Skip to content

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

License

Notifications You must be signed in to change notification settings

edoardottt/depsdev

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

depsdev

CLI client (and Golang module) for deps.dev API.
Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Coded with πŸ’™ by edoardottt

go action go report card
Share on Twitter!

Install β€’ Get Started β€’ Examples β€’ Changelog β€’ Contributing β€’ License

Install πŸ“‘

Using Snap

sudo snap install depsdev

Using Go

go install github.com/edoardottt/depsdev@latest

Get Started πŸŽ‰

Usage:
  depsdev [command]

Available Commands:
  advisory    Get info about an (OSV) advisory
  completion  Generate the autocompletion script for the specified shell
  deps        Get info about a package's dependencies
  graph       Generate a Graphviz compatible dependencies graph
  help        Help about any command
  info        Get info about a package or a specific version of that
  packages    Get info about a project's package versions (GitHub, GitLab, or BitBucket)
  project     Get info about a project (GitHub, GitLab, or BitBucket)
  query       Get info about multiple package versions using a query
  reqs        Get info about a package's requirements

Flags:
  -h, --help   help for depsdev

Use "depsdev [command] --help" for more information about a command.

Examples πŸ’‘

Note The supported package managers are go, npm, cargo, maven, pypi and nuget. For more information read the API documentation.

CLI


Get information about a package, including a list of its available versions, with the default version marked if known.

depsdev info npm @colors/colors

Get information about a specific package version including its licenses and any security advisories known to affect it.

depsdev info npm @colors/colors 1.5.0

Get information about a resolved dependency graph for the given package version.

depsdev deps npm @colors/colors 1.5.0

Get information about projects hosted by GitHub, GitLab, or BitBucket (if available).

depsdev project github.com/facebook/react

Get information about security advisories hosted by OSV.

depsdev advisory GHSA-2qrg-x229-3v8q

Get information about multiple package versions, which can be specified by name, content hash, or both.

depsdev query "versionKey.system=NPM&versionKey.name=react&versionKey.version=18.2.0"

Generate a Graphviz compatible dependencies graph for a specific version of a package.

depsdev graph npm slice-ansi 6.0.0

Get information about the package requirements for a given version in a system-specific format.

depsdev reqs npm slice-ansi 6.0.0

Returns known mappings between the requested project and package versions.

depsdev packages github.com/eslint/espree

Use depsdev as a Go module

You can use v3 or v3alpha.

v3

Core features with a stability guarantee and deprecation policy. Recommended for most users.

package main

import (
    "fmt"
    "github.com/edoardottt/depsdev/pkg/depsdev/v3"
)

func main() {
    client := depsdev.NewV3API()
    i, err := client.GetInfo("npm", "defangjs")
    if err != nil {
      fmt.Println(err)
    }
    
    fmt.Println(i)
}

v3alpha

All the features of v3, with additional experimental features. May change in incompatible ways from time to time.

package main

import (
    "fmt"
    "github.com/edoardottt/depsdev/pkg/depsdev/v3alpha"
)

func main() {
    client := depsdev.NewV3AlphaAPI()
    i, err := client.GetInfo("npm", "defangjs")
    if err != nil {
      fmt.Println(err)
    }
    
    fmt.Println(i)
}

Read the full package documentation here

Changelog πŸ“Œ

Detailed changes for each release are documented in the release notes.

Contributing πŸ› 

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

The HTTP client implementation is partially taken from @liamg/hackerone.

License πŸ“

This repository is under Apache2.0 License.
edoardottt.com to contact me.