Deprecated JFrog APIs
JFrog APIs that have been deprecated are archived here until being decommissioned. Note there will not be OpenAPI specification endpoints created for these legacy APIs. For an overview of available OpenAPI specification endpoints that are available, see OpenAPI Specifications.
Get Users (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the GET Users (SCIM) API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Get the list of users.
Since: 2.4.0
To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.
Security: Requires an admin user.
Usage: GET /artifactory/api/security/users
Produces: application/json (application/vnd.org.jfrog.artifactory.security.Users+json)
Sample Output:
GET /artifactory/api/security/users
[
{
"name": "davids"
"uri" : "http://localhost:8082/artifactory/api/security/users/davids"
"realm" : "internal"
}, {
"name": "danl"
"uri" : "http://localhost:8082/artifactory/api/security/users/danl"
"realm" : "ldap"
}
]Create or Replace User (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Create User API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Creates a new user in Artifactory or replaces an existing user.
Since: 2.4.0
Missing values will be set to the default values as defined by the consumed type.
Security: Requires an admin user
Usage: PUT /artifactory/api/security/users/{userName}
Consumes: application/json (application/vnd.org.jfrog.artifactory.security.User+json)
Sample Usage:
PUT /artifactory/api/security/users/davids
{
user.json
}Update User (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Update a User API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Updates an existing user in Artifactory with the provided user details.
Since: 2.4.0
Missing values will be set to the default values as defined by the consumed type.
To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.
Security: Requires an admin user.
Usage: POST /artifactory/api/security/users/{userName}
Consumes: application/json (application/vnd.org.jfrog.artifactory.security.User+json)
Sample Usage:
POST /artifactory/api/security/users/davids
{
user.json
}Delete User (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Delete User API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Removes an Artifactory user.
Since: 2.4.0
To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.
Security: Requires an admin user
Usage: DELETE /artifactory/api/security/users/{userName}
Produces: application/text
Sample Usage:
DELETE /artifactory/api/security/users/davids
User 'davids' has been removed successfully.Expire Password for a Single User (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Set User Password as Expired API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Expires a user's password.
Since: 4.4.2
Security: Requires an admin user.
Usage: POST /artifactory/api/security/users/authorization/expirePassword/{userName}
Sample Usage:
POST /artifactory/api/security/users/authorization/expirePassword/davidsChange Password (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Change a User Password API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Changes a user's password.
Since: 4.4.2
Security: Admin can apply this method to all users, and each (non-anonymous) user can use this method to change their own password.
Usage: POST /artifactory/api/security/users/authorization/changePassword -H "Content-type: application/json" -d ' { "userName" : "{user}", "oldPassword" : "{old password}", "newPassword1" : "{new password}", "newPassword2" : "{verify new password}" }
Produces: application/text
Sample Usage:
POST /artifactory/api/security/users/authorization/changePassword -H "Content-type: application/json" -d '{ "userName" : "davids", "oldPassword" : "op", "newPassword1" : "np", "newPassword2" : "np" }'Unlock Locked Out User (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Unlock User API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Unlocks a single user who was locked out due to recurrent incorrect login attempts.
Security: Requires a valid admin user
Usage: POST /artifactory/api/security/unlockUsers/{userName}
Produces: application/text
Since: 4.4
Sample Usage:
POST /artifactory/api/security/unlockUsers/{userName}Get Groups (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Get a List of Groups API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Get the groups list.
Since: 2.4.0
Security: Requires an admin user
To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.
Usage: GET /artifactory/api/security/groups
Produces: application/json (application/vnd.org .jfrog.artifactory.security.Users+json) , application/json (application/vnd.org.jfrog.artifactory.security.Groups+json), application/json (application/vnd.org.jfrog.artifactory.security.PermissionTargets+json)
Sample Output:
GET /artifactory/api/security/groups
[
{
"name": "readers"
"uri" : "http://localhost:8081/artifactory/api/security/groups/readers"
}, {
"name": "tech-leads"
"uri" : "http://localhost:8081/artifactory/api/security/groups/tech-leads"
}
]Get Group Details (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Get Group Details API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Get the details of an Artifactory Group
Since: 2.4.0
From Artifactory version 6.13, you can use the includeUsers parameter (includeUsers=true) to get the users' details.
