Skip to content

Latest commit

 

History

History
237 lines (164 loc) · 5.77 KB

README.md

File metadata and controls

237 lines (164 loc) · 5.77 KB

depsdev

CLI client (and Golang module) for deps.dev API.
Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Coded with 💙 by edoardottt

go action go report card
Share on Twitter!

InstallGet StartedExamplesChangelogContributingLicense

Install 📡

Using Snap

sudo snap install depsdev

Using Go

go install github.com/edoardottt/depsdev@latest

Get Started 🎉

Usage:
  depsdev [command]

Available Commands:
  advisory    Get info about an (OSV) advisory
  completion  Generate the autocompletion script for the specified shell
  deps        Get info about a package's dependencies
  graph       Generate a Graphviz compatible dependencies graph
  help        Help about any command
  info        Get info about a package or a specific version of that
  packages    Get info about a project's package versions (GitHub, GitLab, or BitBucket)
  project     Get info about a project (GitHub, GitLab, or BitBucket)
  query       Get info about multiple package versions using a query
  reqs        Get info about a package's requirements

Flags:
  -h, --help   help for depsdev

Use "depsdev [command] --help" for more information about a command.

Examples 💡

Note The supported package managers are go, npm, cargo, maven, pypi and nuget. For more information read the API documentation.

CLI


Get information about a package, including a list of its available versions, with the default version marked if known.

depsdev info npm @colors/colors

Get information about a specific package version including its licenses and any security advisories known to affect it.

depsdev info npm @colors/colors 1.5.0

Get information about a resolved dependency graph for the given package version.

depsdev deps npm @colors/colors 1.5.0

Get information about projects hosted by GitHub, GitLab, or BitBucket (if available).

depsdev project github.com/facebook/react

Get information about security advisories hosted by OSV.

depsdev advisory GHSA-2qrg-x229-3v8q

Get information about multiple package versions, which can be specified by name, content hash, or both.

depsdev query "versionKey.system=NPM&versionKey.name=react&versionKey.version=18.2.0"

Generate a Graphviz compatible dependencies graph for a specific version of a package.

depsdev graph npm slice-ansi 6.0.0

Get information about the package requirements for a given version in a system-specific format.

depsdev reqs npm slice-ansi 6.0.0

Returns known mappings between the requested project and package versions.

depsdev packages github.com/eslint/espree

Use depsdev as a Go module

You can use v3 or v3alpha.

v3

Core features with a stability guarantee and deprecation policy. Recommended for most users.

package main

import (
    "fmt"
    "github.com/edoardottt/depsdev/pkg/depsdev/v3"
)

func main() {
    client := depsdev.NewV3API()
    i, err := client.GetInfo("npm", "defangjs")
    if err != nil {
      fmt.Println(err)
    }
    
    fmt.Println(i)
}

v3alpha

All the features of v3, with additional experimental features. May change in incompatible ways from time to time.

package main

import (
    "fmt"
    "github.com/edoardottt/depsdev/pkg/depsdev/v3alpha"
)

func main() {
    client := depsdev.NewV3AlphaAPI()
    i, err := client.GetInfo("npm", "defangjs")
    if err != nil {
      fmt.Println(err)
    }
    
    fmt.Println(i)
}

Read the full package documentation here

Changelog 📌

Detailed changes for each release are documented in the release notes.

Contributing 🛠

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

The HTTP client implementation is partially taken from @liamg/hackerone.

License 📝

This repository is under Apache2.0 License.
edoardottt.com to contact me.