{"id":366725,"url":"https://github.com/tiran/defusedxml","last_synced_at":"2026-06-20T14:30:45.467Z","repository":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":540,"open_issues_count":8,"forks_count":58,"subscribers_count":15,"default_branch":"main","last_synced_at":"2026-04-23T15:36:08.594Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2026-04-21T14:09:20.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32379629,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T11:25:28.583Z","status":"ssl_error","status_checked_at":"2026-04-28T11:25:05.435Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"owner":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"christian@python.org","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-30T00:35:51.167Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":839,"followers":572,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-30T00:35:51.167Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"packages":[{"id":13679727,"name":"defusedxml","ecosystem":"debian","description":null,"homepage":"https://github.com/tiran/defusedxml","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["misc"],"namespace":"main","versions_count":1,"first_release_published_at":"2026-02-12T16:49:03.714Z","latest_release_published_at":"2026-02-12T16:49:03.714Z","latest_release_number":"0.7.1-2","last_synced_at":"2026-02-12T16:49:04.022Z","created_at":"2026-02-12T16:49:03.495Z","updated_at":"2026-02-12T17:05:42.661Z","registry_url":"https://tracker.debian.org/pkg/defusedxml","install_command":"apt-get install defusedxml","documentation_url":"https://packages.debian.org/bookworm/defusedxml","metadata":{"component":"main","architecture":"all","priority":"source","binary":"python3-defusedxml","standards_version":"4.6.1","maintainer":"Debian Python Team \u003cteam+python@tracker.debian.org\u003e","build_depends":"dh-python, python3-all, debhelper-compat (= 13), python3-setuptools","build_depends_indep":null,"build_depends_arch":null},"repo_metadata":{},"repo_metadata_updated_at":"2026-02-12T16:49:04.452Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:deb/debian/defusedxml?arch=source\u0026distro=debian-12","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/debian/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/debian/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/debian/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/packages/defusedxml/codemeta","maintainers":[],"registry":{"name":"debian-12","url":"https://packages.debian.org/bookworm","ecosystem":"debian","default":true,"packages_count":34734,"maintainers_count":0,"namespaces_count":4,"keywords_count":0,"github":"debian","metadata":{"codename":"bookworm","funded_packages_count":327},"icon_url":"https://github.com/debian.png","created_at":"2026-02-04T11:01:49.459Z","updated_at":"2026-03-05T07:49:52.246Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/debian-12/namespaces"}},{"id":13533264,"name":"defusedxml","ecosystem":"ubuntu","description":null,"homepage":"https://github.com/tiran/defusedxml","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["misc"],"namespace":"main","versions_count":1,"first_release_published_at":"2026-02-11T00:04:26.783Z","latest_release_published_at":"2026-02-11T00:04:26.783Z","latest_release_number":"0.7.1-2","last_synced_at":"2026-02-11T00:04:26.926Z","created_at":"2026-02-11T00:04:26.607Z","updated_at":"2026-02-11T14:27:46.626Z","registry_url":"https://launchpad.net/ubuntu/+source/defusedxml","install_command":"apt-get install defusedxml","documentation_url":null,"metadata":{"component":"main","architecture":"all","priority":"optional","binary":"python3-defusedxml","standards_version":"4.6.1","maintainer":"Debian Python Team \u003cteam+python@tracker.debian.org\u003e","build_depends":"dh-python, python3-all, debhelper-compat (= 13), python3-setuptools","build_depends_indep":null,"build_depends_arch":null},"repo_metadata":{},"repo_metadata_updated_at":"2026-02-11T14:27:46.605Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:deb/ubuntu/defusedxml?arch=source\u0026distro=ubuntu-23.04\u0026repository_url=https://launchpad.net/ubuntu/lunar","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/ubuntu/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/ubuntu/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/ubuntu/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/packages/defusedxml/codemeta","maintainers":[],"registry":{"name":"ubuntu-23.04","url":"https://launchpad.net/ubuntu/lunar","ecosystem":"ubuntu","default":false,"packages_count":36116,"maintainers_count":0,"namespaces_count":4,"keywords_count":0,"github":"ubuntu","metadata":{"codename":"lunar","mirror":"http://old-releases.ubuntu.com/ubuntu","funded_packages_count":55},"icon_url":"https://github.com/ubuntu.png","created_at":"2026-02-04T11:01:49.117Z","updated_at":"2026-03-05T07:49:49.892Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.04/namespaces"}},{"id":12826058,"name":"python311Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-01-26T18:58:06.572Z","latest_release_published_at":"2026-01-26T18:58:06.572Z","latest_release_number":"0.7.1","last_synced_at":"2026-03-04T19:33:54.948Z","created_at":"2026-01-26T18:58:06.382Z","updated_at":"2026-03-04T19:33:55.282Z","registry_url":"https://search.nixos.org/packages?channel=23.05\u0026query=python311Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python311Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/development/python-modules/defusedxml/default.nix#L23","metadata":{"nix_attribute":"python3.11-defusedxml-0.7.1","position":"pkgs/development/python-modules/defusedxml/default.nix:23","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mipsel-linux","mips64el-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python311Packages.defusedxml?channel=23.05\u0026repository_url=https://channels.nixos.org/nixos-23.05","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python311Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python311Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python311Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python311Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python311Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python311Packages.defusedxml/codemeta","maintainers":[{"uuid":"fabaff","login":null,"name":"Fabian Affolter","email":"mail@fabian-affolter.ch","url":"https://github.com/fabaff","packages_count":3335,"html_url":null,"role":null,"created_at":"2026-03-04T19:33:55.212Z","updated_at":"2026-03-04T19:33:55.212Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/fabaff/packages"}],"registry":{"name":"nixpkgs-23.05","url":"https://channels.nixos.org/nixos-23.05","ecosystem":"nixpkgs","default":false,"packages_count":101092,"maintainers_count":2622,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":44},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.882Z","updated_at":"2026-03-05T07:18:46.861Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/namespaces"}},{"id":13440347,"name":"defusedxml","ecosystem":"ubuntu","description":null,"homepage":"https://github.com/tiran/defusedxml","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["misc"],"namespace":"main","versions_count":1,"first_release_published_at":"2026-02-08T04:05:46.535Z","latest_release_published_at":"2026-02-08T04:05:46.535Z","latest_release_number":"0.7.1-2","last_synced_at":"2026-02-08T04:05:47.083Z","created_at":"2026-02-08T04:05:45.959Z","updated_at":"2026-02-08T04:05:47.743Z","registry_url":"https://launchpad.net/ubuntu/+source/defusedxml","install_command":"apt-get install defusedxml","documentation_url":null,"metadata":{"component":"main","architecture":"all","priority":"optional","binary":"python3-defusedxml","standards_version":"4.6.1","maintainer":"Debian Python Team \u003cteam+python@tracker.debian.org\u003e","build_depends":"dh-python, python3-all, debhelper-compat (= 13), python3-setuptools","build_depends_indep":null,"build_depends_arch":null},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:deb/ubuntu/defusedxml?arch=source\u0026distro=ubuntu-24.10\u0026repository_url=https://launchpad.net/ubuntu/oracular","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/ubuntu/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/ubuntu/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/ubuntu/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/packages/defusedxml/codemeta","maintainers":[],"registry":{"name":"ubuntu-24.10","url":"https://launchpad.net/ubuntu/oracular","ecosystem":"ubuntu","default":false,"packages_count":38437,"maintainers_count":0,"namespaces_count":4,"keywords_count":0,"github":"ubuntu","metadata":{"codename":"oracular","mirror":"http://old-releases.ubuntu.com/ubuntu","funded_packages_count":130},"icon_url":"https://github.com/ubuntu.png","created_at":"2026-02-04T11:01:48.028Z","updated_at":"2026-03-04T06:59:55.022Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.10/namespaces"}},{"id":13467907,"name":"defusedxml","ecosystem":"ubuntu","description":null,"homepage":"https://github.com/tiran/defusedxml","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["misc"],"namespace":"main","versions_count":1,"first_release_published_at":"2026-02-09T18:04:31.724Z","latest_release_published_at":"2026-02-09T18:04:31.724Z","latest_release_number":"0.7.1-2","last_synced_at":"2026-02-09T18:04:31.973Z","created_at":"2026-02-09T18:04:31.196Z","updated_at":"2026-02-09T18:04:32.409Z","registry_url":"https://launchpad.net/ubuntu/+source/defusedxml","install_command":"apt-get install defusedxml","documentation_url":null,"metadata":{"component":"main","architecture":"all","priority":"optional","binary":"python3-defusedxml","standards_version":"4.6.1","maintainer":"Debian Python Team \u003cteam+python@tracker.debian.org\u003e","build_depends":"dh-python, python3-all, debhelper-compat (= 13), python3-setuptools","build_depends_indep":null,"build_depends_arch":null},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:deb/ubuntu/defusedxml?arch=source\u0026distro=ubuntu-23.10\u0026repository_url=https://launchpad.net/ubuntu/mantic","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/ubuntu/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/ubuntu/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/ubuntu/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/packages/defusedxml/codemeta","maintainers":[],"registry":{"name":"ubuntu-23.10","url":"https://launchpad.net/ubuntu/mantic","ecosystem":"ubuntu","default":false,"packages_count":36642,"maintainers_count":0,"namespaces_count":4,"keywords_count":0,"github":"ubuntu","metadata":{"codename":"mantic","mirror":"http://old-releases.ubuntu.com/ubuntu","funded_packages_count":371},"icon_url":"https://github.com/ubuntu.png","created_at":"2026-02-04T11:01:48.636Z","updated_at":"2026-03-05T07:49:49.269Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-23.10/namespaces"}},{"id":13942943,"name":"python-defusedxml","ecosystem":"guix","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"psfl","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":null,"versions_count":1,"first_release_published_at":"2026-03-02T16:29:57.189Z","latest_release_published_at":"2026-03-02T16:29:57.189Z","latest_release_number":"0.7.1-0.c744588","last_synced_at":"2026-03-02T16:29:57.443Z","created_at":"2026-03-02T16:29:57.006Z","updated_at":"2026-03-02T16:33:22.715Z","registry_url":"https://packages.guix.gnu.org/packages/python-defusedxml/0.7.1-0.c744588/","install_command":"guix install python-defusedxml","documentation_url":"https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/xml.scm#n1559","metadata":{"location":"gnu/packages/xml.scm:1559","variable_name":"python-defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":"2026-03-02T16:29:57.727Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:guix/python-defusedxml","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/guix/python-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/guix/python-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/guix/python-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/python-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/python-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/python-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/python-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/python-defusedxml/codemeta","maintainers":[],"registry":{"name":"guix","url":"https://guix.gnu.org","ecosystem":"guix","default":true,"packages_count":30580,"maintainers_count":0,"namespaces_count":0,"keywords_count":0,"github":"guix-mirror","metadata":{"funded_packages_count":148},"icon_url":"https://github.com/guix-mirror.png","created_at":"2026-03-02T16:23:46.981Z","updated_at":"2026-03-06T05:00:15.590Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/guix/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/guix/namespaces"}},{"id":13638651,"name":"defusedxml","ecosystem":"debian","description":null,"homepage":"https://github.com/tiran/defusedxml","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["misc"],"namespace":"main","versions_count":1,"first_release_published_at":"2026-02-12T01:31:37.460Z","latest_release_published_at":"2026-02-12T01:31:37.460Z","latest_release_number":"0.7.1-3","last_synced_at":"2026-02-13T09:34:11.364Z","created_at":"2026-02-12T01:31:37.240Z","updated_at":"2026-02-13T09:34:11.364Z","registry_url":"https://tracker.debian.org/pkg/defusedxml","install_command":"apt-get install defusedxml","documentation_url":"https://packages.debian.org/trixie/defusedxml","metadata":{"component":"main","architecture":"all","priority":"source","binary":"python3-defusedxml","standards_version":"4.6.1","maintainer":"Debian Python Team \u003cteam+python@tracker.debian.org\u003e","build_depends":"dh-python, python3-all, debhelper-compat (= 