Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
CLI client (and Golang module) for deps.dev API.
💙
by edoardottt
Coded with
Install • Get Started • Examples • Changelog • Contributing • License
📡
Install Using Snap
sudo snap install depsdev
Using Go
go install github.com/edoardottt/[email protected]
🎉
Get Started Usage:
depsdev [command]
Available Commands:
advisory Get info about an (OSV) advisory
completion Generate the autocompletion script for the specified shell
deps Get info about a package's dependencies
graph Generate a Graphviz compatible dependencies graph
help Help about any command
info Get info about a package or a specific version of that
project Get info about a project (GitHub, GitLab, or BitBucket)
query Get info about multiple package versions using a query
Flags:
-h, --help help for depsdev
Use "depsdev [command] --help" for more information about a command.
💡
Examples Note The supported package managers are go, npm, cargo, maven, pypi, nuget. For more information read the API documentation.
Get information about a package, including a list of its available versions, with the default version marked if known.
depsdev info npm @colors/colors
Get information about a specific package version including its licenses and any security advisories known to affect it.
depsdev info npm @colors/colors 1.5.0
Get information about a resolved dependency graph for the given package version.
depsdev deps npm @colors/colors 1.5.0
Get information about projects hosted by GitHub, GitLab, or BitBucket (if available).
depsdev project github.com/facebook/react
Get information about security advisories hosted by OSV.
depsdev advisory GHSA-2qrg-x229-3v8q
Get information about multiple package versions, which can be specified by name, content hash, or both.
depsdev query "versionKey.system=NPM&versionKey.name=react&versionKey.version=18.2.0"
Generate a Graphviz compatible dependencies graph for a specific version of a package.
depsdev graph npm slice-ansi 6.0.0
Use depsdev as a Go module
import (
"fmt"
"github.com/edoardottt/depsdev/pkg/depsdev"
)
func main() {
i, err := depsdev.GetInfo("npm", "defangjs")
if err != nil {
fmt.Println(err)
}
fmt.Println(i)
}
📌
Changelog Detailed changes for each release are documented in the release notes.
🛠
Contributing Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
If there aren't errors, go ahead :)
The HTTP client implementation is partially taken from @liamg/hackerone.
📝
License This repository is under Apache2.0 License.
edoardoottavianelli.it to contact me.