A Go library for creating and manipulating graph data structures.
This Go-based graph library is designed for versatility, performance, and extensibility, leveraging generics to handle various graph-related operations seamlessly. Key features include:
- Generics-Based Design: Leverages Go generics for a flexible and type-safe graph interface supporting custom vertex and edge types.
- Trait-Driven Configuration: Supports traits such as directed/undirected, weighted, acyclic, rooted, and multigraph properties.
- Comprehensive Graph Operations: Provides efficient algorithms for CRUD operations, set operations, adjacency/predecessor maps, and graph cloning.
- Traversal and Pathfinding: Implements breadth-first, depth-first, and shortest-path algorithms. Supports minimum and maximum spanning tree computation.
- Graph Metrics: Offers centrality measures (degree, closeness, betweenness, eigenvector), clustering coefficients, density, diameter, and average path length.
- Community and Ranking Analysis: Includes modularity and PageRank calculations for advanced graph analysis.
- Cycle Management: Prevents cycles in acyclic graphs during edge additions.
- Streaming Support: Enables paginated streaming of vertices and edges with context management for cancellation and resumption.
- Customizable Input/Output: Supports flexible graph serialization and custom reader/writer implementations.
- Concurrency Safe: Designed for thread-safe operations in multi-threaded environments.
- Lightweight and Efficient: Optimized for high performance with minimal overhead.
- Zero Dependencies: Lightweight implementation with no external dependencies beyond the standard library.
- Supports
io.ReaderInterface:- Graph Serialization: Export and import graphs to/from various formats for interoperability.
- Customizable Readers and Writers: Create tailored I/O operations for graph persistence.
Cosign is used to sign releases for integrity verification.
To verify the integrity of the release tarball, you can use Cosign to check the signature and checksums. Follow these steps:
# Fetch the latest release tag from GitHub API (e.g., "v0.12.0")
TAG=$(curl -s https://api.github.com/repos/sixafter/graph/releases/latest | jq -r .tag_name)
# Remove leading "v" for filenames (e.g., "v0.12.0" -> "0.12.0")
VERSION=${TAG#v}
# ---------------------------------------------------------------------
# Verify the source archive using Sigstore bundles
# ---------------------------------------------------------------------
# Download the release tarball and its signature bundle
curl -LO "https://github.com/sixafter/graph/releases/download/${TAG}/graph-${VERSION}.tar.gz"
curl -LO "https://github.com/sixafter/graph/releases/download/${TAG}/graph-${VERSION}.tar.gz.sigstore.json"
# Verify the tarball with Cosign using the published public key
cosign verify-blob \
--key "https://raw.githubusercontent.com/sixafter/graph/main/cosign.pub" \
--bundle "graph-${VERSION}.tar.gz.sigstore.json" \
"graph-${VERSION}.tar.gz"
# ---------------------------------------------------------------------
# Verify the checksums manifest using Sigstore bundles
# ---------------------------------------------------------------------
curl -LO "https://github.com/sixafter/graph/releases/download/${TAG}/checksums.txt"
curl -LO "https://github.com/sixafter/graph/releases/download/${TAG}/checksums.txt.sigstore.json"
cosign verify-blob \
--key "https://raw.githubusercontent.com/sixafter/graph/main/cosign.pub" \
--bundle "checksums.txt.sigstore.json" \
"checksums.txt"
# ---------------------------------------------------------------------
# Confirm local artifact integrity
# ---------------------------------------------------------------------
shasum -a 256 -c checksums.txt
If valid, Cosign will output:
Verified OKTo validate that the Go module archive served by GitHub, go mod download, and the Go
proxy are all consistent, run the module-verify target. This performs a full cross-check
of the tag archive and module ZIPs to confirm they match byte-for-byte.
To install this package, run the following command:
go get -u github.com/sixafter/graphTo use the package in your Go project, import it as follows:
import "github.com/sixafter/graph"Contributions are welcome. See CONTRIBUTING
This project is licensed under the Apache 2.0 License. See LICENSE file.