13), python3-setuptools","build_depends_indep":null,"build_depends_arch":null},"repo_metadata":{},"repo_metadata_updated_at":"2026-02-12T02:39:13.805Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:deb/debian/defusedxml?arch=source\u0026distro=debian-13\u0026repository_url=https://packages.debian.org/trixie","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/debian/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/debian/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/debian/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/packages/defusedxml/codemeta","maintainers":[],"registry":{"name":"debian-13","url":"https://packages.debian.org/trixie","ecosystem":"debian","default":false,"packages_count":38023,"maintainers_count":0,"namespaces_count":4,"keywords_count":0,"github":"debian","metadata":{"codename":"trixie","funded_packages_count":220},"icon_url":"https://github.com/debian.png","created_at":"2026-02-04T11:01:50.448Z","updated_at":"2026-03-04T06:59:54.241Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/debian-13/namespaces"}},{"id":13302487,"name":"python311Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-02T06:50:21.854Z","latest_release_published_at":"2026-02-02T06:50:21.854Z","latest_release_number":"0.7.1","last_synced_at":"2026-02-03T20:45:12.147Z","created_at":"2026-02-02T06:50:20.697Z","updated_at":"2026-02-03T20:45:12.147Z","registry_url":"https://search.nixos.org/packages?channel=23.11\u0026query=python311Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python311Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/development/python-modules/defusedxml/default.nix#L23","metadata":{"nix_attribute":"python3.11-defusedxml-0.7.1","position":"pkgs/development/python-modules/defusedxml/default.nix:23","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin","i686-cygwin","x86_64-cygwin","x86_64-windows","i686-windows"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python311Packages.defusedxml?channel=23.11\u0026repository_url=https://channels.nixos.org/nixos-23.11","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python311Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python311Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python311Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python311Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python311Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python311Packages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-23.11","url":"https://channels.nixos.org/nixos-23.11","ecosystem":"nixpkgs","default":false,"packages_count":108178,"maintainers_count":2441,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":65},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.577Z","updated_at":"2026-03-05T07:39:24.475Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/namespaces"}},{"id":6092985,"name":"py-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2018-12-24T16:41:34.000Z","latest_release_published_at":"2018-12-24T16:41:34.000Z","latest_release_number":"0.5.0-r0","last_synced_at":"2026-03-03T00:04:02.845Z","created_at":"2023-01-31T20:26:25.151Z","updated_at":"2026-03-03T00:04:02.846Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.9/community/x86_64/py-defusedxml","install_command":"apk add py-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.355Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":23.15109241973536,"stargazers_count":6.185249769207099,"forks_count":8.22648476766848,"average":9.390706739152733},"purl":"pkg:apk/alpine/py-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.9","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":48,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T06:31:46.089Z","updated_at":"2023-02-01T06:31:46.089Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.9","url":"https://pkgs.alpinelinux.org/packages?branch=v3.9","ecosystem":"alpine","default":false,"packages_count":9749,"maintainers_count":154,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":352},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.805Z","updated_at":"2026-03-04T06:12:14.837Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/namespaces"}},{"id":6195774,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2021-04-05T18:18:26.000Z","latest_release_published_at":"2021-04-05T18:18:26.000Z","latest_release_number":"0.7.1-r1","last_synced_at":"2026-03-03T00:12:51.416Z","created_at":"2023-02-01T01:42:39.249Z","updated_at":"2026-03-03T00:12:51.417Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.14/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.494Z","dependent_packages_count":7,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":2.6540981414627627,"stargazers_count":8.62414761331729,"forks_count":11.19802112581896,"average":5.619066720149753},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.14","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":33,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-04T19:56:57.835Z","updated_at":"2023-02-04T19:56:57.835Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.14","url":"https://pkgs.alpinelinux.org/packages?branch=v3.14","ecosystem":"alpine","default":false,"packages_count":14958,"maintainers_count":258,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":673},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.706Z","updated_at":"2026-03-04T06:29:37.562Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.14/namespaces"}},{"id":6109808,"name":"py2-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules (for python2)","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2018-05-21T14:48:33.000Z","latest_release_published_at":"2018-05-21T14:48:33.000Z","latest_release_number":"0.5.0-r0","last_synced_at":"2026-03-03T00:12:54.784Z","created_at":"2023-01-31T21:15:25.438Z","updated_at":"2026-03-03T00:12:54.785Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.8/community/x86_64/py2-defusedxml","install_command":"apk add py2-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:50.165Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":25.225414132941914,"stargazers_count":5.776892430278884,"forks_count":7.821346194170687,"average":9.705913189347871},"purl":"pkg:apk/alpine/py2-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.8","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py2-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py2-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py2-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py2-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py2-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py2-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py2-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py2-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":25,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T08:53:24.733Z","updated_at":"2023-02-01T08:53:24.733Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.8","url":"https://pkgs.alpinelinux.org/packages?branch=v3.8","ecosystem":"alpine","default":false,"packages_count":9538,"maintainers_count":148,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":329},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.817Z","updated_at":"2026-03-04T06:29:39.482Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/namespaces"}},{"id":6051083,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":3,"first_release_published_at":"2022-11-22T19:33:35.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-03T00:24:50.562Z","created_at":"2023-01-31T18:25:42.451Z","updated_at":"2026-03-03T00:24:50.563Z","registry_url":"https://pkgs.alpinelinux.org/package/edge/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:50.172Z","dependent_packages_count":4,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":1.745460237946149,"stargazers_count":14.985128365685659,"forks_count":17.857701941139638,"average":8.647072636192862},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=edge","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":68,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-01-31T21:33:11.107Z","updated_at":"2023-01-31T21:33:11.107Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-edge","url":"https://pkgs.alpinelinux.org/packages?branch=edge","ecosystem":"alpine","default":false,"packages_count":38892,"maintainers_count":869,"namespaces_count":3,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community","testing"],"funded_packages_count":2711},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.616Z","updated_at":"2026-03-05T07:38:12.911Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/namespaces"}},{"id":6146976,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2021-12-15T19:18:06.000Z","latest_release_published_at":"2021-12-15T19:18:06.000Z","latest_release_number":"0.7.1-r2","last_synced_at":"2026-03-03T00:25:14.831Z","created_at":"2023-01-31T23:07:08.467Z","updated_at":"2026-03-03T00:25:14.832Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.16/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.333Z","dependent_packages_count":16,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":3.7917473733638554,"stargazers_count":10.324587662147092,"forks_count":13.053941421611787,"average":6.792569114280684},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.16","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":31,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T14:04:48.901Z","updated_at":"2023-02-01T14:04:48.901Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.16","url":"https://pkgs.alpinelinux.org/packages?branch=v3.16","ecosystem":"alpine","default":false,"packages_count":17040,"maintainers_count":328,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":920},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.662Z","updated_at":"2026-03-05T07:50:37.099Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.16/namespaces"}},{"id":11765043,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-03T00:25:28.877Z","created_at":"2025-06-07T18:09:47.663Z","updated_at":"2026-03-03T00:25:28.877Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.22/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.428Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.22","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2025-06-08T14:47:28.539Z","updated_at":"2025-06-08T14:47:28.539Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.22","url":"https://pkgs.alpinelinux.org/packages?branch=v3.22","ecosystem":"alpine","default":false,"packages_count":26322,"maintainers_count":422,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1726},"icon_url":"https://github.com/alpinelinux.png","created_at":"2025-06-05T10:49:56.987Z","updated_at":"2026-03-05T07:51:12.229Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/namespaces"}},{"id":11765042,"name":"py3-defusedxml-pyc","ecosystem":"alpine","description":"Precompiled Python bytecode for py3-defusedxml","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-03T00:25:29.334Z","created_at":"2025-06-07T18:09:47.007Z","updated_at":"2026-03-03T00:25:29.335Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.22/community/x86_64/py3-defusedxml-pyc","install_command":"apk add py3-defusedxml-pyc","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.334Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml-pyc?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.22","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml-pyc/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml-pyc/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml-pyc/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml-pyc/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml-pyc/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages/py3-defusedxml-pyc/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2025-06-08T14:47:22.546Z","updated_at":"2025-06-08T14:47:22.546Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.22","url":"https://pkgs.alpinelinux.org/packages?branch=v3.22","ecosystem":"alpine","default":false,"packages_count":26322,"maintainers_count":422,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1726},"icon_url":"https://github.com/alpinelinux.png","created_at":"2025-06-05T10:49:56.987Z","updated_at":"2026-03-05T07:51:12.229Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.22/namespaces"}},{"id":11138505,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-03T00:25:41.623Z","created_at":"2024-12-07T12:29:45.296Z","updated_at":"2026-03-03T00:25:41.623Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.21/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.352Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.21","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2024-12-11T20:26:43.267Z","updated_at":"2024-12-11T20:26:43.267Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.21","url":"https://pkgs.alpinelinux.org/packages?branch=v3.21","ecosystem":"alpine","default":false,"packages_count":25393,"maintainers_count":413,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1264},"icon_url":"https://github.com/alpinelinux.png","created_at":"2024-12-06T12:06:36.014Z","updated_at":"2026-03-05T07:51:21.030Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/namespaces"}},{"id":10344087,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-03T00:26:12.581Z","created_at":"2024-06-11T09:43:34.449Z","updated_at":"2026-03-03T00:26:12.582Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.20/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.437Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.20","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":42,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2024-06-12T01:03:57.502Z","updated_at":"2024-06-12T01:03:57.502Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.20","url":"https://pkgs.alpinelinux.org/packages?branch=v3.20","ecosystem":"alpine","default":false,"packages_count":24162,"maintainers_count":405,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1473},"icon_url":"https://github.com/alpinelinux.png","created_at":"2024-06-07T11:51:39.915Z","updated_at":"2026-03-05T07:52:56.033Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/namespaces"}},{"id":8676559,"name":"py3-defusedxml-pyc","ecosystem":"alpine","description":"Precompiled Python bytecode for py3-defusedxml","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2023-05-29T02:57:33.000Z","latest_release_published_at":"2023-05-29T02:57:33.000Z","latest_release_number":"0.7.1-r4","last_synced_at":"2026-03-03T00:26:19.642Z","created_at":"2023-12-20T10:26:56.772Z","updated_at":"2026-03-03T00:26:19.898Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.19/community/x86_64/py3-defusedxml-pyc","install_command":"apk add py3-defusedxml-pyc","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:50.177Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml-pyc?