Skip to content

OSS Health

Jump to bottom
Gabe Stocco edited this page Jun 4, 2021 · 1 revision

As the name suggests, OSS Health estimates the health of an open source package. It does this by collecting various metrics from a project (currently only supported for GitHub), combining them through an algorithm that we think is reasonable, and displaying the output.

In this context, we mean "health" to mean, roughly, the likelihood that a package will continue to meet stakeholder expectations in the future. We can divide this into different areas:

  • Will the project continue to address bugs?
  • Will there be new/improved features?
  • How vibrant is the community?
  • What is the so-called "bus factor"?
  • Are security issues addressed promptly?

We recognize that the algorithm implemented isn't perfect, and welcome dialogue and contributions on how to improve it.

Usage information from --help.

USAGE:
Find the source code repository for the given package:
  oss-health [options] package-url...

  -f, --format         (Default: text) selct the output format(text|sarifv1|sarifv2)
  -o, --output-file    (Default: ) send the command output to a file instead of stdout
  --help               Display this help screen.
  --version            Display version information.

The package-url specifier is described at https://github.com/package-url/purl-spec:
  pkg:cargo/rand                The latest version of Rand (via crates.io)
  pkg:cocoapods/AFNetworking    The latest version of AFNetworking (via cocoapods.org)
  pkg:composer/Smarty/Smarty    The latest version of Smarty (via Composer/ Packagist)
  pkg:cpan/Apache-ACEProxy      The latest version of Apache::ACEProxy (via cpan.org)
  pkg:cran/ACNE@0.8.0           Version 0.8.0 of ACNE (via cran.r-project.org)
  pkg:gem/rubytree@*            All versions of RubyTree (via rubygems.org)
  pkg:golang/sigs.k8s.io/yaml   The latest version of sigs.k8s.io/yaml (via proxy.golang.org)
  pkg:github/Microsoft/DevSkim  The latest release of DevSkim (via GitHub)
  pkg:hackage/a50@*             All versions of a50 (via hackage.haskell.org)
  pkg:maven/org.apdplat/deep-qa The latest version of org.apdplat.deep-qa (via repo1.maven.org)
  pkg:npm/express               The latest version of Express (via npm.org)
  pkg:nuget/Newtonsoft.JSON     The latest version of Newtonsoft.JSON (via nuget.org)
  pkg:pypi/django@1.11.1        Version 1.11.1 fo Django (via pypi.org)
  pkg:ubuntu/zerofree           The latest version of zerofree from Ubuntu (via packages.ubuntu.com)
  pkg:vsm/MLNET/07              The latest version of MLNET.07 (from marketplace.visualstudio.com)
  pkg:url/foo@1.0?url=<URL>     The direct URL <URL>
Clone this wiki locally