pokeapi 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
pokeapi 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
pokeapi 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 BSD-3-Clause License
开发语言 Java
操作系统 跨平台
软件类型 开源软件
所属分类 大数据数据查询
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-11-23



build status data status deploy status License Backers on Open Collective Sponsors on Open Collective

A RESTful API for Pokémon - pokeapi.co

Beta GraphQL support is rolling out! Check out the GraphQL paragraph for more info.

Setup   pyVersion37

  • Download this source code into a working directory, be sure to use the flag --recurse-submodules to clone also our submodules.

  • Install the requirements using pip:

    make install
    # This will install all the required packages and libraries for using PokeAPI
  • Set up the local development environment using the following command:

    make setup
  • Run the server using the following command:

    make serve

Database setup

Start the Django shell by

python manage.py shell --settings=config.local

Run the build script with

from data.v2.build import build_all

Visit localhost:80/api/v2/ to see the running API!

Each time the build script is run, it will iterate over each table in the database, wipe it, and rewrite each row using the data found in data/v2/csv.

The option to build individual portions of the database was removed in order to increase performance of the build script.

If you ever need to wipe the database use this command:

make wipe_db

Docker and Compose   docker hub

There is also a multi-container setup, managed by Docker Compose. This setup allows you to deploy a production-like environment, with separate containers for each services and is recommended if you need to simply spin up PokéAPI.

Start everything by

make docker-setup

If you don't have make on your machine you can use the following commands

docker-compose up -d
docker-compose exec -T app python manage.py migrate --settings=config.docker-compose
docker-compose exec -T app sh -c 'echo "from data.v2.build import build_all; build_all()" | python manage.py shell --settings=config.docker-compose'

Browse localhost/api/v2/ or localhost/api/v2/pokemon/bulbasaur/ on port 80.


When you start PokéAPI with the above docker-compose setup, an Hasura Engine server is started as well. It's possible to track all the PokeAPI tables and foreign keys by simply

# hasura cli needs to be installed and available in your $PATH: https://hasura.io/docs/latest/graphql/core/hasura-cli/install-hasura-cli.html
# hasura cli's version has to be v2.0.0-alpha.5
make hasura-apply

When finished browse http://localhost:8080 and you will find the admin console. The GraphQL endpoint will be hosted at http://localhost:8080/v1/graphql.

A free public GraphiQL console is browsable at the address https://beta.pokeapi.co/graphql/console/. The relative GraphQL endpoint is accessible at https://beta.pokeapi.co/graphql/v1beta

A set of examples are provided in the directory /graphql/examples of this repository.

Kubernetes   k8s status

Kustomize files are provided in the folder https://github.com/PokeAPI/pokeapi/tree/master/Resources/k8s/kustomize/base/. Create and change your secrets:

cp Resources/k8s/kustomize/base/secrets/postgres.env.sample Resources/k8s/kustomize/base/secrets/postgres.env
cp Resources/k8s/kustomize/base/secrets/graphql.env.sample Resources/k8s/kustomize/base/secrets/graphql.env
cp Resources/k8s/kustomize/base/config/pokeapi.env.sample Resources/k8s/kustomize/base/config/pokeapi.env
# Edit the newly created files

Configure kubectl to point to a cluster and then run the following commands to start a PokéAPI service.

kubectl apply -k Resources/k8s/kustomize/base/
kubectl config set-context --current --namespace pokeapi # (Optional) Set pokeapi ns as the working ns
# Wait for the cluster to spin up
kubectl exec --namespace pokeapi deployment/pokeapi -- python manage.py migrate --settings=config.docker-compose # Migrate the DB
kubectl exec --namespace pokeapi deployment/pokeapi -- sh -c 'echo "from data.v2.build import build_all; build_all()" | python manage.py shell --settings=config.docker-compose' # Build the db
kubectl wait --namespace pokeapi --timeout=120s --for=condition=complete job/load-graphql # Wait for Graphql configuration job to finish

This k8s setup creates all k8s resources inside the Namespace pokeapi, run kubectl delete namespace pokeapi to delete them. It also creates a Service of type LoadBalancer which is exposed on port 80 and 443. Data is persisted on 12Gi of ReadWriteOnce volumes.


Official wrapper Repository Features
Node server-side PokeAPI/pokedex-promise-v2 Auto caching
Browser client-side PokeAPI/pokeapi-js-wrapper Auto caching, Image caching
Java/Kotlin PokeAPI/pokekotlin
Python 2/3 PokeAPI/pokepy Auto caching
Python 3 PokeAPI/pokebase Auto caching, Image caching
Wrapper Repository Features
PHP lmerotta/phpokeapi Auto caching, lazy loading
Ruby rdavid1099/poke-api-v2
.Net Standard mtrdp642/PokeApiNet Auto caching
Go mtslzr/pokeapi-go Auto caching
Dart prathanbomb/pokedart
Rust lunik1/pokerust Auto caching
Spring Boot dlfigueira/spring-pokeapi Auto caching
Swift kinkofer/PokemonAPI
Typescript server-side/client-side Gabb-c/Pokenode-ts Auto caching


Help to keep PokéAPI running! If you're using PokéAPI as a teaching resource or for a project, consider sending us a $10 donation to help keep the service up. We get 60 million requests a month!

Thank you to all our backers! Become a backer

Join Us On Slack!

Have a question or just want to discuss new ideas and improvements? Hit us up on slack. Consider talking with us here before creating new issue. This way we can keep issues here a bit more organized and helpful in the long run. Be excellent to each other 😄

Sign up easily!

Once you've signed up visit PokéAPI on Slack


This project exists thanks to all the people who contribute

All contributions are welcome: bug fixes, data contributions, recommendations.

Please see the issues on GitHub before you submit a pull request or raise an issue, someone else might have beat you to it.

To contribute to this repository:

  • Fork the project to your own GitHub profile

  • Download the forked project using git clone:

    git clone --recurse-submodules git@github.com:<YOUR_USERNAME>/pokeapi.git
  • Create a new branch with a descriptive name:

    git checkout -b my_new_branch
  • Write some code, fix something, and add a test to prove that it works. No pull request will be accepted without tests passing, or without new tests if new features are added.

  • Commit your code and push it to GitHub

  • Open a new pull request and describe the changes you have made.

  • We'll accept your changes after review.



As of October 2018, the v1 API has been removed from PokéAPI. For more information, see pokeapi.co/docs/v1.html.




{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
Django 跨站脚本漏洞
在 3.12.0 之前和 3.11.2 之前的 Django REST Framework 版本中发现了一个缺陷。使用可浏览的 API 查看器时,Django REST Framework 无法正确转义可能来自用户输入的某些字符串。这允许可以控制这些字符串的用户注入恶意<script> tags, leading to a cross-site-scripting (XSS) vulnerability.
CVE-2020-25626 MPS-2020-13801
2022-08-08 18:41
django-cors-headers 存在输入验证不恰当漏洞
django-cors-headers 是一个 Django 应用程序,用于处理跨域资源共享 (CORS) 所需的服务器标头。此软件包的受影响版本容易受到不正确验证的影响。
2022-08-08 18:41
Django Trunc和Extract方法存在 SQL 注入漏洞
Django 是一个 Python Web 框架。 如果没有对 kind / lookup_name 值进行安全性校验,则Trunc()和Extract()数据库函数会受到 SQL 注入的影响。 攻击者可利用该漏洞进行 SQL 注入攻击。 利用条件:代码中使用了 Trunc() 和 Extract() 方法,其中 kind 参数和lookup_name 参数可控
CVE-2022-34265 MPS-2022-19581
2022-08-08 18:41
0 评论
0 收藏