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.19","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml-pyc/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml-pyc/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml-pyc/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml-pyc/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml-pyc/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml-pyc/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":41,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2026-03-03T00:26:19.832Z","updated_at":"2026-03-03T00:26:19.832Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.19","url":"https://pkgs.alpinelinux.org/packages?branch=v3.19","ecosystem":"alpine","default":false,"packages_count":23031,"maintainers_count":392,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":822},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-12-20T09:51:56.346Z","updated_at":"2026-03-05T07:53:02.424Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/namespaces"}},{"id":8676558,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2023-05-29T02:57:33.000Z","latest_release_published_at":"2023-05-29T02:57:33.000Z","latest_release_number":"0.7.1-r4","last_synced_at":"2026-03-03T00:26:20.438Z","created_at":"2023-12-20T10:26:56.664Z","updated_at":"2026-03-03T00:26:20.693Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.19/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.387Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.19","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":41,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2026-03-03T00:26:20.627Z","updated_at":"2026-03-03T00:26:20.627Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.19","url":"https://pkgs.alpinelinux.org/packages?branch=v3.19","ecosystem":"alpine","default":false,"packages_count":23031,"maintainers_count":392,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":822},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-12-20T09:51:56.346Z","updated_at":"2026-03-05T07:53:02.424Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.19/namespaces"}},{"id":7778483,"name":"py3-defusedxml-pyc","ecosystem":"alpine","description":"Precompiled Python bytecode for py3-defusedxml","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2023-04-19T22:10:20.000Z","latest_release_published_at":"2023-04-19T22:10:20.000Z","latest_release_number":"0.7.1-r4","last_synced_at":"2026-03-03T00:26:50.157Z","created_at":"2023-05-22T14:18:34.127Z","updated_at":"2026-03-03T00:26:50.157Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.18/community/x86_64/py3-defusedxml-pyc","install_command":"apk add py3-defusedxml-pyc","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.429Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":13.650192010373546,"forks_count":16.93182384918458,"docker_downloads_count":null,"average":7.6455039648895315},"purl":"pkg:apk/alpine/py3-defusedxml-pyc?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.18","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml-pyc/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml-pyc/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml-pyc/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml-pyc/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml-pyc/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml-pyc/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":44,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-05-23T07:06:55.499Z","updated_at":"2023-05-23T07:06:55.499Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.18","url":"https://pkgs.alpinelinux.org/packages?branch=v3.18","ecosystem":"alpine","default":false,"packages_count":20068,"maintainers_count":367,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1181},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-05-22T10:43:30.622Z","updated_at":"2026-03-05T07:53:55.076Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/namespaces"}},{"id":7778482,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2023-04-19T22:10:20.000Z","latest_release_published_at":"2023-04-19T22:10:20.000Z","latest_release_number":"0.7.1-r4","last_synced_at":"2026-03-03T00:26:50.542Z","created_at":"2023-05-22T14:18:33.879Z","updated_at":"2026-03-03T00:26:50.543Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.18/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.500Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":13.650192010373546,"forks_count":16.93182384918458,"docker_downloads_count":null,"average":7.6455039648895315},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.18","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":44,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-05-23T07:06:56.757Z","updated_at":"2023-05-23T07:06:56.757Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.18","url":"https://pkgs.alpinelinux.org/packages?branch=v3.18","ecosystem":"alpine","default":false,"packages_count":20068,"maintainers_count":367,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1181},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-05-22T10:43:30.622Z","updated_at":"2026-03-05T07:53:55.076Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.18/namespaces"}},{"id":13379669,"name":"defusedxml","ecosystem":"ubuntu","description":null,"homepage":"https://github.com/tiran/defusedxml","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["misc"],"namespace":"main","versions_count":1,"first_release_published_at":"2026-02-05T05:07:39.205Z","latest_release_published_at":"2026-02-05T05:07:39.205Z","latest_release_number":"0.7.1-2","last_synced_at":"2026-03-05T05:40:34.559Z","created_at":"2026-02-05T05:07:37.914Z","updated_at":"2026-03-05T06:59:44.152Z","registry_url":"https://launchpad.net/ubuntu/+source/defusedxml","install_command":"apt-get install defusedxml","documentation_url":null,"metadata":{"component":"main","architecture":"all","priority":"optional","binary":"python3-defusedxml","standards_version":"4.6.1","maintainer":"Debian Python Team \u003cteam+python@tracker.debian.org\u003e","build_depends":"dh-python, python3-all, debhelper-compat (= 13), python3-setuptools","build_depends_indep":null,"build_depends_arch":null},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:deb/ubuntu/defusedxml?arch=source\u0026distro=ubuntu-24.04","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/ubuntu/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/ubuntu/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/ubuntu/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/packages/defusedxml/codemeta","maintainers":[],"registry":{"name":"ubuntu-24.04","url":"https://launchpad.net/ubuntu/noble","ecosystem":"ubuntu","default":true,"packages_count":37306,"maintainers_count":0,"namespaces_count":4,"keywords_count":0,"github":"ubuntu","metadata":{"codename":"noble","funded_packages_count":121},"icon_url":"https://github.com/ubuntu.png","created_at":"2026-02-04T11:01:45.928Z","updated_at":"2026-03-05T07:48:22.617Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-24.04/namespaces"}},{"id":13176103,"name":"kodiPackages.defusedxml","ecosystem":"nixpkgs","description":"defusing XML bombs and other exploits","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-01T23:18:58.181Z","latest_release_published_at":"2026-02-01T23:18:58.181Z","latest_release_number":"0.6.0+matrix.1","last_synced_at":"2026-02-03T18:44:06.919Z","created_at":"2026-02-01T23:18:26.106Z","updated_at":"2026-02-03T18:44:06.919Z","registry_url":"https://search.nixos.org/packages?channel=24.05\u0026query=kodiPackages.defusedxml","install_command":"nix-env -iA nixpkgs.kodiPackages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/applications/video/kodi/addons/defusedxml/default.nix#L28","metadata":{"nix_attribute":"kodi-defusedxml-0.6.0+matrix.1","position":"pkgs/applications/video/kodi/addons/defusedxml/default.nix:28","broken":false,"insecure":false,"unfree":false,"outputs":["out"]},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/kodiPackages.defusedxml?channel=24.05\u0026repository_url=https://channels.nixos.org/nixos-24.05","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/kodiPackages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/kodiPackages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/kodiPackages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/kodiPackages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/kodiPackages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/kodiPackages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-24.05","url":"https://channels.nixos.org/nixos-24.05","ecosystem":"nixpkgs","default":false,"packages_count":116156,"maintainers_count":2154,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":65},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.309Z","updated_at":"2026-03-05T07:13:58.321Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/namespaces"}},{"id":6219421,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2019-11-05T15:33:56.000Z","latest_release_published_at":"2019-11-05T15:33:56.000Z","latest_release_number":"0.6.0-r1","last_synced_at":"2026-03-03T00:12:59.366Z","created_at":"2023-02-01T03:35:55.416Z","updated_at":"2026-03-03T00:12:59.366Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.12/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.387Z","dependent_packages_count":1,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":10.036825197837498,"stargazers_count":7.231842043406722,"forks_count":9.457024210608791,"average":6.681422862963252},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.12","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":36,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-18T17:18:45.266Z","updated_at":"2023-02-18T17:18:45.266Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.12","url":"https://pkgs.alpinelinux.org/packages?branch=v3.12","ecosystem":"alpine","default":false,"packages_count":12763,"maintainers_count":216,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":478},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.748Z","updated_at":"2026-03-04T06:29:43.846Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.12/namespaces"}},{"id":11138509,"name":"py3-defusedxml-pyc","ecosystem":"alpine","description":"Precompiled Python bytecode for py3-defusedxml","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-03T00:25:42.065Z","created_at":"2024-12-07T12:29:48.003Z","updated_at":"2026-03-03T00:25:42.065Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.21/community/x86_64/py3-defusedxml-pyc","install_command":"apk add py3-defusedxml-pyc","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:50.013Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml-pyc?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.21","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml-pyc/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml-pyc/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml-pyc/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml-pyc/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml-pyc/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages/py3-defusedxml-pyc/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2024-12-11T20:26:55.131Z","updated_at":"2024-12-11T20:26:55.131Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.21","url":"https://pkgs.alpinelinux.org/packages?branch=v3.21","ecosystem":"alpine","default":false,"packages_count":25393,"maintainers_count":413,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1264},"icon_url":"https://github.com/alpinelinux.png","created_at":"2024-12-06T12:06:36.014Z","updated_at":"2026-03-05T07:51:21.030Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.21/namespaces"}},{"id":13194247,"name":"python311Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-02T00:19:26.313Z","latest_release_published_at":"2026-02-02T00:19:26.313Z","latest_release_number":"0.7.1","last_synced_at":"2026-02-03T19:04:24.310Z","created_at":"2026-02-02T00:19:15.137Z","updated_at":"2026-02-03T19:04:24.310Z","registry_url":"https://search.nixos.org/packages?channel=24.05\u0026query=python311Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python311Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/development/python-modules/defusedxml/default.nix#L25","metadata":{"nix_attribute":"python3.11-defusedxml-0.7.1","position":"pkgs/development/python-modules/defusedxml/default.nix:25","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin","i686-cygwin","x86_64-cygwin","x86_64-windows","i686-windows"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python311Packages.defusedxml?channel=24.05\u0026repository_url=https://channels.nixos.org/nixos-24.05","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python311Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python311Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python311Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python311Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python311Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python311Packages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-24.05","url":"https://channels.nixos.org/nixos-24.05","ecosystem":"nixpkgs","default":false,"packages_count":116156,"maintainers_count":2154,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":65},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.309Z","updated_at":"2026-03-05T07:13:58.321Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/namespaces"}},{"id":13202530,"name":"python312Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-02T00:53:10.634Z","latest_release_published_at":"2026-02-02T00:53:10.634Z","latest_release_number":"0.7.1","last_synced_at":"2026-02-03T19:08:18.690Z","created_at":"2026-02-02T00:52:55.203Z","updated_at":"2026-02-03T19:08:18.690Z","registry_url":"https://search.nixos.org/packages?channel=24.05\u0026query=python312Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python312Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/development/python-modules/defusedxml/default.nix#L25","metadata":{"nix_attribute":"python3.12-defusedxml-0.7.1","position":"pkgs/development/python-modules/defusedxml/default.nix:25","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin","i686-cygwin","x86_64-cygwin","x86_64-windows","i686-windows"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python312Packages.defusedxml?channel=24.05\u0026repository_url=https://channels.nixos.org/nixos-24.05","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python312Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python312Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python312Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python312Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python312Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python312Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python312Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages/python312Packages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-24.05","url":"https://channels.nixos.org/nixos-24.05","ecosystem":"nixpkgs","default":false,"packages_count":116156,"maintainers_count":2154,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":65},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.309Z","updated_at":"2026-03-05T07:13:58.321Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.05/namespaces"}},{"id":2692412,"name":"defusedxml","ecosystem":"pypi","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"PSFL","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["xml","bomb","DoS"],"namespace":null,"versions_count":13,"first_release_published_at":"2013-02-19T15:05:02.000Z","latest_release_published_at":"2021-03-08T10:59:24.000Z","latest_release_number":"0.7.1","last_synced_at":"2026-03-05T14:00:55.623Z","created_at":"2022-04-10T10:34:41.700Z","updated_at":"2026-03-05T14:00:55.623Z","registry_url":"https://pypi.org/project/defusedxml/","install_command":"pip install defusedxml --index-url https://pypi.org/simple","documentation_url":"https://defusedxml.