{"id":8395407,"name":"github.com/expr-lang/expr","ecosystem":"go","description":"","homepage":"https://github.com/expr-lang/expr","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/expr-lang/expr","keywords_array":[],"namespace":"github.com/expr-lang","versions_count":102,"first_release_published_at":"2018-07-16T19:39:32.000Z","latest_release_published_at":"2026-02-14T13:16:09.000Z","latest_release_number":"v1.17.8","last_synced_at":"2026-04-05T11:12:41.706Z","created_at":"2023-10-08T04:12:32.311Z","updated_at":"2026-04-06T12:08:02.888Z","registry_url":"https://pkg.go.dev/github.com/expr-lang/expr","install_command":"go get github.com/expr-lang/expr","documentation_url":"https://pkg.go.dev/github.com/expr-lang/expr#section-documentation","metadata":{},"repo_metadata":{"id":199828192,"uuid":"140958903","full_name":"expr-lang/expr","owner":"expr-lang","description":"Expression language and expression evaluation for Go","archived":false,"fork":false,"pushed_at":"2025-09-29T09:10:46.000Z","size":12021,"stargazers_count":7364,"open_issues_count":63,"forks_count":463,"subscribers_count":67,"default_branch":"master","last_synced_at":"2025-10-30T22:52:32.414Z","etag":null,"topics":["bytecode","configuration-language","engine","evaluator","expr","expression","expression-evaluator","expression-language","go","golang","rule-engine"],"latest_commit_sha":null,"homepage":"https://expr-lang.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/expr-lang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"antonmedv"}},"created_at":"2018-07-14T15:57:34.000Z","updated_at":"2025-10-30T20:54:11.000Z","dependencies_parsed_at":"2024-02-08T12:30:06.893Z","dependency_job_id":"952288a5-c07c-4ef4-9674-3044ea1d0599","html_url":"https://github.com/expr-lang/expr","commit_stats":{"total_commits":754,"total_committers":59,"mean_commits":"12.779661016949152","dds":"0.10212201591511938","last_synced_commit":"f631fd2c26c46dd10b9e3d494dfa703a4a6d7b1f"},"previous_names":["antonmedv/expr"],"tags_count":100,"template":false,"template_full_name":null,"purl":"pkg:github/expr-lang/expr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expr-lang%2Fexpr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expr-lang%2Fexpr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expr-lang%2Fexpr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expr-lang%2Fexpr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/expr-lang","download_url":"https://codeload.github.com/expr-lang/expr/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/expr-lang%2Fexpr/sbom","scorecard":{"id":199700,"data":{"date":"2025-08-11","repo":{"name":"github.com/expr-lang/expr","commit":"87df78319489e4c4e00bb3ac1256c63aa8bd63f1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.2,"checks":[{"name":"Code-Review","score":2,"reason":"Found 8/30 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"12 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/check.yml:1","Warn: no topLevel permission defined: .github/workflows/diff.yml:1","Info: found token with 'none' permissions: .github/workflows/fuzz.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: GoBuiltInFuzzer integration found: test/fuzz/fuzz_test.go:15"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/diff.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/diff.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/diff.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/diff.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fuzz.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/fuzz.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fuzz.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/fuzz.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/fuzz.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/fuzz.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/expr-lang/expr/test.yml/master?enable=pin","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (10) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T22:36:09.438Z","repository_id":199828192,"created_at":"2025-08-16T22:36:09.438Z","updated_at":"2025-08-16T22:36:09.438Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":283562410,"owners_count":26856284,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-09T02:00:05.828Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"expr-lang","name":"The Expr Expression