{"id":358219,"url":"https://github.com/deezer/spleeter","last_synced_at":"2026-05-15T04:30:40.012Z","repository":{"id":37250513,"uuid":"211124697","full_name":"deezer/spleeter","owner":"deezer","description":"Deezer source separation library including pretrained models.","archived":false,"fork":false,"pushed_at":"2025-04-02T16:22:20.000Z","size":9630,"stargazers_count":28188,"open_issues_count":275,"forks_count":3062,"subscribers_count":394,"default_branch":"master","last_synced_at":"2026-04-29T09:07:19.559Z","etag":null,"topics":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"latest_commit_sha":null,"homepage":"https://research.deezer.com/projects/spleeter.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deezer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-26T15:40:46.000Z","updated_at":"2026-04-28T16:44:33.000Z","dependencies_parsed_at":"2022-07-14T08:32:16.098Z","dependency_job_id":"a630d4c5-2e43-476b-a2d4-e724da539577","html_url":"https://github.com/deezer/spleeter","commit_stats":{"total_commits":472,"total_committers":22,"mean_commits":"21.454545454545453","dds":0.6440677966101696,"last_synced_commit":"13c771b8e1c2f0c3ea3001821dd70bcf445797d0"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/deezer/spleeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/sbom","scorecard":{"id":332315,"data":{"date":"2025-08-11","repo":{"name":"github.com/deezer/spleeter","commit":"64daa5a9172aa33ba155f051184528c4e969ad8e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 3/6 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/conda.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/conda.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-0.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-1.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-9.2.dockerfile:2","Warn: containerImage not pinned by hash: docker/spleeter-conda.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter-model.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter.dockerfile:3","Warn: downloadThenRun not pinned by hash: docker/conda.dockerfile:4-15","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:55","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:56","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:10","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:11","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/deezer/spleeter/releases/21022168","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/deezer/spleeter/releases/21022168"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:54:52.634Z","repository_id":37250513,"created_at":"2025-08-18T03:54:52.635Z","updated_at":"2025-08-18T03:54:52.635Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32964461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-12T23:30:32.555Z","status":"online","status_checked_at":"2026-05-13T02:00:07.132Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"owner":{"login":"deezer","name":"Deezer","uuid":"4393583","kind":"organization","description":"","email":"deezerdevs@deezer.com","website":"http://developers.deezer.com/","location":"Paris","twitter":"deezerdevs","company":null,"icon_url":"https://avatars.githubusercontent.com/u/4393583?v=4","repositories_count":68,"last_synced_at":"2024-04-16T09:41:11.296Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/deezer","funding_links":[],"total_stars":25771,"followers":184,"following":0,"created_at":"2022-11-05T10:30:39.159Z","updated_at":"2024-04-16T09:41:21.396Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer/repositories"},"packages":[{"id":5303626,"name":"spleeter-gpu","ecosystem":"conda","description":null,"homepage":"https://github.com/deezer/spleeter","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/deezer/spleeter","keywords_array":[],"namespace":null,"versions_count":9,"first_release_published_at":"2019-11-22T12:05:43.000Z","latest_release_published_at":"2020-06-18T09:40:56.000Z","latest_release_number":"1.5.3","last_synced_at":"2026-01-01T02:08:40.825Z","created_at":"2022-10-03T16:15:18.572Z","updated_at":"2026-01-01T02:08:40.826Z","registry_url":"https://anaconda.org/conda-forge/spleeter-gpu","install_command":"conda install -c conda-forge spleeter-gpu","documentation_url":null,"metadata":{},"repo_metadata":{"id":37250513,"uuid":"211124697","full_name":"deezer/spleeter","owner":"deezer","description":"Deezer source separation library including pretrained models.","archived":false,"fork":false,"pushed_at":"2025-04-02T16:22:20.000Z","size":9630,"stargazers_count":27457,"open_issues_count":271,"forks_count":3031,"subscribers_count":396,"default_branch":"master","last_synced_at":"2025-10-18T22:10:47.122Z","etag":null,"topics":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"latest_commit_sha":null,"homepage":"https://research.deezer.com/projects/spleeter.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deezer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-26T15:40:46.000Z","updated_at":"2025-10-18T13:20:13.000Z","dependencies_parsed_at":"2022-07-14T08:32:16.098Z","dependency_job_id":"a630d4c5-2e43-476b-a2d4-e724da539577","html_url":"https://github.com/deezer/spleeter","commit_stats":{"total_commits":472,"total_committers":22,"mean_commits":"21.454545454545453","dds":0.6440677966101696,"last_synced_commit":"13c771b8e1c2f0c3ea3001821dd70bcf445797d0"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/deezer/spleeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/sbom","scorecard":{"id":332315,"data":{"date":"2025-08-11","repo":{"name":"github.com/deezer/spleeter","commit":"64daa5a9172aa33ba155f051184528c4e969ad8e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 3/6 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/conda.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/conda.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-0.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-1.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-9.2.dockerfile:2","Warn: containerImage not pinned by hash: docker/spleeter-conda.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter-model.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter.dockerfile:3","Warn: downloadThenRun not pinned by hash: docker/conda.dockerfile:4-15","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:55","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:56","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:10","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:11","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/deezer/spleeter/releases/21022168","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/deezer/spleeter/releases/21022168"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:54:52.634Z","repository_id":37250513,"created_at":"2025-08-18T03:54:52.635Z","updated_at":"2025-08-18T03:54:52.635Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279914369,"owners_count":26243237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-19T02:00:07.647Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"deezer","name":"Deezer","uuid":"4393583","kind":"organization","description":"","email":"deezerdevs@deezer.com","website":"http://developers.deezer.com/","location":"Paris","twitter":"deezerdevs","company":null,"icon_url":"https://avatars.githubusercontent.com/u/4393583?v=4","repositories_count":68,"last_synced_at":"2024-04-16T09:41:11.296Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/deezer","funding_links":[],"total_stars":25771,"followers":184,"following":0,"created_at":"2022-11-05T10:30:39.159Z","updated_at":"2024-04-16T09:41:21.396Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer/repositories"},"tags":[{"name":"v2.3.0","sha":"e65ece883f429ca228f500a21e1d532ea1c3023e","kind":"commit","published_at":"2021-09-03T09:55:05.