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","License :: OSI Approved :: Python Software Foundation License","Natural Language :: English","Programming Language :: Python","Programming Language :: Python :: 2","Programming Language :: Python :: 2.7","Programming Language :: Python :: 3","Programming Language :: Python :: 3.5","Programming Language :: Python :: 3.6","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Topic :: Text Processing :: Markup :: XML"],"normalized_name":"defusedxml","project_status":null},"repo_metadata":{"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-01-03T00:41:48.000Z","size":272,"stargazers_count":369,"open_issues_count":6,"forks_count":46,"subscribers_count":14,"default_branch":"main","last_synced_at":"2024-01-16T10:50:00.720Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2024-01-15T10:00:42.000Z","dependencies_parsed_at":"2023-09-29T08:14:33.266Z","dependency_job_id":null,"html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":189,"total_committers":5,"mean_commits":37.8,"dds":0.06878306878306883,"last_synced_commit":"dbb103829ff349bc50da2e943fedb48e014d29ce"},"previous_names":[],"tags_count":16,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":181109958,"owners_count":11050376,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":172,"last_synced_at":"2023-04-09T06:56:38.803Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","created_at":"2022-11-02T16:22:48.103Z","updated_at":"2023-04-09T06:56:38.809Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2024-01-16T15:23:09.030Z","dependent_packages_count":565,"downloads":139798559,"downloads_period":"last-month","dependent_repos_count":94220,"rankings":{"downloads":0.03925114681212823,"dependent_repos_count":0.012288910450526129,"dependent_packages_count":0.04952247494988142,"stargazers_count":4.199322459176056,"forks_count":7.529066941546972,"docker_downloads_count":0.02549490377049451,"average":1.9758244727843433},"purl":"pkg:pypi/defusedxml","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/defusedxml","docker_dependents_count":7707,"docker_downloads_count":1927598057,"usage_url":"https://repos.ecosyste.ms/usage/pypi/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/defusedxml/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2024-01-16T15:23:08.010Z","issues_count":54,"pull_requests_count":52,"avg_time_to_close_issue":40667720.333333336,"avg_time_to_close_pull_request":11950338.448979592,"issues_closed_count":51,"pull_requests_closed_count":49,"pull_request_authors_count":21,"issue_authors_count":49,"avg_comments_per_issue":2.1296296296296298,"avg_comments_per_pull_request":1.5192307692307692,"merged_pull_requests_count":27,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":10,"past_year_pull_requests_count":12,"past_year_avg_time_to_close_issue":5042666.0,"past_year_avg_time_to_close_pull_request":534909.0,"past_year_issues_closed_count":7,"past_year_pull_requests_closed_count":10,"past_year_pull_request_authors_count":4,"past_year_issue_authors_count":9,"past_year_avg_comments_per_issue":1.5,"past_year_avg_comments_per_pull_request":0.3333333333333333,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":9,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues"},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/defusedxml/codemeta","maintainers":[{"uuid":"tiran","login":"tiran","name":null,"email":null,"url":null,"packages_count":46,"html_url":"https://pypi.org/user/tiran/","role":null,"created_at":"2022-12-22T02:06:14.361Z","updated_at":"2022-12-22T02:06:14.361Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/tiran/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":808434,"maintainers_count":341794,"namespaces_count":0,"keywords_count":0,"github":"pypi","metadata":{"funded_packages_count":52486},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2026-03-05T07:37:00.939Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},{"id":12862153,"name":"python313Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-01-27T01:34:03.834Z","latest_release_published_at":"2026-01-27T01:34:03.834Z","latest_release_number":"0.8.0rc2","last_synced_at":"2026-03-03T09:06:33.955Z","created_at":"2026-01-27T01:34:03.274Z","updated_at":"2026-03-03T09:06:34.624Z","registry_url":"https://search.nixos.org/packages?channel=unstable\u0026query=python313Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python313Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/python-modules/defusedxml/default.nix#L36","metadata":{"nix_attribute":"python3.13-defusedxml-0.8.0rc2","position":"pkgs/development/python-modules/defusedxml/default.nix:36","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","aarch64-darwin","aarch64-windows","x86_64-windows","i686-windows","i686-freebsd","x86_64-freebsd","aarch64-freebsd"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python313Packages.defusedxml?channel=unstable","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python313Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python313Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python313Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python313Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python313Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python313Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python313Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python313Packages.defusedxml/codemeta","maintainers":[{"uuid":"fabaff","login":null,"name":"Fabian Affolter","email":"mail@fabian-affolter.ch","url":"https://github.com/fabaff","packages_count":2707,"html_url":null,"role":null,"created_at":"2026-03-03T09:06:34.315Z","updated_at":"2026-03-03T09:06:34.315Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/maintainers/fabaff/packages"}],"registry":{"name":"nixpkgs-unstable","url":"https://channels.nixos.org/nixos-unstable","ecosystem":"nixpkgs","default":true,"packages_count":143321,"maintainers_count":4121,"namespaces_count":0,"keywords_count":1,"github":"NixOS","metadata":{"funded_packages_count":718},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:52.762Z","updated_at":"2026-03-05T05:03:05.275Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/namespaces"}},{"id":12885695,"name":"python314Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-01-27T06:53:41.256Z","latest_release_published_at":"2026-01-27T06:53:41.256Z","latest_release_number":"0.8.0rc2","last_synced_at":"2026-03-05T10:12:25.234Z","created_at":"2026-01-27T06:53:41.042Z","updated_at":"2026-03-05T10:12:25.691Z","registry_url":"https://search.nixos.org/packages?channel=unstable\u0026query=python314Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python314Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/python-modules/defusedxml/default.nix#L36","metadata":{"nix_attribute":"python3.14-defusedxml-0.8.0rc2","position":"pkgs/development/python-modules/defusedxml/default.nix:36","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","aarch64-darwin","aarch64-windows","x86_64-windows","i686-windows","i686-freebsd","x86_64-freebsd","aarch64-freebsd"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python314Packages.defusedxml?channel=unstable","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python314Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python314Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python314Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python314Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python314Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python314Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python314Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/python314Packages.defusedxml/codemeta","maintainers":[{"uuid":"fabaff","login":null,"name":"Fabian Affolter","email":"mail@fabian-affolter.ch","url":"https://github.com/fabaff","packages_count":2707,"html_url":null,"role":null,"created_at":"2026-03-05T10:12:25.604Z","updated_at":"2026-03-05T10:12:25.604Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/maintainers/fabaff/packages"}],"registry":{"name":"nixpkgs-unstable","url":"https://channels.nixos.org/nixos-unstable","ecosystem":"nixpkgs","default":true,"packages_count":143321,"maintainers_count":4121,"namespaces_count":0,"keywords_count":1,"github":"NixOS","metadata":{"funded_packages_count":718},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:52.762Z","updated_at":"2026-03-05T05:03:05.275Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/namespaces"}},{"id":12813461,"name":"python310Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-01-26T16:48:15.031Z","latest_release_published_at":"2026-01-26T16:48:15.031Z","latest_release_number":"0.7.1","last_synced_at":"2026-03-05T18:24:10.122Z","created_at":"2026-01-26T16:48:14.877Z","updated_at":"2026-03-05T18:32:06.587Z","registry_url":"https://search.nixos.org/packages?channel=23.05\u0026query=python310Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python310Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/development/python-modules/defusedxml/default.nix#L23","metadata":{"nix_attribute":"python3.10-defusedxml-0.7.1","position":"pkgs/development/python-modules/defusedxml/default.nix:23","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mipsel-linux","mips64el-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:nix/python310Packages.defusedxml?channel=23.05\u0026repository_url=https://channels.nixos.org/nixos-23.05","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python310Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python310Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python310Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python310Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python310Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python310Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python310Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/python310Packages.defusedxml/codemeta","maintainers":[{"uuid":"fabaff","login":null,"name":"Fabian Affolter","email":"mail@fabian-affolter.ch","url":"https://github.com/fabaff","packages_count":3335,"html_url":null,"role":null,"created_at":"2026-03-05T18:24:10.353Z","updated_at":"2026-03-05T18:24:10.353Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/fabaff/packages"}],"registry":{"name":"nixpkgs-23.05","url":"https://channels.nixos.org/nixos-23.05","ecosystem":"nixpkgs","default":false,"packages_count":101092,"maintainers_count":2622,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":44},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.882Z","updated_at":"2026-03-05T07:18:46.861Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/namespaces"}},{"id":12783288,"name":"kodiPackages.defusedxml","ecosystem":"nixpkgs","description":"defusing XML bombs and other exploits","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":null,"versions_count":1,"first_release_published_at":"2026-01-26T11:22:12.612Z","latest_release_published_at":"2026-01-26T11:22:12.612Z","latest_release_number":"0.6.0+matrix.1","last_synced_at":"2026-03-03T12:24:12.000Z","created_at":"2026-01-26T11:22:12.175Z","updated_at":"2026-03-03T12:42:16.500Z","registry_url":"https://search.nixos.org/packages?channel=23.05\u0026query=kodiPackages.defusedxml","install_command":"nix-env -iA nixpkgs.kodiPackages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/applications/video/kodi/addons/defusedxml/default.nix#L22","metadata":{"nix_attribute":"kodi-defusedxml-0.6.0+matrix.1","position":"pkgs/applications/video/kodi/addons/defusedxml/default.nix:22","broken":false,"insecure":false,"unfree":false,"outputs":["out"]},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:nix/kodiPackages.defusedxml?channel=23.05\u0026repository_url=https://channels.nixos.org/nixos-23.05","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/kodiPackages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/kodiPackages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/kodiPackages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/kodiPackages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/kodiPackages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages/kodiPackages.defusedxml/codemeta","maintainers":[{"uuid":"peterhoeg","login":null,"name":"Peter Hoeg","email":"peter@hoeg.com","url":"https://github.com/peterhoeg","packages_count":323,"html_url":null,"role":null,"created_at":"2026-03-03T12:24:12.408Z","updated_at":"2026-03-03T12:24:12.408Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/peterhoeg/packages"},{"uuid":"edwtjo","login":null,"name":"Edward