Language","uuid":"144815908","kind":"organization","description":"","email":null,"website":"https://expr.medv.io","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/144815908?v=4","repositories_count":1,"last_synced_at":"2023-10-25T16:10:45.699Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/expr-lang","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2023-10-25T16:10:45.701Z","updated_at":"2023-10-25T16:10:45.701Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/expr-lang","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/expr-lang/repositories"},"tags":[]},"repo_metadata_updated_at":"2025-11-09T19:08:27.290Z","dependent_packages_count":301,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":10.615644193870308,"dependent_packages_count":8.386094507145135,"stargazers_count":0.9836035226252464,"forks_count":1.5287815102283866,"docker_downloads_count":null,"average":5.378530933467269},"purl":"pkg:golang/github.com/expr-lang/expr","advisories":[{"uuid":"GSA_kwCzR0hTQS1jZnBmLWhyeDItOHJ2Ns4ABP1g","url":"https://github.com/advisories/GHSA-cfpf-hrx2-8rv6","title":"Expr has Denial of Service via Unbounded Recursion in Builtin Functions","description":"Several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform\nrecursive traversal over user-provided data structures without enforcing a maximum recursion depth.\n\nIf the evaluation environment contains **deeply nested** or **cyclic** data structures, these functions may recurse\nindefinitely until exceed the Go runtime stack limit. This results in a **stack overflow panic**, causing the host\napplication to crash.\n\nWhile exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness.\nInstead of returning a recoverable evaluation error, the process may terminate unexpectedly.\n\n### Impact\n\nIn affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently\nvalidated data structures can lead to a **process-level crash** due to stack exhaustion.\n\nThis issue is most relevant in scenarios where:\n\n* Expr is used to evaluate expressions against externally supplied or dynamically constructed environments.\n* Cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs.\n* There are no application-level safeguards preventing deeply nested input data.\n\nIn typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting\npanic can be used to reliably crash the application, constituting a denial of service.\n\n### Patches\n\nThe issue has been fixed in the v1.17.7 versions of Expr.\n\nThe patch introduces a **maximum recursion depth limit** for affected builtin functions. When this limit is exceeded,\nevaluation aborts gracefully and returns a descriptive error instead of panicking.\n\nAdditionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate\ndeep structures to raise the limit in a controlled manner.\n\nUsers are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and\ncomprehensive test coverage to prevent regressions.\n\n### Workarounds\n\nFor users who cannot immediately upgrade, the following mitigations are recommended:\n\n* Ensure that evaluation environments cannot contain cyclic references.\n* Validate or sanitize externally supplied data structures before passing them to Expr.\n* Wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure).\n\nThese workarounds reduce risk but do not fully eliminate the issue without the patch.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-12-16T22:34:16.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6","https://nvd.nist.gov/vuln/detail/CVE-2025-68156","https://github.com/expr-lang/expr/pull/870","https://github.com/advisories/GHSA-cfpf-hrx2-8rv6"],"source_kind":"github","identifiers":["GHSA-cfpf-hrx2-8rv6","CVE-2025-68156"],"repository_url":null,"blast_radius":0.0,"created_at":"2025-12-16T23:00:07.436Z","updated_at":"2026-04-05T20:01:42.486Z","epss_percentage":0.00036,"epss_percentile":0.10522,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jZnBmLWhyeDItOHJ2Ns4ABP1g","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jZnBmLWhyeDItOHJ2Ns4ABP1g","packages":[{"ecosystem":"go","package_name":"github.com/expr-lang/expr","versions":[{"first_patched_version":"1.17.7","vulnerable_version_range":"\u003c 1.17.7"}],"purl":"pkg:go/github.com%2Fexpr-lang%2Fexpr"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jZnBmLWhyeDItOHJ2Ns4ABP1g/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05M21xLTlmZngtODNtMs4ABFj8","url":"https://github.com/advisories/GHSA-93mq-9ffx-83m2","title":"Memory Exhaustion in Expr Parser with Unrestricted Input","description":"### Impact\nIf the Expr expression parser is given an **unbounded input string**, it will attempt to compile the *entire* string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead to **excessive memory usage** and an **Out-Of-Memory (OOM) crash** of the process. This issue is relatively uncommon and will only manifest when there are **no restrictions on the input size**, i.e. the expression length is allowed to grow arbitrarily large. In typical use cases where inputs are bounded or validated, this problem would not occur.