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v2.3.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v2.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0/manifests"},{"name":"v1.4.0","sha":"556ef2121492d72398a988af1b38b55176f5973a","kind":"commit","published_at":"2019-10-28T13:12:13.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v1.4.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0/manifests"}]},"repo_metadata_updated_at":"2025-10-20T10:39:25.484Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":34.025455452957324,"dependent_packages_count":51.17544297479411,"stargazers_count":1.4674319940104816,"forks_count":2.1162964811579736,"average":22.19615672572997},"purl":"pkg:conda/spleeter-gpu?repository_url=https://conda-forge.org","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/conda/spleeter-gpu","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/conda/spleeter-gpu","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/conda/spleeter-gpu/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-14T19:52:31.521Z","issues_count":173,"pull_requests_count":53,"avg_time_to_close_issue":2218889.470588235,"avg_time_to_close_pull_request":14424743.833333334,"issues_closed_count":51,"pull_requests_closed_count":18,"pull_request_authors_count":29,"issue_authors_count":162,"avg_comments_per_issue":2.867052023121387,"avg_comments_per_pull_request":0.39622641509433965,"merged_pull_requests_count":8,"bot_issues_count":0,"bot_pull_requests_count":10,"past_year_issues_count":28,"past_year_pull_requests_count":11,"past_year_avg_time_to_close_issue":555.0,"past_year_avg_time_to_close_pull_request":53826.0,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":4,"past_year_pull_request_authors_count":6,"past_year_issue_authors_count":27,"past_year_avg_comments_per_issue":0.35714285714285715,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":4,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/issues","maintainers":[{"login":"d-dawg78","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/d-dawg78"},{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"},{"login":"mmoussallam","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mmoussallam"}],"active_maintainers":[{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter-gpu/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter-gpu/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter-gpu/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter-gpu/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter-gpu/codemeta","maintainers":[],"registry":{"name":"conda-forge.org","url":"https://conda-forge.org","ecosystem":"conda","default":false,"packages_count":20636,"maintainers_count":0,"namespaces_count":0,"keywords_count":13542,"github":"conda-forge","metadata":{"kind":"conda-forge","key":"CondaForge","api":"https://conda.anaconda.org","funded_packages_count":2237},"icon_url":"https://github.com/conda-forge.png","created_at":"2022-10-03T15:37:08.743Z","updated_at":"2026-01-11T07:04:02.271Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/namespaces"}},{"id":2929046,"name":"spleeter","ecosystem":"pypi","description":"The Deezer source separation library with pretrained models based on tensorflow.","homepage":"https://github.com/deezer/spleeter","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/deezer/spleeter","keywords_array":[],"namespace":null,"versions_count":27,"first_release_published_at":"2019-10-28T13:40:54.000Z","latest_release_published_at":"2025-04-03T08:14:05.000Z","latest_release_number":"2.4.2","last_synced_at":"2026-01-11T11:39:14.801Z","created_at":"2022-04-10T12:41:27.827Z","updated_at":"2026-01-11T11:39:14.801Z","registry_url":"https://pypi.org/project/spleeter/","install_command":"pip install spleeter --index-url https://pypi.org/simple","documentation_url":"https://spleeter.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Environment :: Console","Environment :: MacOS X","Intended Audience :: Developers","Intended Audience :: Information Technology","Intended Audience :: Science/Research","License :: OSI Approved :: MIT License","Natural Language :: English","Operating System :: MacOS","Operating System :: Microsoft :: Windows","Operating System :: POSIX :: Linux","Operating System :: Unix","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Topic :: Artistic Software","Topic :: Multimedia","Topic :: Multimedia :: Sound/Audio","Topic :: Multimedia :: Sound/Audio :: Analysis","Topic :: Multimedia :: Sound/Audio :: Conversion","Topic :: Multimedia :: Sound/Audio :: Sound Synthesis","Topic :: Scientific/Engineering","Topic :: Scientific/Engineering :: Artificial Intelligence","Topic :: Scientific/Engineering :: Information Analysis","Topic :: Software Development","Topic :: Software Development :: Libraries","Topic :: Software Development :: Libraries :: Python Modules","Topic :: Utilities"],"normalized_name":"spleeter","project_status":null},"repo_metadata":{"id":37250513,"uuid":"211124697","full_name":"deezer/spleeter","owner":"deezer","description":"Deezer source separation library including pretrained models.","archived":false,"fork":false,"pushed_at":"2025-04-02T16:22:20.000Z","size":9630,"stargazers_count":27872,"open_issues_count":272,"forks_count":3056,"subscribers_count":394,"default_branch":"master","last_synced_at":"2025-12-16T17:10:29.560Z","etag":null,"topics":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"latest_commit_sha":null,"homepage":"https://research.deezer.com/projects/spleeter.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deezer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-26T15:40:46.000Z","updated_at":"2025-12-16T11:48:48.000Z","dependencies_parsed_at":"2022-07-14T08:32:16.098Z","dependency_job_id":"a630d4c5-2e43-476b-a2d4-e724da539577","html_url":"https://github.com/deezer/spleeter","commit_stats":{"total_commits":472,"total_committers":22,"mean_commits":"21.454545454545453","dds":0.6440677966101696,"last_synced_commit":"13c771b8e1c2f0c3ea3001821dd70bcf445797d0"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/deezer/spleeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/sbom","scorecard":{"id":332315,"data":{"date":"2025-08-11","repo":{"name":"github.com/deezer/spleeter","commit":"64daa5a9172aa33ba155f051184528c4e969ad8e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 3/6 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/conda.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/conda.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-0.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-1.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-9.2.dockerfile:2","Warn: containerImage not pinned by hash: docker/spleeter-conda.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter-model.