Security: Requires an admin user
Usage: GET /artifactory/api/security/groups/{groupName}
Produces: application/json (application/vnd.org .jfrog.artifactory.security.Group+json)
Sample Output:
GET /artifactory/api/security/groups/dev-leads
{
group.json
}Create or Replace Group (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Create or Replace Group API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Creates a new group in Artifactory or replaces an existing group
Since: 2.4.0
Note
Missing values will be set to the default values as defined by the consumed type
To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.
Security: Requires an admin user
Usage: PUT /artifactory/api/security/groups/{groupName}
Consumes: application/json (application/vnd.org.jfrog.artifactory.security.Group+json)
Sample Usage:
PUT /artifactory/api/security/groups
{
group.json
}Update Group (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Group Update API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Updates an existing group in Artifactory with the provided group details.
Since: 2.4.0
To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.
From Artifactory 7.15.3, you can enforce using lower-case characters in user names when associating users to groups by setting the validate.lowercase.username.on.groupto true. The default is set to
false. When set to true, an error will be generated if an upper-case character is used in a user name.
Security: Requires an admin user
Usage: POST /artifactory/api/security/groups/{groupName}
Consumes: application/json (application/vnd.org.jfrog.artifactory.security.Group+json)
Sample Usage:
POST /artifactory/api/security/groups/dev-leads
{
group.json
}Delete Group (deprecated)
Note
- From Artifactory release 7.49.3, this API is being replaced by the Delete a Group API available in the JFrog Platform.
- Requires Artifactory Pro.
Description: Removes an Artifactory group.
Since: 2.4.0
To support spaces in the User, Group, or Permission names, a plus symbol ('+') is automatically placed when there is a space. This is set by default because the property artifactory.security.api.plus.insteadof.space is set to true. If you want to use the plus symbol ('+'), set artifactory.security.api.plus.insteadof.space to false.
Security: Requires an admin user
Usage: DELETE /artifactory/api/security/groups/{groupName}
Produces: application/text
Sample Usage:
DELETE /artifactory/api/security/groups/dev-leads
Group 'dev-leads' has been removed successfully.Create Token (deprecated)
Note
This API is being deprecated and replaced by the Create Token API.
Description: Creates an access token
Since: 5.0.0
Security: Requires a valid user
Usage: POST /artifactory/api/security/token
Content-Type: application/x-www-form-urlencoded
Produces: application/json
{
"access_token": "<the access token>",
"expires_in": <Validity period in seconds>,
"scope": "<access scope>",
"token_type": "Bearer",
"refresh_token": "<the refresh token if access_token is refreshable>"
}
Sample Usage:
curl -uadmin:password -XPOST "http://localhost:8082/artifactory/api/security/token" -d "username=johnq" -d "scope=member-of-groups:readers"
200
{
"access_token": "adsdgbtybbeeyh...",
"expires_in": 3600,
"scope": "api:* member-of-groups:readers",
"token_type": "Bearer",
"refresh_token": "fgsfgsdugh8dgu9s8gy9hsg..."
}
This endpoint takes the following parameters:
Parameter | Description |
|---|---|
| [Optional, default: "client_credentials"] The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified. |
| The user name for which this token is created. If the user does not exist, a transient user is created. Non-admin users can only create tokens for themselves so they must specify their own username. If the user does not exist, the |
| The scope to assign to the token, provided as a space-separated list of scope tokens. Currently, there are three possible scope tokens:
|
| [Optional, default: 3600] The time in seconds for which the token will be valid. To specify a token that never expires, set to zero. Non-admin can only set a value that is equal to or less than the default 3600. |
| [Optional, default: false] If true, this token is refreshable and the refresh token can be used to replace it with a new token once it expires. |
| [Optional, default: Only the service ID of the Artifactory instance that created the token] A space-separate list of the other Artifactory instances or services that should accept this token identified by their Artifactory Service IDs as obtained from the Get Server ID endpoint. In case you want the token to be accepted by all Artifactory instances you may use the following audience parameter "audience=jfrt@*". |
Refresh Token (deprecated)
This API is being deprecated and replaced by the Create Token API.
Description: Refresh an access token to extend its validity. If only the access token and the refresh token are provided (and no other parameters), this pair is used for authentication. If username or any other parameter is provided, then the request must be authenticated by a token that grants admin permissions.