Tjörnhammar","email":"ed@cflags.cc","url":"https://github.com/edwtjo","packages_count":212,"html_url":null,"role":null,"created_at":"2026-03-03T12:24:12.336Z","updated_at":"2026-03-03T12:24:12.336Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/edwtjo/packages"},{"uuid":"minijackson","login":null,"name":"Rémi Nicole","email":"minijackson@riseup.net","url":"https://github.com/minijackson","packages_count":135,"html_url":null,"role":null,"created_at":"2026-03-03T12:24:12.373Z","updated_at":"2026-03-03T12:24:12.373Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/minijackson/packages"},{"uuid":"aanderse","login":null,"name":"Aaron Andersen","email":"aaron@fosslib.net","url":"https://github.com/aanderse","packages_count":526,"html_url":null,"role":null,"created_at":"2026-03-03T12:24:12.206Z","updated_at":"2026-03-03T12:24:12.206Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/aanderse/packages"},{"uuid":"cpages","login":null,"name":"Carles Pagès","email":"page@ruiec.cat","url":"https://github.com/cpages","packages_count":74,"html_url":null,"role":null,"created_at":"2026-03-03T12:24:12.242Z","updated_at":"2026-03-03T12:24:12.242Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/cpages/packages"},{"uuid":"sephalon","login":null,"name":"Stefan Wiehler","email":"me@sephalon.net","url":"https://github.com/sephalon","packages_count":72,"html_url":null,"role":null,"created_at":"2026-03-03T12:24:12.448Z","updated_at":"2026-03-03T12:24:12.448Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers/sephalon/packages"}],"registry":{"name":"nixpkgs-23.05","url":"https://channels.nixos.org/nixos-23.05","ecosystem":"nixpkgs","default":false,"packages_count":101092,"maintainers_count":2622,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":44},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.882Z","updated_at":"2026-03-05T07:18:46.861Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.05/namespaces"}},{"id":13075066,"name":"python311Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-01T17:29:45.068Z","latest_release_published_at":"2026-02-01T17:29:45.068Z","latest_release_number":"0.8.0rc2","last_synced_at":"2026-02-03T17:44:52.370Z","created_at":"2026-02-01T17:29:44.719Z","updated_at":"2026-02-03T17:44:52.371Z","registry_url":"https://search.nixos.org/packages?channel=24.11\u0026query=python311Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python311Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-24.11/pkgs/development/python-modules/defusedxml/default.nix#L36","metadata":{"nix_attribute":"python3.11-defusedxml-0.8.0rc2","position":"pkgs/development/python-modules/defusedxml/default.nix:36","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin","i686-cygwin","x86_64-cygwin","aarch64-windows","x86_64-windows","i686-windows","i686-freebsd","x86_64-freebsd"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python311Packages.defusedxml?channel=24.11\u0026repository_url=https://channels.nixos.org/nixos-24.11","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python311Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python311Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python311Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python311Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python311Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python311Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python311Packages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-24.11","url":"https://channels.nixos.org/nixos-24.11","ecosystem":"nixpkgs","default":false,"packages_count":121983,"maintainers_count":2633,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":72},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.059Z","updated_at":"2026-03-05T06:28:31.130Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/namespaces"}},{"id":13083930,"name":"python312Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-01T17:57:34.148Z","latest_release_published_at":"2026-02-01T17:57:34.148Z","latest_release_number":"0.8.0rc2","last_synced_at":"2026-02-03T17:47:35.438Z","created_at":"2026-02-01T17:56:50.564Z","updated_at":"2026-02-03T17:47:35.438Z","registry_url":"https://search.nixos.org/packages?channel=24.11\u0026query=python312Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python312Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-24.11/pkgs/development/python-modules/defusedxml/default.nix#L36","metadata":{"nix_attribute":"python3.12-defusedxml-0.8.0rc2","position":"pkgs/development/python-modules/defusedxml/default.nix:36","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin","i686-cygwin","x86_64-cygwin","aarch64-windows","x86_64-windows","i686-windows","i686-freebsd","x86_64-freebsd"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python312Packages.defusedxml?channel=24.11\u0026repository_url=https://channels.nixos.org/nixos-24.11","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python312Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python312Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python312Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python312Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python312Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python312Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python312Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/python312Packages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-24.11","url":"https://channels.nixos.org/nixos-24.11","ecosystem":"nixpkgs","default":false,"packages_count":121983,"maintainers_count":2633,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":72},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.059Z","updated_at":"2026-03-05T06:28:31.130Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/namespaces"}},{"id":13276384,"name":"kodiPackages.defusedxml","ecosystem":"nixpkgs","description":"defusing XML bombs and other exploits","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-02T05:17:12.976Z","latest_release_published_at":"2026-02-02T05:17:12.976Z","latest_release_number":"0.6.0+matrix.1","last_synced_at":"2026-02-03T20:34:10.763Z","created_at":"2026-02-02T05:17:12.550Z","updated_at":"2026-02-03T20:34:10.763Z","registry_url":"https://search.nixos.org/packages?channel=23.11\u0026query=kodiPackages.defusedxml","install_command":"nix-env -iA nixpkgs.kodiPackages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/applications/video/kodi/addons/defusedxml/default.nix#L22","metadata":{"nix_attribute":"kodi-defusedxml-0.6.0+matrix.1","position":"pkgs/applications/video/kodi/addons/defusedxml/default.nix:22","broken":false,"insecure":false,"unfree":false,"outputs":["out"]},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/kodiPackages.defusedxml?channel=23.11\u0026repository_url=https://channels.nixos.org/nixos-23.11","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/kodiPackages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/kodiPackages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/kodiPackages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/kodiPackages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/kodiPackages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/kodiPackages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-23.11","url":"https://channels.nixos.org/nixos-23.11","ecosystem":"nixpkgs","default":false,"packages_count":108178,"maintainers_count":2441,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":65},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.577Z","updated_at":"2026-03-05T07:39:24.475Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/namespaces"}},{"id":13055728,"name":"kodiPackages.defusedxml","ecosystem":"nixpkgs","description":"defusing XML bombs and other exploits","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-01T16:27:36.461Z","latest_release_published_at":"2026-02-01T16:27:36.461Z","latest_release_number":"0.6.0+matrix.1","last_synced_at":"2026-02-03T17:38:46.018Z","created_at":"2026-02-01T16:27:24.665Z","updated_at":"2026-02-03T17:38:46.018Z","registry_url":"https://search.nixos.org/packages?channel=24.11\u0026query=kodiPackages.defusedxml","install_command":"nix-env -iA nixpkgs.kodiPackages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-24.11/pkgs/applications/video/kodi/addons/defusedxml/default.nix#L28","metadata":{"nix_attribute":"kodi-defusedxml-0.6.0+matrix.1","position":"pkgs/applications/video/kodi/addons/defusedxml/default.nix:28","broken":false,"insecure":false,"unfree":false,"outputs":["out"]},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/kodiPackages.defusedxml?channel=24.11\u0026repository_url=https://channels.nixos.org/nixos-24.11","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/kodiPackages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/kodiPackages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/kodiPackages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/kodiPackages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/kodiPackages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages/kodiPackages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-24.11","url":"https://channels.nixos.org/nixos-24.11","ecosystem":"nixpkgs","default":false,"packages_count":121983,"maintainers_count":2633,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":72},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.059Z","updated_at":"2026-03-05T06:28:31.130Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-24.11/namespaces"}},{"id":6113855,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules (for python3)","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2018-05-21T14:48:33.000Z","latest_release_published_at":"2018-05-21T14:48:33.000Z","latest_release_number":"0.5.0-r0","last_synced_at":"2026-03-01T00:46:28.226Z","created_at":"2023-01-31T21:24:57.153Z","updated_at":"2026-03-01T00:46:28.226Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.8/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:50.008Z","dependent_packages_count":7,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":9.02704969595303,"stargazers_count":5.776892430278884,"forks_count":7.821346194170687,"average":5.65632208010065},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.8","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":25,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T09:24:17.755Z","updated_at":"2023-02-01T09:24:17.755Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.8","url":"https://pkgs.alpinelinux.org/packages?branch=v3.8","ecosystem":"alpine","default":false,"packages_count":9538,"maintainers_count":148,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":329},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.817Z","updated_at":"2026-03-04T06:29:39.482Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/namespaces"}},{"id":6093376,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules (for python3)","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2018-12-24T16:41:32.000Z","latest_release_published_at":"2018-12-24T16:41:32.000Z","latest_release_number":"0.5.0-r0","last_synced_at":"2026-03-01T00:42:33.386Z","created_at":"2023-01-31T20:27:25.815Z","updated_at":"2026-03-01T00:42:33.386Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.9/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.352Z","dependent_packages_count":5,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":4.328649092214587,"stargazers_count":6.185249769207099,"forks_count":8.22648476766848,"average":4.685095907272541},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.9","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":48,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T06:35:14.924Z","updated_at":"2023-02-01T06:35:14.924Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.9","url":"https://pkgs.alpinelinux.org/packages?branch=v3.9","ecosystem":"alpine","default":false,"packages_count":9749,"maintainers_count":154,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":352},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.805Z","updated_at":"2026-03-04T06:12:14.837Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/namespaces"}},{"id":6077530,"name":"py-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2019-05-08T15:47:49.000Z","latest_release_published_at":"2019-05-08T15:47:49.000Z","latest_release_number":"0.5.0-r1","last_synced_at":"2026-03-01T00:53:57.873Z","created_at":"2023-01-31T19:47:39.400Z","updated_at":"2026-03-01T00:53:57.873Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.10/community/x86_64/py-defusedxml","install_command":"apk add py-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.379Z","dependent_packages_count":1,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":21.460348162475825,"stargazers_count":6.5473887814313345,"forks_count":8.868471953578338,"average":9.219052224371374},"purl":"pkg:apk/alpine/py-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.10","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":50,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T04:05:36.100Z","updated_at":"2023-02-01T04:05:36.100Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.10","url":"https://pkgs.alpinelinux.org/packages?branch=v3.10","ecosystem":"alpine","default":false,"packages_count":10340,"maintainers_count":177,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":392},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.780Z","updated_at":"2026-03-05T07:47:27.967Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/namespaces"}},{"id":7604784,"name":"py3-defusedxml-pyc","ecosystem":"alpine","description":"Precompiled Python bytecode for py3-defusedxml","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":2,"first_release_published_at":"2023-04-19T22:10:20.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-01T02:28:47.069Z","created_at":"2023-04-19T22:34:37.782Z","updated_at":"2026-03-01T02:28:47.069Z","registry_url":"https://pkgs.alpinelinux.org/package/edge/community/x86_64/py3-defusedxml-pyc","install_command":"apk add py3-defusedxml-pyc","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:49.985Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":14.250941315178945,"stargazers_count":15.24028842160897,"forks_count":18.396315451696932,"average":11.971886297121213},"purl":"pkg:apk/alpine/py3-defusedxml-pyc?