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter.dockerfile:3","Warn: downloadThenRun not pinned by hash: docker/conda.dockerfile:4-15","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:55","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:56","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:10","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:11","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/deezer/spleeter/releases/21022168","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/deezer/spleeter/releases/21022168"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:54:52.634Z","repository_id":37250513,"created_at":"2025-08-18T03:54:52.635Z","updated_at":"2025-08-18T03:54:52.635Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28169342,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2026-01-02T02:00:06.235Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"deezer","name":"Deezer","uuid":"4393583","kind":"organization","description":"","email":"deezerdevs@deezer.com","website":"http://developers.deezer.com/","location":"Paris","twitter":"deezerdevs","company":null,"icon_url":"https://avatars.githubusercontent.com/u/4393583?v=4","repositories_count":68,"last_synced_at":"2024-04-16T09:41:11.296Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/deezer","funding_links":[],"total_stars":25771,"followers":184,"following":0,"created_at":"2022-11-05T10:30:39.159Z","updated_at":"2024-04-16T09:41:21.396Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer/repositories"},"tags":[]},"repo_metadata_updated_at":"2026-01-04T12:32:53.809Z","dependent_packages_count":2,"downloads":19312,"downloads_period":"last-month","dependent_repos_count":87,"rankings":{"downloads":2.1752551389831023,"dependent_repos_count":1.5932549665340225,"dependent_packages_count":3.157820486179293,"stargazers_count":0.08574499058710547,"forks_count":0.22236534225589352,"docker_downloads_count":3.657076626278185,"average":1.815252925136267},"purl":"pkg:pypi/spleeter","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/spleeter","docker_dependents_count":2,"docker_downloads_count":198,"usage_url":"https://repos.ecosyste.ms/usage/pypi/spleeter","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/spleeter/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-01-01T11:07:44.505Z","issues_count":175,"pull_requests_count":53,"avg_time_to_close_issue":2176221.403846154,"avg_time_to_close_pull_request":14424743.833333334,"issues_closed_count":52,"pull_requests_closed_count":18,"pull_request_authors_count":29,"issue_authors_count":164,"avg_comments_per_issue":2.862857142857143,"avg_comments_per_pull_request":0.39622641509433965,"merged_pull_requests_count":8,"bot_issues_count":0,"bot_pull_requests_count":10,"past_year_issues_count":22,"past_year_pull_requests_count":8,"past_year_avg_time_to_close_issue":352.5,"past_year_avg_time_to_close_pull_request":87121.0,"past_year_issues_closed_count":2,"past_year_pull_requests_closed_count":2,"past_year_pull_request_authors_count":4,"past_year_issue_authors_count":21,"past_year_avg_comments_per_issue":0.45454545454545453,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":2,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/issues","maintainers":[{"login":"d-dawg78","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/d-dawg78"},{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"},{"login":"mmoussallam","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mmoussallam"}],"active_maintainers":[{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter/codemeta","maintainers":[{"uuid":"deezer-research","login":"deezer-research","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/deezer-research/","role":null,"created_at":"2023-01-26T12:23:24.652Z","updated_at":"2023-01-26T12:23:24.652Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/deezer-research/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":775964,"maintainers_count":329396,"namespaces_count":0,"keywords_count":254045,"github":"pypi","metadata":{"funded_packages_count":52061},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2026-01-13T06:25:44.918Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},{"id":5653900,"name":"github.com/Deezer/spleeter","ecosystem":"go","description":null,"homepage":null,"licenses":"mit","normalized_licenses":["MIT"],"repository_url":"https://github.com/Deezer/spleeter","keywords_array":[],"namespace":"github.com/Deezer","versions_count":2,"first_release_published_at":"2019-10-28T13:12:13.000Z","latest_release_published_at":"2021-09-03T09:55:05.000Z","latest_release_number":"v2.3.0+incompatible","last_synced_at":"2026-01-01T11:08:14.698Z","created_at":"2022-12-06T10:38:20.472Z","updated_at":"2026-01-01T11:08:14.698Z","registry_url":"https://pkg.go.dev/github.com/Deezer/spleeter","install_command":"go get github.com/Deezer/spleeter","documentation_url":"https://pkg.go.dev/github.com/Deezer/spleeter#section-documentation","metadata":{},"repo_metadata":{"id":37250513,"uuid":"211124697","full_name":"deezer/spleeter","owner":"deezer","description":"Deezer source separation library including pretrained models.","archived":false,"fork":false,"pushed_at":"2025-04-02T16:22:20.000Z","size":9630,"stargazers_count":27435,"open_issues_count":271,"forks_count":3024,"subscribers_count":396,"default_branch":"master","last_synced_at":"2025-10-10T18:33:06.196Z","etag":null,"topics":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"latest_commit_sha":null,"homepage":"https://research.deezer.com/projects/spleeter.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deezer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-26T15:40:46.000Z","updated_at":"2025-10-10T14:32:14.000Z","dependencies_parsed_at":"2022-07-14T08:32:16.098Z","dependency_job_id":"a630d4c5-2e43-476b-a2d4-e724da539577","html_url":"https://github.com/deezer/spleeter","commit_stats":{"total_commits":472,"total_committers":22,"mean_commits":"21.454545454545453","dds":0.6440677966101696,"last_synced_commit":"13c771b8e1c2f0c3ea3001821dd70bcf445797d0"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/deezer/spleeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/sbom","scorecard":{"id":332315,"data":{"date":"2025-08-11","repo":{"name":"github.com/deezer/spleeter","commit":"64daa5a9172aa33ba155f051184528c4e969ad8e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 3/6 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/conda.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/conda.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-0.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-1.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-9.2.dockerfile:2","Warn: containerImage not pinned by hash: docker/spleeter-conda.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter-model.