Since: 5.0.0
Security: Requires a valid user (unless both access token and refresh token are provided)
Usage: POST /artifactory/api/security/token
Content-Type: application/x-www-form-urlencoded
Produces: application/json (refer to Create Token)
Sample Usage:
curl -XPOST "http://localhost:8082/artifactory/api/security/token" -d "grant_type=refresh_token" -d "refresh_token=fgsg53t3g…" -d "access_token=gsfdgw35gt..."
200 (Success) As in Create Token
400 (Error) If the token was created by a different Artifactory instance (and hence cannot be refreshed)
Parameter | Description |
|---|---|
| Should be set to |
| The refresh token of the access token that needs to be refreshed. |
| The access token to refresh. Note: |
| The user name for which this token is created. If the user does not exist, a transient user is created. Non-admin users can only create tokens for themselves so they must specify their own username. If the user does not exist, the Note: |
| The scope to assign to the token, provided as a space-separated list of scope tokens. Currently, there are three possible scope tokens:
|
| [Optional, default: 3600] The time in seconds for which the token will be valid. To specify a token that never expires, set to zero. Non-admin can only set a value that is equal to or less than the default 3600. |
| [Optional, default: false] If true, this token is refreshable and the refresh token can be used to replace it with a new token once it expires. |
| [Optional, default: Only the service ID of the Artifactory instance that created the token] A space-separate list of the other Artifactory instances or services that should accept this token identified by their Artifactory Service IDs as obtained from the Get Server ID endpoint. In case you want the token to be accepted by all Artifactory instances you may use the following audience parameter "audience=jfrt@*". |
Get Tokens (deprecated)
Note
This API is being deprecated and replaced by the Get Tokens API.
Description: Get a list of all tokens created by an Artifactory instance
Since: 5.0.0
Security: Requires an admin user.
Usage: GET /artifactory/api/security/token
Content-Type: application/x-www-form-urlencoded
Produces: application/json
{
"tokens":[
{
"token_id":"<the token id>",
"issuer":"<the service ID of the issuing Artifactory instance>",
"subject":"<subject>",
"expiry": <time when token expires as seconds since 00:00:00 1/1/1970>,
"refreshable":<true | false>,
"issued_at":<time issued as seconds since 00:00:00 1/1/1970>,
}, ...
]
}
Sample Usage:
curl -uadmin:password -XGET "http://localhost:8082/artifactory/api/security/token
200 OK
{
"tokens":[
{
"token_id":"123",
"issuer":"jf-artifactory@123123",
"subject":"jf-artifactory@123123/users/theusername",
"expiry":145154545,
"refreshable":true,
"issued_at":144152345
}, ...
]
}Revoke Token (deprecated)
Note
This API is being deprecated and replaced by the Revoke Token by ID and Revoke Token by Value APIs.
Description: Revoke an access token by specifying the token or the token_id.
Since: 5.0.0
Security: Requires an admin user.
Usage: POST /artifactory/api/security/token/revoke
Content-Type: application/x-www-form-urlencoded
Produces: application/json
Sample Usage:
curl -uadmin:password -XPOST "http://localhost:8082/artifactory/api/security/token/revoke" -d "token=fasdt3..."
or
curl -uadmin:password -XPOST "http://localhost:8082/artifactory/api/security/token/revoke" -d "token_id=7e0eec..."
200 OK (Also returned if the token was already revoked or non-existent)
400 (Error) If the token was created by a different Artifactory instance (and hence cannot be revoked)This endpoint can take either of the following parameters:
| Parameter | Description |
|---|---|
token | The token to be revoked. |
token_id | The ID of the token to be revoked. |
Save Security Configuration (deprecated)
Note
This REST API is deprecated from Artifactory 7.x and later. JFrog recommends replace this API with Export Access Configuration REST API , which uses the
access.bootstrap.json.
Description: Saves the security configuration (security.xml). Requires the security.xml file from the same version.
Since: From Artifactory 2.2.0 - 6.x.
Security: Requires a valid admin user
Usage: POST /artifactory/api/system/security
Consumes: application/xml
Sample Usage:
POST /artifactory/api/system/security
<security.xml/>Expire Password for All Users (deprecated)
Note
- This REST API is deprecated and replaced by the Expire Password for All Users REST API.
- Requires Artifactory Pro.
Description: Expires a password for all users.
Since: 4.4.2
Security: Requires an admin user.
Usage: POST /artifactory/api/security/users/authorization/expirePasswordForAllUsers
Sample Request:
POST https://[JFrogPlatformURL]/artifactory/api/security/users/authorization/expirePasswordForAllUsersRemote Repository Configuration (deprecated)
Note
This API is deprecated. Use the Get Repository Configuration API instead.