\n\n### Patches\n\nThe problem has been **patched** in the latest versions of the Expr library. The fix introduces compile-time limits on the number of AST nodes and memory usage during parsing, preventing any single expression from exhausting resources. Users should upgrade to **Expr version 1.17.0 or later**, as this release includes the new node budget and memory limit safeguards. Upgrading to v1.17.0 ensures that extremely deep or large expressions are detected and safely aborted during compilation, avoiding the OOM condition.\n\n### Workarounds\n\nFor users who cannot immediately upgrade, the recommended workaround is to **impose an input size restriction before parsing**. In practice, this means validating or limiting the length of expression strings that your application will accept. For example, set a maximum allowable number of characters (or nodes) for any expression and reject or truncate inputs that exceed this limit. By ensuring no unbounded-length expression is ever fed into the parser, you can prevent the parser from constructing a pathologically large AST and avoid potential memory exhaustion. In short, **pre-validate and cap input size** as a safeguard in the absence of the patch.\n\n### References\n\n- #762","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-03-17T21:26:22.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2","https://nvd.nist.gov/vuln/detail/CVE-2025-29786","https://github.com/expr-lang/expr/pull/762","https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e","https://github.com/advisories/GHSA-93mq-9ffx-83m2"],"source_kind":"github","identifiers":["GHSA-93mq-9ffx-83m2","CVE-2025-29786"],"repository_url":"https://github.com/expr-lang/expr","blast_radius":1.0,"created_at":"2025-03-17T22:07:27.698Z","updated_at":"2026-04-05T20:03:18.988Z","epss_percentage":0.00101,"epss_percentile":0.28055,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M21xLTlmZngtODNtMs4ABFj8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05M21xLTlmZngtODNtMs4ABFj8","packages":[{"ecosystem":"go","package_name":"github.com/expr-lang/expr","versions":[{"first_patched_version":"1.17.0","vulnerable_version_range":"\u003c 1.17.0"}],"purl":"pkg:go/github.com%2Fexpr-lang%2Fexpr"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M21xLTlmZngtODNtMs4ABFj8/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/expr-lang/expr","docker_dependents_count":7,"docker_downloads_count":15933571,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/expr-lang/expr","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/expr-lang/expr/dependencies","status":null,"funding_links":["https://github.com/sponsors/antonmedv"],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-30T22:52:32.820Z","issues_count":210,"pull_requests_count":195,"avg_time_to_close_issue":7283871.097560976,"avg_time_to_close_pull_request":3065965.6134969327,"issues_closed_count":123,"pull_requests_closed_count":163,"pull_request_authors_count":67,"issue_authors_count":137,"avg_comments_per_issue":1.8904761904761904,"avg_comments_per_pull_request":1.1025641025641026,"merged_pull_requests_count":109,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":62,"past_year_pull_requests_count":56,"past_year_avg_time_to_close_issue":1781163.15,"past_year_avg_time_to_close_pull_request":880321.0,"past_year_issues_closed_count":20,"past_year_pull_requests_closed_count":44,"past_year_pull_request_authors_count":19,"past_year_issue_authors_count":45,"past_year_avg_comments_per_issue":0.9032258064516129,"past_year_avg_comments_per_pull_request":0.75,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":34,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/expr-lang%2Fexpr/issues","maintainers":[{"login":"antonmedv","count":77,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antonmedv"}],"active_maintainers":[{"login":"antonmedv","count":13,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/antonmedv"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fexpr-lang%2Fexpr/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fexpr-lang%2Fexpr/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fexpr-lang%2Fexpr/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fexpr-lang%2Fexpr/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fexpr-lang%2Fexpr/codemeta","maintainers":[]}