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter.dockerfile:3","Warn: downloadThenRun not pinned by hash: docker/conda.dockerfile:4-15","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:55","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:56","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:10","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:11","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/deezer/spleeter/releases/21022168","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/deezer/spleeter/releases/21022168"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:54:52.634Z","repository_id":37250513,"created_at":"2025-08-18T03:54:52.635Z","updated_at":"2025-08-18T03:54:52.635Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279010796,"owners_count":26084807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"deezer","name":"Deezer","uuid":"4393583","kind":"organization","description":"","email":"deezerdevs@deezer.com","website":"http://developers.deezer.com/","location":"Paris","twitter":"deezerdevs","company":null,"icon_url":"https://avatars.githubusercontent.com/u/4393583?v=4","repositories_count":68,"last_synced_at":"2024-04-16T09:41:11.296Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/deezer","funding_links":[],"total_stars":25771,"followers":184,"following":0,"created_at":"2022-11-05T10:30:39.159Z","updated_at":"2024-04-16T09:41:21.396Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer/repositories"},"tags":[{"name":"v2.3.0","sha":"e65ece883f429ca228f500a21e1d532ea1c3023e","kind":"commit","published_at":"2021-09-03T09:55:05.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v2.3.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v2.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0/manifests"},{"name":"v1.4.0","sha":"556ef2121492d72398a988af1b38b55176f5973a","kind":"commit","published_at":"2019-10-28T13:12:13.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v1.4.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0/manifests"}]},"repo_metadata_updated_at":"2025-10-20T10:39:11.627Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":9.345852080216646,"dependent_packages_count":6.999148183520997,"stargazers_count":0.07822346322318827,"forks_count":0.1260329256809762,"average":4.137314163160452},"purl":"pkg:golang/github.com/%21deezer/spleeter","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/Deezer/spleeter","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/Deezer/spleeter","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/Deezer/spleeter/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-06T16:38:05.718Z","issues_count":173,"pull_requests_count":53,"avg_time_to_close_issue":2218889.470588235,"avg_time_to_close_pull_request":14424743.833333334,"issues_closed_count":51,"pull_requests_closed_count":18,"pull_request_authors_count":29,"issue_authors_count":162,"avg_comments_per_issue":2.867052023121387,"avg_comments_per_pull_request":0.39622641509433965,"merged_pull_requests_count":8,"bot_issues_count":0,"bot_pull_requests_count":10,"past_year_issues_count":28,"past_year_pull_requests_count":11,"past_year_avg_time_to_close_issue":555.0,"past_year_avg_time_to_close_pull_request":53826.0,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":4,"past_year_pull_request_authors_count":6,"past_year_issue_authors_count":27,"past_year_avg_comments_per_issue":0.35714285714285715,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":4,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/issues","maintainers":[{"login":"d-dawg78","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/d-dawg78"},{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"},{"login":"mmoussallam","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mmoussallam"}],"active_maintainers":[{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FDeezer%2Fspleeter/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FDeezer%2Fspleeter/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FDeezer%2Fspleeter/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FDeezer%2Fspleeter/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2FDeezer%2Fspleeter/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2026066,"maintainers_count":0,"namespaces_count":760804,"keywords_count":112051,"github":"golang","metadata":{"funded_packages_count":52889},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-01-13T07:03:44.289Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},{"id":2929047,"name":"spleeter-gpu","ecosystem":"pypi","description":" The Deezer source separation library with pretrained models based on tensorflow. ","homepage":"https://github.com/deezer/spleeter","licenses":"MIT License","normalized_licenses":["MIT"],"repository_url":"https://github.com/deezer/spleeter","keywords_array":[],"namespace":null,"versions_count":14,"first_release_published_at":"2019-11-21T17:30:33.000Z","latest_release_published_at":"2020-12-04T11:44:05.000Z","latest_release_number":"2.0.2","last_synced_at":"2026-01-01T11:07:55.354Z","created_at":"2022-04-10T12:41:27.868Z","updated_at":"2026-01-01T11:18:42.414Z","registry_url":"https://pypi.org/project/spleeter-gpu/","install_command":"pip install spleeter-gpu --index-url https://pypi.org/simple","documentation_url":"https://spleeter-gpu.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Environment :: Console","Environment :: MacOS X","Intended Audience :: Developers","Intended Audience :: Information Technology","Intended Audience :: Science/Research","License :: OSI Approved :: MIT License","Natural Language :: English","Operating System :: MacOS","Operating System :: Microsoft :: Windows","Operating System :: POSIX :: Linux","Operating System :: Unix","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.6","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: Implementation :: CPython","Topic :: Artistic Software","Topic :: Multimedia","Topic :: Multimedia :: Sound/Audio","Topic :: Multimedia :: Sound/Audio :: Analysis","Topic :: Multimedia :: Sound/Audio :: Conversion","Topic :: Multimedia :: Sound/Audio :: Sound Synthesis","Topic :: Scientific/Engineering","Topic :: Scientific/Engineering :: Artificial Intelligence","Topic :: Scientific/Engineering :: Information Analysis","Topic :: Software Development","Topic :: Software Development :: Libraries","Topic :: Software Development :: Libraries :: Python Modules","Topic :: Utilities"],"normalized_name":"spleeter-gpu","project_status":null},"repo_metadata":{"id":37250513,"uuid":"211124697","full_name":"deezer/spleeter","owner":"deezer","description":"Deezer source separation library including pretrained models.","archived":false,"fork":false,"pushed_at":"2025-04-02T16:22:20.000Z","size":9630,"stargazers_count":27780,"open_issues_count":271,"forks_count":3047,"subscribers_count":394,"default_branch":"master","last_synced_at":"2025-11-19T17:43:42.220Z","etag":null,"topics":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"latest_commit_sha":null,"homepage":"https://research.deezer.com/projects/spleeter.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deezer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-26T15:40:46.000Z","updated_at":"2025-11-19T11:20:25.000Z","dependencies_parsed_at":"2022-07-14T08:32:16.098Z","dependency_job_id":"a630d4c5-2e43-476b-a2d4-e724da539577","html_url":"https://github.com/deezer/spleeter","commit_stats":{"total_commits":472,"total_committers":22,"mean_commits":"21.454545454545453","dds":0.6440677966101696,"last_synced_commit":"13c771b8e1c2f0c3ea3001821dd70bcf445797d0"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/deezer/spleeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/sbom","scorecard":{"id":332315,"data":{"date":"2025-08-11","repo":{"name":"github.com/deezer/spleeter","commit":"64daa5a9172aa33ba155f051184528c4e969ad8e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 3/6 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/conda.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/conda.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-0.