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=edge","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml-pyc/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml-pyc/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml-pyc/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml-pyc/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml-pyc/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages/py3-defusedxml-pyc/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":68,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-04-20T05:17:06.703Z","updated_at":"2023-04-20T05:17:06.703Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-edge","url":"https://pkgs.alpinelinux.org/packages?branch=edge","ecosystem":"alpine","default":false,"packages_count":38892,"maintainers_count":869,"namespaces_count":3,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community","testing"],"funded_packages_count":2711},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.616Z","updated_at":"2026-03-05T07:38:12.911Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-edge/namespaces"}},{"id":12810690,"name":"kodiPackages.defusedxml","ecosystem":"nixpkgs","description":"Defusing XML bombs and other exploits","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":null,"versions_count":1,"first_release_published_at":"2026-01-26T16:18:14.276Z","latest_release_published_at":"2026-01-26T16:18:14.276Z","latest_release_number":"0.6.0+matrix.1","last_synced_at":"2026-02-02T10:28:05.658Z","created_at":"2026-01-26T16:18:13.947Z","updated_at":"2026-02-02T10:28:05.658Z","registry_url":"https://search.nixos.org/packages?channel=unstable\u0026query=kodiPackages.defusedxml","install_command":"nix-env -iA nixpkgs.kodiPackages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/applications/video/kodi/addons/defusedxml/default.nix#L28","metadata":{"nix_attribute":"kodi-defusedxml-0.6.0+matrix.1","position":"pkgs/applications/video/kodi/addons/defusedxml/default.nix:28","broken":false,"insecure":false,"unfree":false,"outputs":["out"]},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/kodiPackages.defusedxml?channel=unstable","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/kodiPackages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/kodiPackages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/kodiPackages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/kodiPackages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/kodiPackages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/kodiPackages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages/kodiPackages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-unstable","url":"https://channels.nixos.org/nixos-unstable","ecosystem":"nixpkgs","default":true,"packages_count":143321,"maintainers_count":4121,"namespaces_count":0,"keywords_count":1,"github":"NixOS","metadata":{"funded_packages_count":718},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:52.762Z","updated_at":"2026-03-05T05:03:05.275Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-unstable/namespaces"}},{"id":13008518,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-04T03:55:38.563Z","created_at":"2026-01-31T00:39:06.615Z","updated_at":"2026-03-04T04:01:54.461Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.23/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.23","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2026-03-04T03:55:38.979Z","updated_at":"2026-03-04T03:55:38.979Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.23","url":"https://pkgs.alpinelinux.org/packages?branch=v3.23","ecosystem":"alpine","default":false,"packages_count":27562,"maintainers_count":425,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":32},"icon_url":"https://github.com/alpinelinux.png","created_at":"2026-01-24T14:35:50.739Z","updated_at":"2026-03-05T07:45:11.414Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/namespaces"}},{"id":10344088,"name":"py3-defusedxml-pyc","ecosystem":"alpine","description":"Precompiled Python bytecode for py3-defusedxml","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-03T00:26:12.983Z","created_at":"2024-06-11T09:43:34.949Z","updated_at":"2026-03-03T00:26:12.983Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.20/community/x86_64/py3-defusedxml-pyc","install_command":"apk add py3-defusedxml-pyc","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:50.168Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml-pyc?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.20","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml-pyc/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml-pyc/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml-pyc/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml-pyc/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml-pyc/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages/py3-defusedxml-pyc/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":42,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2024-06-12T01:04:00.843Z","updated_at":"2024-06-12T01:04:00.843Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.20","url":"https://pkgs.alpinelinux.org/packages?branch=v3.20","ecosystem":"alpine","default":false,"packages_count":24162,"maintainers_count":405,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1473},"icon_url":"https://github.com/alpinelinux.png","created_at":"2024-06-07T11:51:39.915Z","updated_at":"2026-03-05T07:52:56.033Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.20/namespaces"}},{"id":6113029,"name":"py-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2018-05-21T14:48:34.000Z","latest_release_published_at":"2018-05-21T14:48:34.000Z","latest_release_number":"0.5.0-r0","last_synced_at":"2026-03-03T00:12:54.333Z","created_at":"2023-01-31T21:23:03.684Z","updated_at":"2026-03-03T00:12:54.334Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.8/community/x86_64/py-defusedxml","install_command":"apk add py-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.386Z","dependent_packages_count":2,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":11.763472426085134,"stargazers_count":5.776892430278884,"forks_count":7.821346194170687,"average":6.340427762633676},"purl":"pkg:apk/alpine/py-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.8","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages/py-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":25,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T09:17:37.722Z","updated_at":"2023-02-01T09:17:37.722Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.8","url":"https://pkgs.alpinelinux.org/packages?branch=v3.8","ecosystem":"alpine","default":false,"packages_count":9538,"maintainers_count":148,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":329},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.817Z","updated_at":"2026-03-04T06:29:39.482Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.8/namespaces"}},{"id":6073839,"name":"py2-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules (for python2)","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2019-05-08T15:47:47.000Z","latest_release_published_at":"2019-05-08T15:47:47.000Z","latest_release_number":"0.5.0-r1","last_synced_at":"2026-03-03T00:24:58.139Z","created_at":"2023-01-31T19:38:09.789Z","updated_at":"2026-03-03T00:24:58.139Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.10/community/x86_64/py2-defusedxml","install_command":"apk add py2-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.520Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":29.555125725338492,"stargazers_count":6.5473887814313345,"forks_count":8.868471953578338,"average":11.242746615087041},"purl":"pkg:apk/alpine/py2-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.10","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py2-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py2-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py2-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py2-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py2-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py2-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py2-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py2-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":50,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T03:28:52.849Z","updated_at":"2023-02-01T03:28:52.849Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.10","url":"https://pkgs.alpinelinux.org/packages?branch=v3.10","ecosystem":"alpine","default":false,"packages_count":10340,"maintainers_count":177,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":392},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.780Z","updated_at":"2026-03-05T07:47:27.967Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/namespaces"}},{"id":13008514,"name":"py3-defusedxml-pyc","ecosystem":"alpine","description":"Precompiled Python bytecode for py3-defusedxml","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_published_at":"2024-04-12T09:59:22.000Z","latest_release_number":"0.7.1-r5","last_synced_at":"2026-03-04T05:53:31.493Z","created_at":"2026-01-31T00:39:04.140Z","updated_at":"2026-03-04T06:01:42.219Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.23/community/x86_64/py3-defusedxml-pyc","install_command":"apk add py3-defusedxml-pyc","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:apk/alpine/py3-defusedxml-pyc?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.23","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml-pyc","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml-pyc/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml-pyc/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml-pyc/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml-pyc/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml-pyc/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages/py3-defusedxml-pyc/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2026-03-04T05:53:31.681Z","updated_at":"2026-03-04T05:53:31.681Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.23","url":"https://pkgs.alpinelinux.org/packages?branch=v3.23","ecosystem":"alpine","default":false,"packages_count":27562,"maintainers_count":425,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":32},"icon_url":"https://github.com/alpinelinux.png","created_at":"2026-01-24T14:35:50.739Z","updated_at":"2026-03-05T07:45:11.414Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.23/namespaces"}},{"id":13409544,"name":"defusedxml","ecosystem":"ubuntu","description":null,"homepage":"https://github.com/tiran/defusedxml","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["misc"],"namespace":"main","versions_count":1,"first_release_published_at":"2026-02-06T18:39:00.059Z","latest_release_published_at":"2026-02-06T18:39:00.059Z","latest_release_number":"0.7.1-1","last_synced_at":"2026-02-06T18:39:00.281Z","created_at":"2026-02-06T18:38:59.712Z","updated_at":"2026-02-12T12:38:09.018Z","registry_url":"https://launchpad.net/ubuntu/+source/defusedxml","install_command":"apt-get install defusedxml","documentation_url":null,"metadata":{"component":"main","architecture":"all","priority":"optional","binary":"python3-defusedxml","standards_version":"4.6.0","maintainer":"Debian Python Team \u003cteam+python@tracker.debian.org\u003e","build_depends":"dh-python, python3-all, debhelper-compat (= 13), python3-setuptools","build_depends_indep":null,"build_depends_arch":null},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:deb/ubuntu/defusedxml?arch=source\u0026distro=ubuntu-22.04\u0026repository_url=https://launchpad.net/ubuntu/jammy","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/ubuntu/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/ubuntu/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/ubuntu/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/packages/defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/packages/defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/packages/defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/packages/defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/packages/defusedxml/codemeta","maintainers":[],"registry":{"name":"ubuntu-22.04","url":"https://launchpad.net/ubuntu/jammy","ecosystem":"ubuntu","default":false,"packages_count":34289,"maintainers_count":0,"namespaces_count":4,"keywords_count":0,"github":"ubuntu","metadata":{"codename":"jammy","funded_packages_count":104},"icon_url":"https://github.com/ubuntu.png","created_at":"2026-02-04T11:01:46.486Z","updated_at":"2026-03-05T07:49:33.221Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/ubuntu-22.04/namespaces"}},{"id":4110151,"name":"github.com/tiran/defusedxml","ecosystem":"go","description":"","homepage":null,"licenses":"other","normalized_licenses":["Other"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"github.com/tiran","versions_count":5,"first_release_published_at":"2013-03-28T11:22:24.000Z","latest_release_published_at":"2021-03-08T10:58:00.000Z","latest_release_number":"v0.7.1","last_synced_at":"2026-03-04T10:01:59.752Z","created_at":"2022-04-12T14:02:44.875Z","updated_at":"2026-03-04T10:01:59.752Z","registry_url":"https://pkg.go.dev/github.com/tiran/defusedxml","install_command":"go get github.com/tiran/defusedxml","documentation_url":"https://pkg.go.dev/github.com/tiran/defusedxml#section-documentation","metadata":{},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.394Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":9.345852080216646,"dependent_packages_count":6.999148183520997,"stargazers_count":null,"forks_count":null,"average":8.172500131868823},"purl":"pkg:golang/github.com/tiran/defusedxml","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/tiran/defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/tiran/defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/tiran/defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Ftiran%2Fdefusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Ftiran%2Fdefusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Ftiran%2Fdefusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Ftiran%2Fdefusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Ftiran%2Fdefusedxml/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2063189,"maintainers_count":0,"namespaces_count":772825,"keywords_count":0,"github":"golang","metadata":{"funded_packages_count":53137},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-03-05T06:55:50.931Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},{"id":75222,"name":"py-defusedxml","ecosystem":"spack","description":"defusing