workflows/macos.yml:94","Warn: pipCommand not pinned by hash: .github/workflows/macos.yml:153","Warn: pipCommand not pinned by hash: .github/workflows/ngtcp2-gnutls.yml:39","Warn: pipCommand not pinned by hash: .github/workflows/ngtcp2-wolfssl.yml:39","Warn: pipCommand not pinned by hash: .github/workflows/torture.yml:43","Warn: pipCommand not pinned by hash: .github/workflows/wolfssl.yml:43","Info: Dockerfile dependencies are pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Warn: no pull requests merged into dev branch","Info: SAST tool detected: CodeQL"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy detected in current repo: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":8,"reason":"5 out of 5 artifacts are signed or have provenance","details":["Warn: release artifact curl-7_86_0 does not have provenance: https://api.github.com/repos/curl/curl/releases/81001958","Info: signed release artifact: curl-7.86.0.tar.bz2.asc: https://api.github.com/repos/curl/curl/releases/assets/82294632","Warn: release artifact curl-7_85_0 does not have provenance: https://api.github.com/repos/curl/curl/releases/75854325","Info: signed release artifact: curl-7.85.0.tar.bz2.asc: https://api.github.com/repos/curl/curl/releases/assets/76386220","Warn: release artifact curl-7_84_0 does not have provenance: https://api.github.com/repos/curl/curl/releases/70606405","Info: signed release artifact: curl-7.84.0.tar.bz2.asc: https://api.github.com/repos/curl/curl/releases/assets/69746115","Warn: release artifact curl-7_83_1 does not have provenance: https://api.github.com/repos/curl/curl/releases/66546156","Info: signed release artifact: curl-7.83.1.tar.bz2.asc: https://api.github.com/repos/curl/curl/releases/assets/65139760","Warn: release artifact curl-7_83_0 does not have provenance: https://api.github.com/repos/curl/curl/releases/65432414","Info: signed release artifact: curl-7.83.0.tar.bz2.asc: https://api.github.com/repos/curl/curl/releases/assets/63764161"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"non read-only tokens detected in GitHub workflows","details":["Warn: topLevel 'statuses' permission set to 'write': .github/workflows/appveyor-status.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/appveyor-status.yml/master?enable=permissions","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql-analysis.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/codeql-analysis.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/fuzz.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/fuzz.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/linkcheck.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/linkcheck.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/linux.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/linux.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/macos.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/macos.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/ngtcp2-gnutls.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/ngtcp2-gnutls.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/ngtcp2-wolfssl.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/ngtcp2-wolfssl.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/proselint.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/proselint.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/reuse.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/reuse.yml/master?enable=permissions","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/scorecards.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/spellcheck.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/spellcheck.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/torture.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/torture.yml/master?enable=permissions","Warn: no topLevel permission defined: .github/workflows/wolfssl.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/curl/curl/wolfssl.yml/master?enable=permissions"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"no vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c40859202d739b31fd060ac5b30d17326cd74275/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T22:23:47.463Z","repository_id":844074,"created_at":"2025-08-17T22:23:47.463Z","updated_at":"2025-08-17T22:23:47.463Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31992822,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T20:23:30.271Z","status":"online","status_checked_at":"2026-04-19T02:00:07.110Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","client","curl","ftp","gopher","hacktoberfest","http","https","imaps","ldap","libcurl","library","mqtt","pop3","scp","sftp","transfer-data","transferring-data","user-agent","websocket"],"created_at":"2024-01-11T16:53:22.021Z","updated_at":"2026-04-19T06:21:09.626Z","avatar_url":"https://github.com/curl.png","language":"C","project_url":"https://opencollective.ecosyste.ms/api/v1/projects/4397","html_url":"https://opencollective.ecosyste.ms/projects/4397","collective":{"id":3158,"uuid":"re0adkjr-v8xwm697-7akq7z5n-4l93bgoy","slug":"curl","name":"curl","description":"client-side internet transfers","website":"https://curl.se/","github":"curl","twitter":null,"repository_url":null,"social_links":[{"type":"WEBSITE","url":"https://curl.se/"},{"type":"GITHUB","url":"https://github.com/curl"}],"currency":"USD","projects_count":24,"last_synced_at":"2026-06-02T18:15:26.758Z","created_at":"2024-01-10T13:17:54.505Z","updated_at":"2026-06-02T18:16:20.387Z","transactions_count":4913,"balance":135655.32999999548,"account_type":"COLLECTIVE","owner":{"login":"curl","name":"curl","uuid":"16928085","kind":"organization","description":"groks those URLs","email":null,"website":"https://curl.se/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/16928085?v=4","repositories_count":19,"last_synced_at":"2024-10-29T22:39:02.898Z","metadata":{"has_sponsors_listing":true},"html_url":"https://github.com/curl","funding_links":["https://github.com/sponsors/curl"],"total_stars":43587,"followers":933,"following":0,"created_at":"2022-11-02T16:30:59.991Z","updated_at":"2024-10-29T22:39:02.898Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curl","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curl/repositories"},"last_project_activity_at":"2026-04-26T14:57:08.000Z","archived":false,"no_funding":false,"no_license":false,"host":"opensource","collective_created_at":"2018-04-04T12:00:43.468Z","collective_updated_at":"2025-02-04T23:30:36.910Z","html_url":"https://opencollective.com/curl","icon_url":"https://images.opencollective.com/curl/logo/40.png","total_donations":419060.17999999574,"total_expenses":-321037.7300000029,"current_balance":135655.32999999548,"api_url":"https://opencollective.ecosyste.ms/api/v1/collectives/curl","url":"https://opencollective.ecosyste.ms/collectives/curl","projects_url":"https://opencollective.ecosyste.ms/api/v1/collectives/curl/projects"}}