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-1.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-9.2.dockerfile:2","Warn: containerImage not pinned by hash: docker/spleeter-conda.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter-model.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter.dockerfile:3","Warn: downloadThenRun not pinned by hash: docker/conda.dockerfile:4-15","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:55","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:56","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:10","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:11","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/deezer/spleeter/releases/21022168","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/deezer/spleeter/releases/21022168"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:54:52.634Z","repository_id":37250513,"created_at":"2025-08-18T03:54:52.635Z","updated_at":"2025-08-18T03:54:52.635Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":285566567,"owners_count":27193546,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-21T02:00:06.175Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"deezer","name":"Deezer","uuid":"4393583","kind":"organization","description":"","email":"deezerdevs@deezer.com","website":"http://developers.deezer.com/","location":"Paris","twitter":"deezerdevs","company":null,"icon_url":"https://avatars.githubusercontent.com/u/4393583?v=4","repositories_count":68,"last_synced_at":"2024-04-16T09:41:11.296Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/deezer","funding_links":[],"total_stars":25771,"followers":184,"following":0,"created_at":"2022-11-05T10:30:39.159Z","updated_at":"2024-04-16T09:41:21.396Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer/repositories"},"tags":[{"name":"v2.3.0","sha":"e65ece883f429ca228f500a21e1d532ea1c3023e","kind":"commit","published_at":"2021-09-03T09:55:05.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v2.3.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v2.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0/manifests"},{"name":"v1.4.0","sha":"556ef2121492d72398a988af1b38b55176f5973a","kind":"commit","published_at":"2019-10-28T13:12:13.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v1.4.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0/manifests"}]},"repo_metadata_updated_at":"2026-01-01T11:18:42.390Z","dependent_packages_count":0,"downloads":66,"downloads_period":"last-month","dependent_repos_count":5,"rankings":{"downloads":32.73517012631848,"dependent_repos_count":6.623305240014657,"dependent_packages_count":10.09540786432578,"stargazers_count":0.08511093045711822,"forks_count":0.22212807859212017,"docker_downloads_count":null,"average":9.952224447941632},"purl":"pkg:pypi/spleeter-gpu","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/spleeter-gpu","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/pypi/spleeter-gpu","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/spleeter-gpu/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-11-10T13:17:56.321Z","issues_count":173,"pull_requests_count":53,"avg_time_to_close_issue":2218889.470588235,"avg_time_to_close_pull_request":14424743.833333334,"issues_closed_count":51,"pull_requests_closed_count":18,"pull_request_authors_count":29,"issue_authors_count":162,"avg_comments_per_issue":2.8901734104046244,"avg_comments_per_pull_request":0.39622641509433965,"merged_pull_requests_count":8,"bot_issues_count":0,"bot_pull_requests_count":10,"past_year_issues_count":25,"past_year_pull_requests_count":8,"past_year_avg_time_to_close_issue":555.0,"past_year_avg_time_to_close_pull_request":87121.0,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":2,"past_year_pull_request_authors_count":4,"past_year_issue_authors_count":24,"past_year_avg_comments_per_issue":0.56,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":2,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/issues","maintainers":[{"login":"d-dawg78","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/d-dawg78"},{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"},{"login":"mmoussallam","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mmoussallam"}],"active_maintainers":[{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter-gpu/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter-gpu/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter-gpu/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter-gpu/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/spleeter-gpu/codemeta","maintainers":[{"uuid":"deezer-research","login":"deezer-research","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/deezer-research/","role":null,"created_at":"2023-01-26T12:23:25.703Z","updated_at":"2023-01-26T12:23:25.703Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/deezer-research/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":775964,"maintainers_count":329396,"namespaces_count":0,"keywords_count":254045,"github":"pypi","metadata":{"funded_packages_count":52061},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2026-01-13T06:25:44.918Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},{"id":4423419,"name":"github.com/deezer/spleeter","ecosystem":"go","description":"","homepage":null,"licenses":"mit","normalized_licenses":["MIT"],"repository_url":"https://github.com/deezer/spleeter","keywords_array":[],"namespace":"github.com/deezer","versions_count":2,"first_release_published_at":"2019-10-28T13:12:13.000Z","latest_release_published_at":"2021-09-03T09:55:05.000Z","latest_release_number":"v2.3.0+incompatible","last_synced_at":"2026-01-01T11:08:44.189Z","created_at":"2022-05-24T13:59:50.060Z","updated_at":"2026-01-01T11:08:44.189Z","registry_url":"https://pkg.go.dev/github.com/deezer/spleeter","install_command":"go get github.com/deezer/spleeter","documentation_url":"https://pkg.go.dev/github.com/deezer/spleeter#section-documentation","metadata":{},"repo_metadata":{"id":37250513,"uuid":"211124697","full_name":"deezer/spleeter","owner":"deezer","description":"Deezer source separation library including pretrained models.","archived":false,"fork":false,"pushed_at":"2025-04-02T16:22:20.000Z","size":9630,"stargazers_count":27457,"open_issues_count":271,"forks_count":3031,"subscribers_count":396,"default_branch":"master","last_synced_at":"2025-10-18T22:10:47.122Z","etag":null,"topics":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"latest_commit_sha":null,"homepage":"https://research.deezer.com/projects/spleeter.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deezer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-26T15:40:46.000Z","updated_at":"2025-10-18T13:20:13.000Z","dependencies_parsed_at":"2022-07-14T08:32:16.098Z","dependency_job_id":"a630d4c5-2e43-476b-a2d4-e724da539577","html_url":"https://github.com/deezer/spleeter","commit_stats":{"total_commits":472,"total_committers":22,"mean_commits":"21.454545454545453","dds":0.6440677966101696,"last_synced_commit":"13c771b8e1c2f0c3ea3001821dd70bcf445797d0"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/deezer/spleeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/sbom","scorecard":{"id":332315,"data":{"date":"2025-08-11","repo":{"name":"github.com/deezer/spleeter","commit":"64daa5a9172aa33ba155f051184528c4e969ad8e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 3/6 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/conda.