XML bombs and other exploits\n","homepage":"https://github.com/tiran/defusedxml","licenses":"[]","normalized_licenses":["Other"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":null,"versions_count":3,"first_release_published_at":"2022-04-05T09:23:57.795Z","latest_release_published_at":"2022-04-05T09:23:57.795Z","latest_release_number":"0.7.1","last_synced_at":"2026-03-04T10:01:58.891Z","created_at":"2022-04-05T09:23:57.743Z","updated_at":"2026-03-04T10:01:58.892Z","registry_url":"https://packages.spack.io/package.html?name=py-defusedxml","install_command":"spack install py-defusedxml","documentation_url":null,"metadata":{},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.383Z","dependent_packages_count":5,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":14.186466583298596,"stargazers_count":12.032791440878142,"forks_count":16.29845769070446,"average":10.6294289287203},"purl":"pkg:spack/py-defusedxml","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/spack/py-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/spack/py-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/spack/py-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages/py-defusedxml/codemeta","maintainers":[{"uuid":"adamjstewart","login":"adamjstewart","name":null,"email":null,"url":"https://github.com/adamjstewart","packages_count":2168,"html_url":null,"role":null,"created_at":"2022-11-14T16:50:48.939Z","updated_at":"2022-11-14T16:50:48.939Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/maintainers/adamjstewart/packages"}],"registry":{"name":"spack.io","url":"https://packages.spack.io","ecosystem":"spack","default":true,"packages_count":9025,"maintainers_count":963,"namespaces_count":0,"keywords_count":0,"github":"spack","metadata":{"funded_packages_count":433},"icon_url":"https://github.com/spack.png","created_at":"2022-04-04T15:19:23.514Z","updated_at":"2026-03-05T07:54:17.967Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/spack.io/namespaces"}},{"id":13294808,"name":"python310Packages.defusedxml","ecosystem":"nixpkgs","description":"Python module to defuse XML issues","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":["python"],"namespace":null,"versions_count":1,"first_release_published_at":"2026-02-02T06:24:01.081Z","latest_release_published_at":"2026-02-02T06:24:01.081Z","latest_release_number":"0.7.1","last_synced_at":"2026-02-03T20:40:10.265Z","created_at":"2026-02-02T06:23:53.272Z","updated_at":"2026-02-03T20:40:10.266Z","registry_url":"https://search.nixos.org/packages?channel=23.11\u0026query=python310Packages.defusedxml","install_command":"nix-env -iA nixpkgs.python310Packages.defusedxml","documentation_url":"https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/development/python-modules/defusedxml/default.nix#L23","metadata":{"nix_attribute":"python3.10-defusedxml-0.7.1","position":"pkgs/development/python-modules/defusedxml/default.nix:23","platforms":["aarch64-linux","armv5tel-linux","armv6l-linux","armv7a-linux","armv7l-linux","i686-linux","loongarch64-linux","m68k-linux","microblaze-linux","microblazeel-linux","mips-linux","mips64-linux","mips64el-linux","mipsel-linux","powerpc64-linux","powerpc64le-linux","riscv32-linux","riscv64-linux","s390-linux","s390x-linux","x86_64-linux","x86_64-darwin","i686-darwin","aarch64-darwin","armv7a-darwin","i686-cygwin","x86_64-cygwin","x86_64-windows","i686-windows"],"broken":false,"insecure":false,"unfree":false,"outputs":["dist","out"],"upstream_ecosystem":"pypi","upstream_name":"defusedxml","upstream_purl":"pkg:pypi/defusedxml"},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{},"purl":"pkg:nix/python310Packages.defusedxml?channel=23.11\u0026repository_url=https://channels.nixos.org/nixos-23.11","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/nixpkgs/python310Packages.defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/nixpkgs/python310Packages.defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/nixpkgs/python310Packages.defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python310Packages.defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python310Packages.defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python310Packages.defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python310Packages.defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages/python310Packages.defusedxml/codemeta","maintainers":[],"registry":{"name":"nixpkgs-23.11","url":"https://channels.nixos.org/nixos-23.11","ecosystem":"nixpkgs","default":false,"packages_count":108178,"maintainers_count":2441,"namespaces_count":0,"keywords_count":0,"github":"NixOS","metadata":{"funded_packages_count":65},"icon_url":"https://github.com/NixOS.png","created_at":"2026-01-25T22:30:53.577Z","updated_at":"2026-03-05T07:39:24.475Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/nixpkgs-23.11/namespaces"}},{"id":6093548,"name":"py2-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules (for python2)","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2018-12-24T16:41:28.000Z","latest_release_published_at":"2018-12-24T16:41:28.000Z","latest_release_number":"0.5.0-r0","last_synced_at":"2026-03-03T00:04:03.383Z","created_at":"2023-01-31T20:27:52.413Z","updated_at":"2026-03-03T00:04:03.385Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.9/community/x86_64/py2-defusedxml","install_command":"apk add py2-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.384Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":23.15109241973536,"stargazers_count":6.185249769207099,"forks_count":8.22648476766848,"average":9.390706739152733},"purl":"pkg:apk/alpine/py2-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.9","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py2-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py2-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py2-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py2-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py2-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py2-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py2-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages/py2-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":48,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T06:36:45.996Z","updated_at":"2023-02-01T06:36:45.996Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.9","url":"https://pkgs.alpinelinux.org/packages?branch=v3.9","ecosystem":"alpine","default":false,"packages_count":9749,"maintainers_count":154,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":352},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.805Z","updated_at":"2026-03-04T06:12:14.837Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.9/namespaces"}},{"id":6074100,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules (for python3)","homepage":"https://github.com/tiran/defusedxml","licenses":"GPL","normalized_licenses":["GPL-2.0+"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2019-05-08T15:47:48.000Z","latest_release_published_at":"2019-05-08T15:47:48.000Z","latest_release_number":"0.5.0-r1","last_synced_at":"2026-03-03T00:24:58.520Z","created_at":"2023-01-31T19:38:42.719Z","updated_at":"2026-03-03T00:24:58.521Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.10/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.384Z","dependent_packages_count":10,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":5.154738878143133,"stargazers_count":6.5473887814313345,"forks_count":8.868471953578338,"average":5.142649903288201},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.10","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":50,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T03:31:46.342Z","updated_at":"2023-02-01T03:31:46.342Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.10","url":"https://pkgs.alpinelinux.org/packages?branch=v3.10","ecosystem":"alpine","default":false,"packages_count":10340,"maintainers_count":177,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":392},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.780Z","updated_at":"2026-03-05T07:47:27.967Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.10/namespaces"}},{"id":6236209,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2019-11-05T15:33:56.000Z","latest_release_published_at":"2019-11-05T15:33:56.000Z","latest_release_number":"0.6.0-r1","last_synced_at":"2026-03-03T00:24:14.940Z","created_at":"2023-02-01T04:49:08.796Z","updated_at":"2026-03-03T00:24:14.940Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.11/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.385Z","dependent_packages_count":3,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":6.0227071137129675,"stargazers_count":7.113712967890722,"forks_count":9.25137484477559,"average":5.59694873159482},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.11","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":36,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-03-28T01:35:11.905Z","updated_at":"2023-03-28T01:35:11.905Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.11","url":"https://pkgs.alpinelinux.org/packages?branch=v3.11","ecosystem":"alpine","default":false,"packages_count":11274,"maintainers_count":184,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":398},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.767Z","updated_at":"2026-03-04T06:55:43.371Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.11/namespaces"}},{"id":6204084,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2019-11-05T15:33:56.000Z","latest_release_published_at":"2019-11-05T15:33:56.000Z","latest_release_number":"0.6.0-r1","last_synced_at":"2026-03-03T00:03:59.176Z","created_at":"2023-02-01T02:21:09.523Z","updated_at":"2026-03-03T00:03:59.179Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.13/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.505Z","dependent_packages_count":1,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":9.376124343383465,"stargazers_count":8.483845434266389,"forks_count":10.880046053104987,"average":7.185003957688711},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.13","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-04T19:56:57.527Z","updated_at":"2023-02-04T19:56:57.527Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.13","url":"https://pkgs.alpinelinux.org/packages?branch=v3.13","ecosystem":"alpine","default":false,"packages_count":13897,"maintainers_count":231,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":590},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.734Z","updated_at":"2026-03-04T06:08:53.080Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.13/namespaces"}},{"id":6183192,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2021-04-05T18:18:26.000Z","latest_release_published_at":"2021-04-05T18:18:26.000Z","latest_release_number":"0.7.1-r1","last_synced_at":"2026-03-03T00:25:07.830Z","created_at":"2023-02-01T00:42:11.086Z","updated_at":"2026-03-03T00:25:07.830Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.15/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.356Z","dependent_packages_count":8,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":3.6261587942233713,"stargazers_count":9.53522103802737,"forks_count":12.164974459229363,"average":6.331588572870026},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.15","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":33,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-04T19:56:58.202Z","updated_at":"2023-02-04T19:56:58.202Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.15","url":"https://pkgs.alpinelinux.org/packages?branch=v3.15","ecosystem":"alpine","default":false,"packages_count":15857,"maintainers_count":287,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":782},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.684Z","updated_at":"2026-03-05T07:48:10.957Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.15/namespaces"}},{"id":6103227,"name":"py3-defusedxml","ecosystem":"alpine","description":"XML bomb protection for Python stdlib modules","homepage":"https://github.com/tiran/defusedxml","licenses":"Python-2.0","normalized_licenses":["Python-2.0"],"repository_url":"https://github.com/tiran/defusedxml","keywords_array":[],"namespace":"community","versions_count":1,"first_release_published_at":"2021-12-15T19:18:06.000Z","latest_release_published_at":"2021-12-15T19:18:06.000Z","latest_release_number":"0.7.1-r2","last_synced_at":"2026-03-03T00:26:56.987Z","created_at":"2023-01-31T20:54:41.561Z","updated_at":"2026-03-03T00:26:56.988Z","registry_url":"https://pkgs.alpinelinux.org/package/v3.17/community/x86_64/py3-defusedxml","install_command":"apk add py3-defusedxml","documentation_url":null,"metadata":{"repository":"community","architecture":"x86_64"},"repo_metadata":{"id":41086477,"uuid":"51649838","full_name":"tiran/defusedxml","owner":"tiran","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-03T22:29:39.000Z","size":275,"stargazers_count":527,"open_issues_count":8,"forks_count":55,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-10-03T03:45:56.588Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tiran.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-13T14:44:57.000Z","updated_at":"2025-09-19T09:55:55.000Z","dependencies_parsed_at":"2024-02-26T01:49:34.901Z","dependency_job_id":"cf85f661-fa0e-4642-930b-b6a8c1573cd9","html_url":"https://github.com/tiran/defusedxml","commit_stats":{"total_commits":201,"total_committers":6,"mean_commits":33.5,"dds":0.06965174129353235,"last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/tiran/defusedxml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/sbom","scorecard":{"id":887670,"data":{"date":"2025-08-11","repo":{"name":"github.com/tiran/defusedxml","commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/pypi.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pypi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pypi.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tiran/defusedxml/pypi.