Description: Returns the shared configuration of a remote repository.
Since: 2.2.0
Security: Requires a valid user for a shared remote repository and admin user for anything else. Shared remote repository data will be sanitized for security when non-admin user is used.
Usage: GET /artifactory/api/repositories/{remoteRepoName}/configuration
Produces: application/json (application/vnd.org.jfrog.artifactory.repositories.SharedRemoteRepositoryConfiguration+json)
Sample Output:
GET /artifactory/api/repositories/remote-repo/configuration
{
repository-config.json
}Folder Sync (deprecated)
Note
Requires Artifactory Pro.
Description: Triggers a no-content download of artifacts from a remote Artifactory repository for all artifacts under the specified remote folder. Can optionally delete local files if they do not exist in the remote folder, overwrite local files only if they are older than remote files, or never overwrite local files.
The default is not to delete any local files and to overwrite older local files with remote ones. By default progress marks of the sync are displayed. The default timeout for the remote file list is 15000 milliseconds (15 seconds).
Security: Requires a privileged user (can be anonymous). For non-admin users will replicate at max the number of files as defined by the artifactory.search.userQueryLimit system property.
Usage: GET artifactory/api/sync/{remoteRepositoryKey}/{folderPath}[?progress=showProgress][&mark=numOfBytesToPrintANewProgressMark][&delete=deleteExistingFiles][&overwrite=never/force][&timeout=fileListTimeoutInMillis]
Produces: text/plain
Since: 2.2.4
Sample Output:
GET artifactory/api/sync/my-remote/org/acme/1.0?progress=1&delete=1
.....................................................
.....................................................
.....................................................
..........................................
Completed: 970/1702 bytes
.....................................................
..................
Completed: 1702/1702 bytes
Completed with 0 errors and 2 warnings (please check the server log for more details).
File Compliance Info (deprecated)
Note
This API is deprecated from Artifactory version 5.0.
Description: Get compliance info for a given artifact path. The result includes license and vulnerabilities if any. Supported by local and local-cached repositories.
Since: 3.0.0
Security: Requires an authenticated user.
Usage: GET: artifactory/api/compliance/{repoKey}/{item-path}
Produces: application/json
Sample Output:
GET: artifactory/api/compliance/libs-release-local/ch/qos/logback/logback-classic/0.9.9/logback-classic-0.9.9.jar
{
"licenses" : [ {"name":"LGPL v3", "url": "http://"}, {"name":"APL v2", "url": "http://"}... ],
"vulnerabilities" : [ {"name":"CVE-13427", "url": "http://"}, {"name":"CVE-1041", "url": "http://"}... ]
}Pull/Push Replication (deprecated)
Note
This API is deprecated. Use the Pull/Push Replication API instead.
Description: Schedules immediate content replication between two Artifactory instances. Replication can include properties and can optionally delete local items if they do not exist in the source repository.
This API completes the existing cron-based replication exposed via the Artifactory UI and allows for on-demand execution.
- Pull Replication: Pulls content from a remote Artifactory repository to a local cache of the remote repository.
- Push Replication: Pushes content from a local repository into a remote Artifactory local repository.
Supported by local, local-cached, and remote repositories.
Notes: Requires Artifactory Pro
Security: Requires a privileged user (can be anonymous) For non-admin users, will replicate at max the number of files as defined by the artifactory.search.userQueryLimit system property.
Usage: POST /api/replication/{srcRepoKey}/{srcPath}
Consumes: application/json (application/vnd.org.jfrog.artifactory.replication.ReplicationRequest+json)
Since: 2.4.0
Sample Usage:
POST /api/replication/libs-release-local/com/acme
{
//The following is only applicable for push replication
+ "url" : "https://repo.nmiy.org/repo-key", // The remote repository URL
+ "username": "replicator", //The name of a user with deploy permissions on the remote repository
+ "password": "***", //The remote repository password
- "properties": true, //Sync item properties (true by default)
- "delete": true, //Sync deletions (false by default)
- "proxy": "org-prox", //A name of an Artifactory-configured proxy to use for remote requests
}Export Component Details V1 (deprecated)
Description: Export component scan results, SPDX SBOM doc or CycloneDX SBOM doc.
Security: Requires a valid user with the "Read" permission.