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/conda.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-0.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-1.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-9.2.dockerfile:2","Warn: containerImage not pinned by hash: docker/spleeter-conda.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter-model.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter.dockerfile:3","Warn: downloadThenRun not pinned by hash: docker/conda.dockerfile:4-15","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:55","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:56","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:10","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:11","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/deezer/spleeter/releases/21022168","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/deezer/spleeter/releases/21022168"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:54:52.634Z","repository_id":37250513,"created_at":"2025-08-18T03:54:52.635Z","updated_at":"2025-08-18T03:54:52.635Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279914369,"owners_count":26243237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-19T02:00:07.647Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"deezer","name":"Deezer","uuid":"4393583","kind":"organization","description":"","email":"deezerdevs@deezer.com","website":"http://developers.deezer.com/","location":"Paris","twitter":"deezerdevs","company":null,"icon_url":"https://avatars.githubusercontent.com/u/4393583?v=4","repositories_count":68,"last_synced_at":"2024-04-16T09:41:11.296Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/deezer","funding_links":[],"total_stars":25771,"followers":184,"following":0,"created_at":"2022-11-05T10:30:39.159Z","updated_at":"2024-04-16T09:41:21.396Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer/repositories"},"tags":[{"name":"v2.3.0","sha":"e65ece883f429ca228f500a21e1d532ea1c3023e","kind":"commit","published_at":"2021-09-03T09:55:05.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v2.3.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v2.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0/manifests"},{"name":"v1.4.0","sha":"556ef2121492d72398a988af1b38b55176f5973a","kind":"commit","published_at":"2019-10-28T13:12:13.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v1.4.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0/manifests"}]},"repo_metadata_updated_at":"2025-10-20T10:39:37.512Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":1,"rankings":{"downloads":null,"dependent_repos_count":4.726210113019375,"dependent_packages_count":9.55954712080186,"stargazers_count":0.08037022413471734,"forks_count":0.1481137048268232,"docker_downloads_count":null,"average":3.628560290695694},"purl":"pkg:golang/github.com/deezer/spleeter","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/deezer/spleeter","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/deezer/spleeter","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/deezer/spleeter/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-14T19:52:31.521Z","issues_count":173,"pull_requests_count":53,"avg_time_to_close_issue":2218889.470588235,"avg_time_to_close_pull_request":14424743.833333334,"issues_closed_count":51,"pull_requests_closed_count":18,"pull_request_authors_count":29,"issue_authors_count":162,"avg_comments_per_issue":2.867052023121387,"avg_comments_per_pull_request":0.39622641509433965,"merged_pull_requests_count":8,"bot_issues_count":0,"bot_pull_requests_count":10,"past_year_issues_count":28,"past_year_pull_requests_count":11,"past_year_avg_time_to_close_issue":555.0,"past_year_avg_time_to_close_pull_request":53826.0,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":4,"past_year_pull_request_authors_count":6,"past_year_issue_authors_count":27,"past_year_avg_comments_per_issue":0.35714285714285715,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":4,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/issues","maintainers":[{"login":"d-dawg78","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/d-dawg78"},{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"},{"login":"mmoussallam","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mmoussallam"}],"active_maintainers":[{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdeezer%2Fspleeter/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdeezer%2Fspleeter/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdeezer%2Fspleeter/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdeezer%2Fspleeter/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdeezer%2Fspleeter/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2026066,"maintainers_count":0,"namespaces_count":760804,"keywords_count":112051,"github":"golang","metadata":{"funded_packages_count":52889},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-01-13T07:03:44.289Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},{"id":5293616,"name":"spleeter","ecosystem":"conda","description":null,"homepage":"https://github.com/deezer/spleeter","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/deezer/spleeter","keywords_array":[],"namespace":null,"versions_count":10,"first_release_published_at":"2019-11-08T20:01:16.000Z","latest_release_published_at":"2020-06-18T09:23:57.000Z","latest_release_number":"1.5.3","last_synced_at":"2026-01-01T02:10:07.688Z","created_at":"2022-10-03T15:55:32.172Z","updated_at":"2026-01-01T02:10:07.688Z","registry_url":"https://anaconda.org/conda-forge/spleeter","install_command":"conda install -c conda-forge spleeter","documentation_url":null,"metadata":{},"repo_metadata":{"id":37250513,"uuid":"211124697","full_name":"deezer/spleeter","owner":"deezer","description":"Deezer source separation library including pretrained models.","archived":false,"fork":false,"pushed_at":"2025-04-02T16:22:20.000Z","size":9630,"stargazers_count":27457,"open_issues_count":271,"forks_count":3031,"subscribers_count":396,"default_branch":"master","last_synced_at":"2025-10-18T22:10:47.122Z","etag":null,"topics":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"latest_commit_sha":null,"homepage":"https://research.deezer.com/projects/spleeter.html","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deezer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-26T15:40:46.000Z","updated_at":"2025-10-18T13:20:13.000Z","dependencies_parsed_at":"2022-07-14T08:32:16.098Z","dependency_job_id":"a630d4c5-2e43-476b-a2d4-e724da539577","html_url":"https://github.com/deezer/spleeter","commit_stats":{"total_commits":472,"total_committers":22,"mean_commits":"21.454545454545453","dds":0.6440677966101696,"last_synced_commit":"13c771b8e1c2f0c3ea3001821dd70bcf445797d0"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/deezer/spleeter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deezer","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/sbom","scorecard":{"id":332315,"data":{"date":"2025-08-11","repo":{"name":"github.com/deezer/spleeter","commit":"64daa5a9172aa33ba155f051184528c4e969ad8e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 3/6 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/conda.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/pypi.