CLI client (and Golang module) for deps.dev API.
Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
Install • Get Started • Examples • Changelog • Contributing • License
sudo snap install depsdev
go install github.com/edoardottt/depsdev@latest
Usage:
depsdev [command]
Available Commands:
advisory Get info about an (OSV) advisory
completion Generate the autocompletion script for the specified shell
deps Get info about a package's dependencies
graph Generate a Graphviz compatible dependencies graph
help Help about any command
info Get info about a package or a specific version of that
packages Get info about a project's package versions (GitHub, GitLab, or BitBucket)
project Get info about a project (GitHub, GitLab, or BitBucket)
query Get info about multiple package versions using a query
reqs Get info about a package's requirements
Flags:
-h, --help help for depsdev
Use "depsdev [command] --help" for more information about a command.
Note The supported package managers are
go
,npm
,cargo
,maven
,pypi
andnuget
. For more information read the API documentation.
Get information about a package, including a list of its available versions, with the default version marked if known.
depsdev info npm @colors/colors
Get information about a specific package version including its licenses and any security advisories known to affect it.
depsdev info npm @colors/colors 1.5.0
Get information about a resolved dependency graph for the given package version.
depsdev deps npm @colors/colors 1.5.0
Get information about projects hosted by GitHub, GitLab, or BitBucket (if available).
depsdev project github.com/facebook/react
Get information about security advisories hosted by OSV.
depsdev advisory GHSA-2qrg-x229-3v8q
Get information about multiple package versions, which can be specified by name, content hash, or both.
depsdev query "versionKey.system=NPM&versionKey.name=react&versionKey.version=18.2.0"
Generate a Graphviz compatible dependencies graph for a specific version of a package.
depsdev graph npm slice-ansi 6.0.0
Get information about the package requirements for a given version in a system-specific format.
depsdev reqs npm slice-ansi 6.0.0
Returns known mappings between the requested project and package versions.
depsdev packages github.com/eslint/espree
You can use v3 or v3alpha.
Core features with a stability guarantee and deprecation policy. Recommended for most users.
package main
import (
"fmt"
"github.com/edoardottt/depsdev/pkg/depsdev/v3"
)
func main() {
client := depsdev.NewV3API()
i, err := client.GetInfo("npm", "defangjs")
if err != nil {
fmt.Println(err)
}
fmt.Println(i)
}
All the features of v3, with additional experimental features. May change in incompatible ways from time to time.
package main
import (
"fmt"
"github.com/edoardottt/depsdev/pkg/depsdev/v3alpha"
)
func main() {
client := depsdev.NewV3AlphaAPI()
i, err := client.GetInfo("npm", "defangjs")
if err != nil {
fmt.Println(err)
}
fmt.Println(i)
}
Read the full package documentation here
Detailed changes for each release are documented in the release notes.
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
If there aren't errors, go ahead :)
The HTTP client implementation is partially taken from @liamg/hackerone.
This repository is under Apache2.0 License.
edoardottt.com to contact me.