LinuxCommandLibrary

crane-ls

List content in remote container registries

TLDR

List the tags

$ crane ls [repository]
copy

Print the full image reference
$ crane ls [repository] --full-ref
copy

Omit digest tags
$ crane ls [[-o|--omit-digest-tags]]
copy

Display help
$ crane ls [[-h|--help]]
copy

SYNOPSIS

crane ls [OPTIONS] REPOSITORY

PARAMETERS

-h, --help
    Show help for crane ls

--insecure
    Skip TLS certificate verification for insecure registries

--platform
    string (repeatable); filter tags by OS/architecture (e.g., linux/amd64)

--pretty
    Pretty-print JSON output for human readability (default: compact JSONL)

--since
    string (RFC3339); show tags modified since date (e.g., 2023-01-01T00:00:00Z)

--until
    string (RFC3339); show tags modified before date (e.g., 2023-12-31T23:59:59Z)

DESCRIPTION

crane ls is a subcommand of the crane CLI tool from Google's go-containerregistry project, designed for efficient, low-overhead interactions with OCI-compliant container registries like Docker Hub, GCR, or Quay.io. It retrieves and displays all available tags for a specified repository without pulling image manifests or layers, making it perfect for tag discovery, inventory checks, and automation scripts.

By default, output is in JSON Lines (JSONL) format: each line is a JSON object with tag metadata, including tag name, digest (SHA256), os, architecture, size in bytes, and mediaType. This supports multi-platform images and provides canonical identifiers for precise referencing.

Key features include platform filtering to match build environments, date-range filtering via registry timestamps for recent/old tags, and pretty-printing for readability. It handles pagination for repositories with thousands of tags seamlessly via the OCI distribution spec. Authentication uses standard Docker config (~/.docker/config.json); anonymous access works for public repos.

Ideal for DevOps workflows, crane ls avoids the bloat of full container tools while offering speed and reliability across registries.

CAVEATS

Requires registry access; may fail on non-OCI compliant registries or without tags API support. Large repos (10k+ tags) can be slow due to pagination. No paging options; outputs all matching tags. Use crane auth login for private repos.

OUTPUT FORMAT

JSONL stream:
{
  "tag": "latest",
  "digest": "sha256:abc...",
  "os": "linux",
  "architecture": "amd64",
  "size": 123456
} per line.

EXAMPLE USAGE

crane ls --pretty docker.io/library/nginx
Lists all nginx tags human-readably.

crane ls --platform linux/arm64 gcr.io/myproj/app
Filters ARM64 tags.

HISTORY

Part of go-containerregistry by Google Container Tools; crane CLI debuted ~2019 (v0.1). crane ls introduced early for tag listing, evolving with OCI spec support. Actively maintained for cloud-native workflows.

SEE ALSO

crane(1), skopeo(1), regctl(1), podman(1)

Copied to clipboard