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/conda.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/conda.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/docker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/pypi.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/deezer/spleeter/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/conda.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-0.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-10-1.dockerfile:2","Warn: containerImage not pinned by hash: docker/cuda-9.2.dockerfile:2","Warn: containerImage not pinned by hash: docker/spleeter-conda.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter-model.dockerfile:3","Warn: containerImage not pinned by hash: docker/spleeter.dockerfile:3","Warn: downloadThenRun not pinned by hash: docker/conda.dockerfile:4-15","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:55","Warn: pipCommand not pinned by hash: docker/cuda-9.2.dockerfile:56","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:10","Warn: pipCommand not pinned by hash: docker/spleeter.dockerfile:11","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:16","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/deezer/spleeter/releases/21022168","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/deezer/spleeter/releases/21022168"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-cjgq-5qmw-rcj6","Warn: Project is vulnerable to: GHSA-x4wf-678h-2pmq","Warn: Project is vulnerable to: GHSA-8qvm-5x2c-j2w7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T03:54:52.634Z","repository_id":37250513,"created_at":"2025-08-18T03:54:52.635Z","updated_at":"2025-08-18T03:54:52.635Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279914369,"owners_count":26243237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-19T02:00:07.647Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"tags":[{"name":"v2.3.0","sha":"e65ece883f429ca228f500a21e1d532ea1c3023e","kind":"commit","published_at":"2021-09-03T09:55:05.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v2.3.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v2.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v2.3.0/manifests"},{"name":"v1.4.0","sha":"556ef2121492d72398a988af1b38b55176f5973a","kind":"commit","published_at":"2019-10-28T13:12:13.000Z","download_url":"https://codeload.github.com/deezer/spleeter/tar.gz/v1.4.0","html_url":"https://github.com/deezer/spleeter/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/deezer/spleeter@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/tags/v1.4.0/manifests"}]},"repo_metadata_updated_at":"2025-10-20T10:39:25.475Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":2,"rankings":{"downloads":null,"dependent_repos_count":20.240530964618994,"dependent_packages_count":51.58940066869604,"stargazers_count":1.5419931134288138,"forks_count":2.220669694096512,"docker_downloads_count":null,"average":18.89814861021009},"purl":"pkg:conda/spleeter?repository_url=https://conda-forge.org","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/conda/spleeter","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/conda/spleeter","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/conda/spleeter/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-14T19:52:31.521Z","issues_count":173,"pull_requests_count":53,"avg_time_to_close_issue":2218889.470588235,"avg_time_to_close_pull_request":14424743.833333334,"issues_closed_count":51,"pull_requests_closed_count":18,"pull_request_authors_count":29,"issue_authors_count":162,"avg_comments_per_issue":2.867052023121387,"avg_comments_per_pull_request":0.39622641509433965,"merged_pull_requests_count":8,"bot_issues_count":0,"bot_pull_requests_count":10,"past_year_issues_count":28,"past_year_pull_requests_count":11,"past_year_avg_time_to_close_issue":555.0,"past_year_avg_time_to_close_pull_request":53826.0,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":4,"past_year_pull_request_authors_count":6,"past_year_issue_authors_count":27,"past_year_avg_comments_per_issue":0.35714285714285715,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":4,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/issues","maintainers":[{"login":"d-dawg78","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/d-dawg78"},{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"},{"login":"mmoussallam","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mmoussallam"}],"active_maintainers":[{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"},{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages/spleeter/codemeta","maintainers":[],"registry":{"name":"conda-forge.org","url":"https://conda-forge.org","ecosystem":"conda","default":false,"packages_count":20636,"maintainers_count":0,"namespaces_count":0,"keywords_count":13542,"github":"conda-forge","metadata":{"kind":"conda-forge","key":"CondaForge","api":"https://conda.anaconda.org","funded_packages_count":2237},"icon_url":"https://github.com/conda-forge.png","created_at":"2022-10-03T15:37:08.743Z","updated_at":"2026-01-11T07:04:02.271Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/conda-forge.org/namespaces"}}],"commits":{"id":29669,"full_name":"deezer/spleeter","default_branch":"master","total_commits":479,"total_committers":20,"total_bot_commits":0,"total_bot_committers":0,"mean_commits":23.95,"dds":0.6492693110647181,"past_year_total_commits":2,"past_year_total_committers":1,"past_year_total_bot_commits":0,"past_year_total_bot_committers":0,"past_year_mean_commits":2.0,"past_year_dds":0.0,"last_synced_at":"2026-03-11T00:07:14.067Z","last_synced_commit":"64daa5a9172aa33ba155f051184528c4e969ad8e","created_at":"2023-03-07T16:41:39.186Z","updated_at":"2026-03-11T00:05:47.887Z","committers":[{"name":"Félix Voituret","email":"fvoituret@deezer.com","login":null,"count":168},{"name":"Faylixe","email":"felix.voituret@gmail.com","login":"Faylixe","count":110},{"name":"romi1502","email":"rhennequin@deezer.com","login":"romi1502","count":63},{"name":"mmoussallam","email":"manuel.moussallam@deezer.com","login":null,"count":49},{"name":"Dorian Desblancs","email":"dorian.desblancs@mail.mcgill.ca","login":"d-dawg78","count":37},{"name":"akhlif","email":"akhlif@deezer.com","login":null,"count":15},{"name":"Moussallam","email":"manuel.moussallam@gmail.com","login":"mmoussallam","count":14},{"name":"Aurélien Hérault","email":"ah@deezer.com","login":"doky","count":5},{"name":"varnaudo","email":"varnaudo@deezer.com","login":null,"count":4},{"name":"Marshall Scorcio","email":"marshall.scorcio@gmail.com","login":"marshalium","count":2},{"name":"Yusuke Goto","email":"u.suke.goto@gmail.com","login":"yusukegoto","count":2},{"name":"Fabian-Robert Stöter","email":"fabian-robert.stoter@inria.fr","login":null,"count":2},{"name":"Ali Akbar","email":"aliakbar09a@gmail.com","login":"aliakbar09a","count":1},{"name":"Martin Chloride","email":"i@martincl2.me","login":"Martin1994","count":1},{"name":"Rob Moore","email":"rcmoore38@gmail.com","login":"robert-moore","count":1},{"name":"jtagcat","email":"git-514635f7@jtag.cat","login":null,"count":1},{"name":"antoine@antoine-latitude7410","email":"antoine@deezer.com","login":null,"count":1},{"name":"johnwmillr","email":"john.w.millr@gmail.com","login":"johnwmillr","count":1},{"name":"romi1502","email":"email@address.com","login":"useername","count":1},{"name":"valrus","email":"imccowan@gmail.com","login":"valrus","count":1}],"past_year_committers":[{"name":"Moussallam","email":"manuel.moussallam@gmail.com","login":"mmoussallam","count":2}],"commits_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/commits","host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-03-11T00:00:08.884Z","repositories_count":6202591,"commits_count":933851187,"contributors_count":36186115,"owners_count":1149918,"icon_url":"https://github.com/github.