Usage: POST /xray/api/v1/component/exportDetails
Consumes: application/json
Produces: application/octet-stream
Request Body:
Name | Type | Required/Optional | Description |
|---|---|---|---|
| string | required | The type of package. Acceptable values: build, releaseBundle, docker, debian, npm, rpm, go, pypi, conan, terraform, alpine, nuget, cran, maven, huggingfaceml, cran, cargo, conda, composer. |
| string | required | SHA256 checksum of the component. Note: The request must include either this property or |
| string | required | The name of the component, e.g Note: The request must include either this property or |
Scan results export options: | |||
| boolean | optional | Include violations in the export. |
| boolean | optional | Include ignored violations in the export. |
| boolean | optional | Include license information in the export. |
| boolean | optional | Exclude components with unknown licenses from the export. |
| boolean | optional | Include security vulnerability information in the export. |
| boolean | optional | Include operational risk information in the export. |
| boolean | optional | Include information about secrets in the export. |
| boolean | optional | Include information about services in the export |
| boolean | optional | Include information about applications in the export. |
| boolean | optional | Include information about Infrastructure as Code (IaC) |
| string | required | Output format of the exported scan results. Acceptable values:
Note: SPDX and CycloneDX formats are set by the other properties below. |
SPDX SBOM doc export options: | |||
| boolean | optional | Generate SPDX format in the export. |
| string | optional | Format of the SPDX output. Acceptable values: json, tag:value, xlsx |
CycloneDX SBOM doc export options: | |||
| boolean | optional | Generate CycloneDX format in the export |
| string | optional | Format of the CycloneDX output. Acceptable values: json, xml |
| boolean | optional | Include VEX in CycloneDX exported doc. |
Sample Request exporting the scan results:
{
"package_type": "docker",
"sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",
"component_name": "ics:latest",
"violations": true,
"include_ignored_violations": true,
"license": true,
"exclude_unknown": false,
"operational_risk": true,
"security": true,
"secrets": true,
"services": true,
"applications": true,
"output_format": "pdf"
}
Sample Request - exporting CycloneDX Doc:
{
"package_type": "docker",
"component_name": "ics:latest",
"sha_256": "1d36301476dc57eb479e03d9e37a885dd751a6e6979f6f916a92c10cb7520e4e",
"cyclonedx": true,
"cyclonedx_format": "json",
"vex": false
}
Sample Request - exporting SPDX and CycloneDX JSON Docs:
{
"package_type": "maven",
"component_name": "org.eclipse.jdt:ecj:3.12.3",
"spdx": true,
"spdx_format": "json",
"cyclonedx": true,
"cyclonedx_format": "json",
"vex": false
}
Response Codes
| Response Codes | Description |
|---|---|
| 200 | Success |
| 400 | Invalid request payload |
| 403 | No permission to component |
| 500 | Failed to export component details |
Metadata GraphQL API (deprecated)
Metadata GraphQL API includes the following:
Authentication to Use the Metadata Server GraphQL
Using GraphQL to query metadata provides a simple way to fetch packages data stored in the metadata microservice. Since GraphQL enables you to query objects in a hierarchical structure, and allows you to choose which fields to include in a response, it will be simpler to find the exact data you are looking for.
To use the metadata server GraphQL, you will need a scoped token for Artifactory.
cURL Example
curl -H "Authorization: Bearer <Your Token>" -XPOST http://<server:port>/metadata/api/v1/query -d '{"query":"..." }'GraphiQL
JFrog offers a version of a simple GraphiQL, a UI tool for your GraphQL queries. You can use the GraphiQL to learn about the GraphQL metadata schema and as a playground to test your queries. To access it, <your server url>/metadata/api/v1/query/graphiql.
.
Build a Metadata GraphQL Query
In this section, you will learn about the structure of a query, how to construct a query, and the available Metadata queries. It includes the following sections:
- GraphQL Pagination
- Available Queries for Metadata GraphQL
- Filter Types
- Entities and Fields
- Example 1: Package by Name and Type
- Example 2: Package with its Versions and Licenses by Creation Date
GraphQL Pagination
The Metadata GraphQL implementation utilizies GraphQL's pagination convention using the GraphQL connection model. This means that every entity queried is embedded within a wrapper containing the pagination information. To learn more, see Pagination and edges.
GraphQL query enables you to sort and order your queries by using a set of predefined arguments. Available sort arguments are First (limit), After (Offset) and OrderBy.
