DEV Community

Michael Scovetta
Michael Scovetta

Posted on

2 1

OSS Gadget: Using oss-download

#watercooler

As a security researcher, I often find myself downloading packages (rather than installing them). This is often harder than it should be, either requiring specific ecosystem-specific tools like npm or pip, or searching through websites like https://repo1.maven.org.

As a developer, I loathe repeating myself, so a few years ago, my team and I started building a collection of tools we call OSS Gadget. It simplifies and automates various task that we've needed to perform, and thought it would help others too.

OSS Gadget includes tools to help you download and extract packages, identify malware or cryptography, extract interesting characteristics, detect typo-squatting, and various other things.

In this post, I wanted to share the oss-download tool, which as the name suggests, helps you download and optionally extract packages from a wide variety of package ecosystems.

The oss-download tool operates on a Package URL, which is a convenient way to express an ecosystem, package, and version. For example, the Python Django package would be pkg:pypi/django, and version 4.1.4 of Django would be pkg:pypi/django@4.1.4.

To download Django 4.1.4, just run:

# oss-download pkg:pypi/django@4.1.4

   ____   _____ _____    _____           _            _
  / __ \ / ____/ ____|  / ____|         | |          | |
 | |  | | (___| (___   | |  __  __ _  __| | __ _  ___| |_
 | |  | |\___ \\___ \  | | |_ |/ _` |/ _` |/ _` |/ _ \ __|
 | |__| |____) |___) | | |__| | (_| | (_| | (_| |  __/ |_
  \____/|_____/_____/   \_____|\__,_|\__,_|\__, |\___|\__|
                                            __/ |
                                           |___/          
OSS Gadget - oss-download 0.1.365+570ffa6632 - github.com/Microsoft/OSSGadget
INFO  - Downloaded pkg:pypi/django@4.1.4 to /usr/src/app/pypi-bdist_wheel-django@4.1.4.whl
INFO  - Downloaded pkg:pypi/django@4.1.4 to /usr/src/app/pypi-sdist-django@4.1.4.tar.gz
Enter fullscreen mode Exit fullscreen mode

If you'd like to automatically extract the contents of the packages (recursively), use the -e option:

# oss-download -e pkg:pypi/django@4.1.4
Enter fullscreen mode Exit fullscreen mode

You can also download all version of a package by simply using a * as the version:

# oss-download pkg:pypi/django@*
Enter fullscreen mode Exit fullscreen mode

OSS Gadget supports Cargo, Cocoapods, Composer, CPAN, CRAN, RubyGems, Go, GitHub, Hackage, Maven, npm, NuGet, PyPI, Ubutnu, and the Visual Studio Marketplace.

We hope OSS Gadget is useful; if you run into any trouble, please open an issue.

profile
Hostinger
 Promoted

Hostinger image

Get n8n VPS hosting 3x cheaper than a cloud solution

Get fast, easy, secure n8n VPS hosting from $4.99/mo at Hostinger. Automate any workflow using a pre-installed n8n application and no-code customization.

Start now

Top comments (0)

Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

meg-io profile image

Never Be Confused by JavaScript's "this" Again

Meg -

calvinceawitim profile image

Build AI-Powered Smart Form Filling App Using WPF PDF Viewer

Calvince Moth -

nr18 profile image

Optimizing OpenSearch Ingestion: Ensuring Reliability, Efficiency, and Cost Savings

Joris Conijn -

keyboardinterrupt profile image

Service/Project Evaluation and Integration Checklist

KeyboardInterrupt -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay