Skip to main content
const { commit } = await repo.getCommit({
  sha: "abc123def456...",
});

console.log(commit.message);
console.log(`${commit.authorName} <${commit.authorEmail}>`);
console.log(commit.date.toISOString());

Options

sha
string
required
Commit SHA to fetch metadata for. Any revision Git can resolve is accepted (full SHA, short SHA, branch name, tag).

Response

commit
object
Commit metadata. Extends the shape returned by listCommits() with two signature fields that are only populated on this single-commit endpoint:
  • sha
  • message
  • authorName, authorEmail
  • committerName, committerEmail
  • date (parsed Date in TypeScript, datetime in Python, time.Time in Go)
  • rawDate (RFC 3339 string as returned by the server)
  • signature — the armored signature taken from the commit’s signature header. Omitted for unsigned commits.
  • payload — the exact bytes the signature is computed over. Omitted for unsigned commits.
The signature/payload pair mirrors GitHub’s commit verification object, so you can verify a signature yourself by checking signature against payload:
TypeScript
const { commit } = await repo.getCommit({ sha: "abc123def456" });

if (commit.signature) {
  // `commit.payload` is the data the signature was computed over.
  verifyOpenPGP(commit.payload, commit.signature);
}

Notes

  • This endpoint does not compute or return the commit diff. Use getCommitDiff() when you need file changes as well.
  • For listing many commits at once, prefer listCommits() — the per-commit shape is identical except that signature and payload are only returned by getCommit().
  • signature and payload let clients verify commit signatures independently. The server enforces signatures at push time through the verify-sig branch-protection policy.