For example, for Package pagination you can use: (first:5 after:$PackageCursor). The Package cursor is retrieved from the last Package queried. Additionally, you can get the last Package cursor and know if there are additional Packages to query by adding the pageInfo to your query.
Pagination Example
query
{
packages (
# filter argument
filter: {name: "*" },
first: 5,
after: "UGFja2FnZTo1"
)
{
pageInfo
{
hasNextPage
endCursor
}
# Connection Model
edges {
cursor
node {
#Object fields to be returned by the query
name
packageType
description
}
}
}
}Available Queries for Metadata GraphQL
The following are the queries available for the Metadata GraphQL.
Packages
packages(
filter: PackageFilter!
first: Int
after: ID
orderBy: PackageOrder
): PackageConnection!Versions
versions(
filter: VersionFilter!
first: Int
after: ID
orderBy: VersionOrder
): VersionConnection!Files
files(
filter: FileFilter!
first: Int
after: ID
orderBy: FileOrder
): FileConnection!Filter Types
The following describes the available filter names you can use to construct a filter for each of the query types.
PackageFilter!
| Filter Name | Type | Description | Example |
|---|---|---|---|
name | Case-sensitive pattern | Match package names against a pattern. | name: "arti*" |
packageTypeIn | [PackageType!] | Match packages of one of the given types. | packageTypeIn: [BOWER, COCOAPODS] |
createdMin | Time | Match packages with a "created date" equal or after provided date. | createdMin: "2019-12-25T00:00:01.000Z" |
createdMax | Time | Match packages with a "created date" equal or before provided date. | createdMax: "2019-12-25T00:00:01.000Z" |
modifiedMin | Time | Match packages with a "modified date" equal or after provided date. | createdMax: "2019-12-25T00:00:01.000Z" |
modifiedMax | Time | Match packages with a "modified date" equal or before provided date. | createdMax: "2019-12-25T00:00:01.000Z" |
latestVersion | Case-sensitive pattern | Match packages with the latest version matching the provided pattern. | latestVersion: "_ersion_" |
versionCountMin | Int | Match packages with at least a certain amount of versions. | versionCountMin: 1 |
versionCountMax | Int | Match packages with at most a certain amount of versions. | versionCountMin: 1 |
VersionFilter!
| Filter Name | Type | Description | Example |
|---|---|---|---|
name | Case-sensitive pattern | Match version names against a pattern. | name: "*1.1*" |
createdMin | Time | Match versions with a "created date" equal or after provided date. | createdMin: "2019-12-25T00:00:01.000Z" |
createdMax | Time | Match versions with a "created date" equal or before provided date. | createdMin: "2019-12-25T00:00:01.000Z" |
sizeMin | String | Match versions with size greater than or equal to provided size. | sizeMin: "100" |
sizeMax | String | Match versions with size less than or equal to provided size. | sizeMax: "200" |
licenses | List Filter | Match versions with licenses. | licenses: {patterns: ["*gpl", "apache"]} |
tags | List Filter | Match versions with tags. | tags: {patterns: ["tag*","?tag*"]} |
properties | [NameValuePattern!] | Match versions with a specific set of properties. | properties: [{name:"*key1", value:"*value1"}, {name:"*key2", value:"*value2"}] |
vulnerabilities | [VulnerabilitiesFilter!] | Match versions with vulnerabilities. | vulnerabilities: [{level: LOW, countMin: 3}, {level: HIGH, countMin: 5}] |
FileFilter!