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:54","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:66","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:68","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:48","Warn: pipCommand not pinned by hash: .github/workflows/pypi.yml:50","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pypi.yml:80"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:36:53.901Z","repository_id":41086477,"created_at":"2025-08-24T10:36:53.901Z","updated_at":"2025-08-24T10:36:53.901Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003722,"owners_count":26083610,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"tiran","name":"Christian Heimes","uuid":"444071","kind":"user","description":"@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him)\r\nViews are my own.","email":"","website":null,"location":"Hamburg, Germany","twitter":"ChristianHeimes","company":"Red Hat","icon_url":"https://avatars.githubusercontent.com/u/444071?v=4","repositories_count":219,"last_synced_at":"2025-10-06T00:27:04.520Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/tiran","funding_links":[],"total_stars":837,"followers":571,"following":0,"created_at":"2022-11-02T16:22:48.103Z","updated_at":"2025-10-06T00:27:04.520Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tiran/repositories"},"tags":[{"name":"v0.8.0rc2","sha":"55dbde29c06834bf2015db88310aaa05f3b7c8c7","kind":"tag","published_at":"2023-09-29T07:59:35.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc2/manifests"},{"name":"v0.8.0rc1","sha":"8be621061cc8146ad3f5c0b4299bc5d472ac0349","kind":"tag","published_at":"2023-09-26T19:15:11.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.8.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.8.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.8.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.8.0rc1/manifests"},{"name":"v0.7.1","sha":"ebff1b493751e2f0775314bdd4188d64f07ea184","kind":"tag","published_at":"2021-03-08T10:58:43.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.1/manifests"},{"name":"v0.7.0","sha":"6653936f117fba5348a271b7d314951275088162","kind":"tag","published_at":"2021-03-04T09:41:51.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0/manifests"},{"name":"v0.7.0rc2","sha":"bdb55aa99d8a0a9e5765c05184b697c1c37fa28a","kind":"tag","published_at":"2021-01-12T18:44:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0rc2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0rc2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0rc2/manifests"},{"name":"v0.7.0.rc1","sha":"eb38a2d710b67df48614cb5098ddb8472289ce6d","kind":"tag","published_at":"2020-05-04T21:50:03.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.7.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.7.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.7.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.7.0.rc1/manifests"},{"name":"v0.6.0","sha":"0250d10930e4d5acf24ccc7144184989e65c2f3c","kind":"tag","published_at":"2019-04-17T21:10:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0/manifests"},{"name":"v0.6.0.rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-17T21:07:02.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.6.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.6.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.6.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.6.0.rc1/manifests"},{"name":"0.6.0rc1","sha":"49fe241089cac233ea59dd3c2a056a4de7f51257","kind":"tag","published_at":"2019-04-14T12:03:45.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/0.6.0rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/0.6.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@0.6.0rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/0.6.0rc1/manifests"},{"name":"v0.5.0","sha":"d0f5633183e7f9f6614814b0d43fb9a18c5ba893","kind":"tag","published_at":"2017-02-09T14:18:06.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0/manifests"},{"name":"v0.5.0.rc1","sha":"1998cd075ab1f748a7569e020bc94de71676c0db","kind":"tag","published_at":"2017-01-28T13:54:01.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.5.0.rc1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.5.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.1","sha":"5cf3f0f3daaeb726a0f26e418b37e7b9e42edc53","kind":"commit","published_at":"2013-03-28T11:22:24.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"7785f9b766af8c38a78e740c095e8362cd6e756c","kind":"commit","published_at":"2013-02-25T11:08:29.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.4","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.4/manifests"},{"name":"v0.3","sha":"077be217555b1914979cccc972e57d231642989e","kind":"commit","published_at":"2013-02-19T12:27:07.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.3","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.3/manifests"},{"name":"v0.2","sha":"73e465c098031a0c9afb7371154274b02368f5ce","kind":"commit","published_at":"2013-02-15T14:31:59.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.2","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.2/manifests"},{"name":"v0.1","sha":"e962006b4ad1359482595772fc9b9707b212617e","kind":"commit","published_at":"2013-02-08T21:38:40.000Z","download_url":"https://codeload.github.com/tiran/defusedxml/tar.gz/v0.1","html_url":"https://github.com/tiran/defusedxml/releases/tag/v0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/tiran/defusedxml@v0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/tags/v0.1/manifests"}]},"repo_metadata_updated_at":"2025-10-12T01:20:47.495Z","dependent_packages_count":4,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":7.8926686875491185,"stargazers_count":12.692264511058719,"forks_count":15.521499943864375,"average":9.026608285618053},"purl":"pkg:apk/alpine/py3-defusedxml?arch=x86_64\u0026repository_url=https://pkgs.alpinelinux.org/packages?branch=v3.17","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/alpine/py3-defusedxml","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/alpine/py3-defusedxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/alpine/py3-defusedxml/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-09-26T20:09:16.936Z","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","maintainers":[{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/packages/py3-defusedxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/packages/py3-defusedxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/packages/py3-defusedxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/packages/py3-defusedxml/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/packages/py3-defusedxml/codemeta","maintainers":[{"uuid":"robertoguimaraes8@gmail.com","login":null,"name":"Roberto Oliveira","email":null,"url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","packages_count":34,"html_url":"https://pkgs.alpinelinux.org/packages?maintainer=Roberto Oliveira","role":null,"created_at":"2023-02-01T08:02:20.272Z","updated_at":"2023-02-01T08:02:20.272Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/maintainers/robertoguimaraes8@gmail.com/packages"}],"registry":{"name":"alpine-v3.17","url":"https://pkgs.alpinelinux.org/packages?branch=v3.17","ecosystem":"alpine","default":false,"packages_count":17817,"maintainers_count":352,"namespaces_count":2,"keywords_count":0,"github":"alpinelinux","metadata":{"repos":["main","community"],"funded_packages_count":1034},"icon_url":"https://github.com/alpinelinux.png","created_at":"2023-01-31T17:27:50.642Z","updated_at":"2026-03-05T07:54:00.528Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/alpine-v3.17/namespaces"}}],"commits":{"id":3042,"full_name":"tiran/defusedxml","default_branch":"main","total_commits":201,"total_committers":6,"total_bot_commits":0,"total_bot_committers":0,"mean_commits":33.5,"dds":0.06965174129353235,"past_year_total_commits":0,"past_year_total_committers":0,"past_year_total_bot_commits":0,"past_year_total_bot_committers":0,"past_year_mean_commits":0.0,"past_year_dds":0.0,"last_synced_at":"2026-03-07T15:33:25.935Z","last_synced_commit":"c7445887f5e1bcea470a16f61369d29870cfcfe1","created_at":"2023-03-07T09:15:56.646Z","updated_at":"2026-03-07T15:33:25.910Z","committers":[{"name":"Christian Heimes","email":"christian@python.org","login":"tiran","count":187},{"name":"Brett Cannon","email":"brett@python.org","login":"brettcannon","count":8},{"name":"Jon Dufresne","email":"jon.dufresne@gmail.com","login":"jdufresne","count":3},{"name":"Kian-Meng Ang","email":"kianmeng@cpan.org","login":"kianmeng","count":1},{"name":"Jakub Wilk","email":"jwilk@jwilk.net","login":"jwilk","count":1},{"name":"Fred Drake","email":"fred@fdrake.net","login":"freddrake","count":1}],"past_year_committers":[],"commits_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/commits","host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-03-08T00:00:12.791Z","repositories_count":6189400,"commits_count":931676332,"contributors_count":36090311,"owners_count":1148383,"icon_url":"https://github.com/github.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories"}},"issues":{"table":{"full_name":"tiran/defusedxml","html_url":"https://github.com/tiran/defusedxml","last_synced_at":"2026-03-04T10:00:37.439Z","status":"error","issues_count":56,"pull_requests_count":58,"avg_time_to_close_issue":39990091.307692304,"avg_time_to_close_pull_request":12247573.80392157,"issues_closed_count":52,"pull_requests_closed_count":51,"pull_request_authors_count":23,"issue_authors_count":51,"avg_comments_per_issue":2.25,"avg_comments_per_pull_request":1.3793103448275863,"merged_pull_requests_count":26,"bot_issues_count":0,"bot_pull_requests_count":2,"past_year_issues_count":1,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":7801331.0,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":1,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.5,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"created_at":"2023-05-10T14:52:27.420Z","updated_at":"2026-03-04T10:00:37.439Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/tiran%2Fdefusedxml/issues","issue_labels_count":{"table":{"bug":1,"wontfix":1}},"pull_request_labels_count":{"table":{"duplicate":2,"dependencies":2,"bug":1}},"issue_author_associations_count":{"table":{"NONE":52,"CONTRIBUTOR":3,"OWNER":1}},"pull_request_author_associations_count":{"table":{"NONE":23,"OWNER":22,"CONTRIBUTOR":13}},"issue_authors":{"table":{"ecederstrand":3,"JonZeolla":2,"dga-nagra":2,"zuber7":2,"d1p":1,"tiff1127":1,"endlisnis":1,"Hritik14":1,"mschwager":1,"oca159":1,"Jon-Work":1,"papadeltasierra":1,"mcswell2001":1,"tiran":1,"drigz":1,"NicoHood":1,"sudharsan78":1,"timhemel":1,"jbethune":1,"yauhen-sobaleu":1,"jmelahman":1,"dgtlmoon":1,"charleswhchan":1,"alvaro-crespo":1,"martinbergpetersen":1,"brunato":1,"fingermark":1,"kloczek":1,"italomaia":1,"sshishov":1,"abo-abo":1,"oar-spease":1,"Gittenburg":1,"cemakpolat":1,"c00kiemon5ter":1,"spaceone":1,"wwwzhangshenzecn":1,"ankitgupta8888":1,"romaingz":1,"xgodon":1,"swamper123":1,"sagaragarwal94":1,"turicas":1,"brocef":1,"AdamWill":1,"pmezard":1,"pitbulk":1,"dimaqq":1,"lewismc":1,"angelarosario":1,"walkinrain369":1}},"pull_request_authors":{"table":{"tiran":22,"jdufresne":7,"cclauss":5,"Viicos":2,"brunato":2,"ecederstrand":2,"dependabot[bot]":2,"AntoineSebert":1,"d1p":1,"radarhere":1,"jelmer":1,"icemac":1,"amadev":1,"marienz":1,"khatkar":1,"hroncok":1,"kianmeng":1,"AdamWill":1,"jwilk":1,"jmelahman":1,"ticosax":1,"frenzymadness":1,"liZe":1}},"host":{"table":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-03-06T00:00:12.726Z","repositories_count":13598487,"issues_count":34939400,"pull_requests_count":113887477,"authors_count":11184392,"icon_url":"https://github.com/github.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors"}},"past_year_issue_labels_count":{"table":{}},"past_year_pull_request_labels_count":{"table":{}},"past_year_issue_author_associations_count":{"table":{}},"past_year_pull_request_author_associations_count":{"table":{}},"past_year_issue_authors":{"table":{}},"past_year_pull_request_authors":{"table":{}},"maintainers":[{"table":{"login":"tiran","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tiran"}}],"active_maintainers":[]}},"events":{"total":{"PullRequestEvent":2,"ForkEvent":3,"IssuesEvent":1,"WatchEvent":41,"IssueCommentEvent":2,"PullRequestReviewEvent":3},"last_year":{"ForkEvent":1,"WatchEvent":23,"IssueCommentEvent":1}},"keywords":[],"dependencies":[{"ecosystem":"actions","filepath":".github/workflows/main.yml","sha":null,"kind":"manifest","created_at":"2023-01-23T04:46:27.996Z","updated_at":"2023-01-23T04:46:27.996Z","repository_link":"https://github.com/tiran/defusedxml/blob/main/.github/workflows/main.yml","dependencies":[{"id":7109321714,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":7109321715,"package_name":"actions/setup-python","ecosystem":"actions","requirements":"v4","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/pypi.yml","sha":null,"kind":"manifest","created_at":"2023-01-23T04:46:28.020Z","updated_at":"2023-01-23T04:46:28.020Z","repository_link":"https://github.com/tiran/defusedxml/blob/main/.github/workflows/pypi.yml","dependencies":[{"id":7109321723,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":7109321724,"package_name":"actions/setup-python","ecosystem":"actions","requirements":"v4","direct":true,"kind":"composite","optional":false},{"id":7109321725,"package_name":"pypa/gh-action-pypi-publish","ecosystem":"actions","requirements":"master","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"pypi","filepath":"pyproject.toml","sha":null,"kind":"manifest","created_at":"2023-09-29T08:14:33.234Z","updated_at":"2023-09-29T08:14:33.234Z","repository_link":"https://github.com/tiran/defusedxml/blob/main/pyproject.toml","dependencies":[]},{"ecosystem":"pypi","filepath":"setup.py","sha":null,"kind":"manifest","created_at":"2023-09-29T08:14:33.247Z","updated_at":"2023-09-29T08:14:33.247Z","repository_link":"https://github.com/tiran/defusedxml/blob/main/setup.py","dependencies":[]}],"score":29.547640350227958,"created_at":"2025-10-09T10:55:32.970Z","updated_at":"2026-06-20T14:30:45.468Z","avatar_url":"https://github.com/tiran.png","language":"Python","codemeta":null,"publiccode":null,"project_url":"https://summary.ecosyste.ms/api/v1/projects/366725","html_url":"https://summary.ecosyste.ms/projects/366725"}