CLI client (and Golang module) for deps.dev API.
Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
Install β’ Get Started β’ Examples β’ Changelog β’ Contributing β’ License
sudo snap install depsdev
go install github.com/edoardottt/depsdev@latest
Usage:
depsdev [command]
Available Commands:
advisory Get info about an (OSV) advisory
completion Generate the autocompletion script for the specified shell
deps Get info about a package's dependencies
graph Generate a Graphviz compatible dependencies graph
help Help about any command
info Get info about a package or a specific version of that
packages Get info about a project's package versions (GitHub, GitLab, or BitBucket)
project Get info about a project (GitHub, GitLab, or BitBucket)
query Get info about multiple package versions using a query
reqs Get info about a package's requirements
Flags:
-h, --help help for depsdev
Use "depsdev [command] --help" for more information about a command.
Note The supported package managers are
go
,npm
,cargo
,maven
,pypi
andnuget
. For more information read the API documentation.
Get information about a package, including a list of its available versions, with the default version marked if known.
depsdev info npm @colors/colors
Get information about a specific package version including its licenses and any security advisories known to affect it.
depsdev info npm @colors/colors 1.5.0
Get information about a resolved dependency graph for the given package version.
depsdev deps npm @colors/colors 1.5.0
Get information about projects hosted by GitHub, GitLab, or BitBucket (if available).
depsdev project github.com/facebook/react
Get information about security advisories hosted by OSV.
depsdev advisory GHSA-2qrg-x229-3v8q
Get information about multiple package versions, which can be specified by name, content hash, or both.
depsdev query "versionKey.system=NPM&versionKey.name=react&versionKey.version=18.2.0"
Generate a Graphviz compatible dependencies graph for a specific version of a package.
depsdev graph npm slice-ansi 6.0.0
Get information about the package requirements for a given version in a system-specific format.
depsdev reqs npm slice-ansi 6.0.0
Returns known mappings between the requested project and package versions.
depsdev packages github.com/eslint/espree
You can use v3 or v3alpha.
Core features with a stability guarantee and deprecation policy. Recommended for most users.
package main
import (
"fmt"
"github.com/edoardottt/depsdev/pkg/depsdev/v3"
)
func main() {
client := depsdev.NewV3API()
i, err := client.GetInfo("npm", "defangjs")
if err != nil {
fmt.Println(err)
}
fmt.Println(i)
}
All the features of v3, with additional experimental features. May change in incompatible ways from time to time.
package main
import (
"fmt"
"github.com/edoardottt/depsdev/pkg/depsdev/v3alpha"
)
func main() {
client := depsdev.NewV3AlphaAPI()
i, err := client.GetInfo("npm", "defangjs")
if err != nil {
fmt.Println(err)
}
fmt.Println(i)
}
Read the full package documentation here
Detailed changes for each release are documented in the release notes.
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
If there aren't errors, go ahead :)
The HTTP client implementation is partially taken from @liamg/hackerone.
This repository is under Apache2.0 License.
edoardottt.com to contact me.