| Filter Name | Type | Description | Example |
|---|---|---|---|
name | Case-sensitive pattern | Match file names against a pattern. | name: "*1.1*" |
sizeMin | String | Match files with size greater than or equal to provided size. | sizeMin: "100" |
sizeMax | String | Match files with size less than or equal to provided size. | sizeMax: "200" |
md5 | Case-sensitive pattern | Match MD5 hashes against a pattern. | md5: "5eb63bbbe01eeed093cb22bb8f5*" |
sha1 | Case-sensitive pattern | Match SHA-1 hashes against a pattern. | sha1: "2aae6c35c94fcfb415dbe95f408b9ce91*" |
sha256 | Case-sensitive pattern | Match SHA-256 hashes against a pattern. | sha256: "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9*" |
Entities and Fields
Package
| Field | Type |
|---|---|
name | String! |
packageType | String! |
created | Time! |
modified | Time! |
versionsCount | Int! |
vcsUrl | String! |
issuesUrl | String! |
description | String! |
latestVersion | String! |
licenses | [License!] |
properties | [Property!] |
qualifiers | [Qualifier!] |
versions | [Version] |
sources | [Source!] |
tags | [String!] |
stats | PackageStats |
vulnerabilities | Vulnerabilities |
Licenses
| Field | Type |
|---|---|
name | String! |
source | String! |
description | String! |
modified | Time! |
url | String! |
Properties
| Name | Value |
|---|---|
name | String! |
value | String! |
Qualifiers
| Name | Value |
|---|---|
name | String! |
value | String! |
Versions
| Field | Type |
|---|---|
name | String! |
size | String! |
created | Time! |
modified | Time! |
license | Entity |
files | Entity |
repos | VersionRepository |
tags | Entity |
stats | VersionsStats |
qualifiers | Entity |
properties | Entity |
contributors | VersionContributors |
vulnerabilities | VersionVulnerabilities |
Sources
| Field | Type |
|---|---|
name | String! |
url | String! |
modified | Time! |
PackageStats
| Field | Type |
|---|---|
downloads | Int! |
followers | Int! |
VersionVulnerabilities
| Field | Type |
|---|---|
high | Int! |
medium | Int! |
low | Int! |
info | Int! |
unknown | Int! |
skipped | Int! |
Files
| Field | Type |
|---|---|
name | String! |
md5 | String! |
sha1 | String! |
sha256 | String! |
lead | Boolean |
length | String! |
arch | String! |
dist | String! |
compiler | String! |
compilerVersion | String! |
mimeType | String! |
qualifiers | Entity |
VersionRepository
| Field | Type |
|---|---|
name | String! |
url | String! |
type | String! |
leadFilePath | String! |
VersionStats
| Field | Type |
|---|---|
downloadCount | Int! |
VersionContributor
| Field | Type |
|---|---|
name | String! |
type | String! |
email | String! |
url | String! |
Example 1: Package by name and type
Query
# Query package name and description, filtered by name pattern, ordered by name descending
query {
packages(
filter: {
name: "*ello*",
packageTypeIn: [NPM, DOCKER]
},
first: 3,
orderBy: {
field: NAME,
direction: DESC
}
) {
edges {
node {
name
description
}
}
}
}Sample Result
{
"data": {
"packages": {
"edges": [
{
"node": {
"name": "p2Hello",
"description": "Sample Package 2"
}
},
{
"node": {
"name": "p1Hello",
"description": "Sample Package 1"
}
},
{
"node": {
"name": "library/hello-world",
"description": null
}
}
]
}
}
}Example 2: Package with its Versions and Licenses by Creation Date
Query
# Query Package name description and creation date, with its version names and sizes, and associated licenses name and source for each version.
# filtered by package creation date, limited to first 3 results.
query {
packages(
filter: {
createdMin: "2020-01-01T01:59:00.000Z"
},
first: 3
)
{
edges {
node {
name
description
created
versions{
name
size
licenses{
name
source
}
}
}
}
}
}Sample Result
{
"data": {
"packages": {
"edges": [
{
"node": {
"name": "sample_rpm-1",
"description": "Sample RPM Package for data generation",
"created": "2020-01-05T09:53:21.588Z",
"versions": [
{
"name": "0:2.0.0-2.0.0",
"size": "2080",
"licenses": [
{
"name": "MIT",
"source": "Local File"
}
]
},
{
"name": "0:8.0.0-8.0.0",
"size": "2080",
"licenses": [
{
"name": "MIT",
"source": "Local File"
}
]
}
]
}
},
{
"node": {
"name": "example package 7",
"description": null,
"created": "2020-01-09T18:02:48.604Z",
"versions": [
{
"name": "0.4.6",
"size": "",
"licenses": [
{
"name": "Apache-2.0",
"source": "Local File"
}
]
}
]
}
},
{
"node": {
"name": "another example",
"description": "a nice package for web apps",
"created": "2020-01-05T17:43:13.979Z",
"versions": [
{
"name": "1.2.32",
"size": "",
"licenses": [
{
"name": "MIT",
"source": "Local File"
}
]
},
{
"name": "1.7.9",
"size": "623646",
"licenses": [
{
"name": "MIT",
"source": "Local File"
}
]
}
]
}
}
]
}
}
}Updated about 1 month ago