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories"}},"issues":{"table":{"full_name":"deezer/spleeter","html_url":"https://github.com/deezer/spleeter","last_synced_at":"2025-12-14T13:00:50.769Z","status":null,"issues_count":174,"pull_requests_count":53,"avg_time_to_close_issue":2218889.470588235,"avg_time_to_close_pull_request":14424743.833333334,"issues_closed_count":51,"pull_requests_closed_count":18,"pull_request_authors_count":29,"issue_authors_count":163,"avg_comments_per_issue":2.8735632183908044,"avg_comments_per_pull_request":0.39622641509433965,"merged_pull_requests_count":8,"bot_issues_count":0,"bot_pull_requests_count":10,"past_year_issues_count":23,"past_year_pull_requests_count":8,"past_year_avg_time_to_close_issue":555.0,"past_year_avg_time_to_close_pull_request":87121.0,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":2,"past_year_pull_request_authors_count":4,"past_year_issue_authors_count":22,"past_year_avg_comments_per_issue":0.6086956521739131,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":2,"created_at":"2023-05-10T21:14:25.900Z","updated_at":"2025-12-14T13:00:50.776Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/deezer%2Fspleeter/issues","issue_labels_count":{"table":{"question":74,"bug":73,"invalid":72,"enhancement":19,"feature":19,"RTMP":2,"windows":2,"model":2,"training":2,"ffmpeg":1,"evaluation":1,"wontfix":1,"next release":1}},"pull_request_labels_count":{"table":{"dependencies":10,"bug":1}},"issue_author_associations_count":{"table":{"NONE":173,"CONTRIBUTOR":1}},"pull_request_author_associations_count":{"table":{"NONE":43,"COLLABORATOR":10}},"issue_authors":{"table":{"schweini":2,"mathpopo":2,"MohammedMehdiTBER":2,"all-the-good-ones-are-gone":2,"bartman081523":2,"DavidDoukhan":2,"hassan8971":2,"s2t2":2,"suraj143rosy":2,"rikdijkstra":2,"LoboMetalurgico":2,"tiwonku":1,"arlins":1,"adefaria":1,"Feliipe93":1,"xiota":1,"abosaqer":1,"ssumitk14":1,"tiagolofi":1,"wal1624":1,"aef5748":1,"nohur7":1,"acronomic":1,"MrBanhBao":1,"seonake":1,"AnkitKundariya":1,"Emaan-Confinality":1,"plwd2022":1,"habib1402":1,"riugomon":1,"dragonjay-lyj":1,"fgohier":1,"spencerTTKK":1,"Niche180":1,"IJH91IJH91":1,"codeananda":1,"seoulan":1,"MonolithFoundation":1,"jonathanrjpereira":1,"afolabiaji":1,"ptsii":1,"DomDXD":1,"kno3a87":1,"farkasfd99":1,"deskstar90":1,"faroit":1,"Slidix99":1,"py660":1,"jujudusud":1,"ayan0074":1,"jackmattsonAI":1,"phalexo":1,"PSCM":1,"daslicht":1,"ilyakonrad":1,"hsduren":1,"binbinxue":1,"Zth9730":1,"bhavesh-hirpara":1,"sujoyrc":1,"abhi-rawat1":1,"MuhammadAarfeen":1,"michaelpeets":1,"Florria2":1,"qzj-ui":1,"YuvalEvron":1,"Bearmboy":1,"adamwelsh":1,"dfengpo":1,"mrlihellohorld":1,"e16m":1,"agur":1,"Axel-Erfurt":1,"nihonium286":1,"Test-Jim":1,"kopi-addict":1,"GGXX000":1,"Adithvinu":1,"Kimi-Arthur":1,"aneeshachankunju1997":1,"hijam8300":1,"pietrop":1,"donaldafeith":1,"1inaccessible":1,"gitinmathew":1,"ensonic":1,"DidaDidaDidaD":1,"spuder":1,"oluwabajio":1,"KooperTheTrooper15":1,"atom-smasher":1,"thatdumbdevit":1,"eoeintu":1,"chuttam":1,"sahandkh1419":1,"mxkrn":1,"Vansh-G":1,"Parvez2017":1,"Lemm99":1,"swissbeats93":1,"aidv":1,"njusq":1,"jagdteaguer":1,"adelin-b":1,"rcgale":1,"mattiadg":1,"hijam-git":1,"vin-cf":1,"ByteMe666":1,"joyboy67":1,"xpawelsky":1,"zoomosis":1,"netv1":1,"m986883511":1,"choppermio":1,"Echoinsraht5":1,"Foul-Tarnished":1,"tvmaly":1,"ligujie123":1,"me-suzy":1,"tinoucas":1,"wavvve2":1,"derwin12":1,"midhun93":1,"Mancerrss":1,"antonio-petricca":1,"brchristian":1,"mainwindow":1,"nawed2611":1,"ciochi":1,"sashkill94":1,"monja119":1,"justin-hackin":1,"opria123":1,"cksachdev":1,"gibe9000":1,"vigneshsankariyer1234567890":1,"argsnd":1,"wccccp":1,"robertmckean":1,"lesecs":1,"manus693":1,"limengqilove":1,"wensaochen":1,"renjunok":1,"whyboris":1,"FrankyBoy":1,"Ylw2014":1,"pansong291":1,"donfishman":1,"ls-milkyway":1,"dtramm1":1,"Axis4s":1,"blackspotindustry":1,"Zipdox2":1,"otro678":1,"dustyny":1,"Ice-Hazymoon":1,"wptechnology":1,"JavaShipped":1,"wei-z-git":1,"badboy-tian":1,"Matheusadler":1}},"pull_request_authors":{"table":{"dependabot[bot]":10,"d-dawg78":5,"karlhayek":2,"antoinegob92":2,"ivanmilevtues":2,"introinifederico":2,"Adkr1989":2,"AniketP04":2,"alex-ilyichov":2,"marcan":2,"ValerioArnaudo":2,"ensonic":2,"realytcracker":2,"chuttam":1,"mmoussallam":1,"sudocurse":1,"muhhamedsherif":1,"DavidDoukhan":1,"Tajulka":1,"breadchris":1,"claui":1,"FarazJamal":1,"NiekPas":1,"Vuizur":1,"dan-developer":1,"mbr60r6":1,"py660":1,"BobConanDev":1,"testwill":1}},"host":{"table":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-01-01T00:00:08.101Z","repositories_count":12546755,"issues_count":35604317,"pull_requests_count":117029725,"authors_count":11079393,"icon_url":"https://github.com/github.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors"}},"past_year_issue_labels_count":{"table":{"bug":12,"invalid":12,"question":8,"enhancement":1,"feature":1}},"past_year_pull_request_labels_count":{"table":{}},"past_year_issue_author_associations_count":{"table":{"NONE":21}},"past_year_pull_request_author_associations_count":{"table":{"NONE":6,"COLLABORATOR":2}},"past_year_issue_authors":{"table":{"schweini":2,"whyboris":1,"tvmaly":1,"riugomon":1,"nohur7":1,"me-suzy":1,"mainwindow":1,"kopi-addict":1,"jujudusud":1,"FrankyBoy":1,"fgohier":1,"Feliipe93":1,"Emaan-Confinality":1,"donfishman":1,"donaldafeith":1,"Axel-Erfurt":1,"all-the-good-ones-are-gone":1,"aef5748":1,"Adithvinu":1,"1inaccessible":1}},"past_year_pull_request_authors":{"table":{"introinifederico":2,"ValerioArnaudo":2,"ivanmilevtues":2,"karlhayek":2}},"maintainers":[{"table":{"login":"d-dawg78","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/d-dawg78"}},{"table":{"login":"antoinegob92","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antoinegob92"}},{"table":{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}},{"table":{"login":"mmoussallam","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mmoussallam"}}],"active_maintainers":[{"table":{"login":"karlhayek","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/karlhayek"}}]}},"events":{"total":{"IssuesEvent":26,"WatchEvent":1828,"IssueCommentEvent":71,"MemberEvent":3,"PushEvent":4,"PullRequestReviewEvent":2,"PullRequestEvent":9,"ForkEvent":198},"last_year":{"IssuesEvent":20,"WatchEvent":1382,"MemberEvent":2,"IssueCommentEvent":57,"PushEvent":3,"PullRequestReviewEvent":1,"PullRequestEvent":7,"ForkEvent":141}},"keywords":["audio-processing","bass","deep-learning","deezer","drums","model","pretrained-models","python","tensorflow","vocals"],"dependencies":[],"score":23.13924744866101,"created_at":"2025-04-11T10:22:08.425Z","updated_at":"2026-05-15T04:30:40.013Z","avatar_url":"https://github.com/deezer.png","language":"Python","codemeta":null,"publiccode":null,"project_url":"https://summary.ecosyste.ms/api/v1/projects/358219","html_url":"https://summary.ecosyste.ms/projects/358219"}