CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

depsdev

CLI client (and Golang module) for deps.dev API.
Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Coded with 💙 by edoardottt

go action go report card
Share on Twitter!

InstallGet StartedExamplesChangelogContributingLicense

Install 📡

Using Snap

sudo snap install depsdev

Using Go

go install github.com/edoardottt/[email protected]

Get Started 🎉

Usage:
  depsdev [command]

Available Commands:
  advisory    Get info about an (OSV) advisory
  completion  Generate the autocompletion script for the specified shell
  deps        Get info about a package's dependencies
  graph       Generate a Graphviz compatible dependencies graph
  help        Help about any command
  info        Get info about a package or a specific version of that
  project     Get info about a project (GitHub, GitLab, or BitBucket)
  query       Get info about multiple package versions using a query

Flags:
  -h, --help   help for depsdev

Use "depsdev [command] --help" for more information about a command.

Examples 💡

Note The supported package managers are go, npm, cargo, maven, pypi, nuget. For more information read the API documentation.


Get information about a package, including a list of its available versions, with the default version marked if known.

depsdev info npm @colors/colors

Get information about a specific package version including its licenses and any security advisories known to affect it.

depsdev info npm @colors/colors 1.5.0

Get information about a resolved dependency graph for the given package version.

depsdev deps npm @colors/colors 1.5.0

Get information about projects hosted by GitHub, GitLab, or BitBucket (if available).

depsdev project github.com/facebook/react

Get information about security advisories hosted by OSV.

depsdev advisory GHSA-2qrg-x229-3v8q

Get information about multiple package versions, which can be specified by name, content hash, or both.

depsdev query "versionKey.system=NPM&versionKey.name=react&versionKey.version=18.2.0"

Generate a Graphviz compatible dependencies graph for a specific version of a package.

depsdev graph npm slice-ansi 6.0.0

Use depsdev as a Go module

import (
    "fmt"
    "github.com/edoardottt/depsdev/pkg/depsdev"
)

func main() {
    i, err := depsdev.GetInfo("npm", "defangjs")
    if err != nil {
    	fmt.Println(err)
    }
    
    fmt.Println(i)
}

Changelog 📌

Detailed changes for each release are documented in the release notes.

Contributing 🛠

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

The HTTP client implementation is partially taken from @liamg/hackerone.

License 📝

This repository is under Apache2.0 License.
edoardoottavianelli.it to contact me.

Owner
vrenzolaverace
Cybersecurity M.Sc. | Security Researcher | Open Source enthusiast
vrenzolaverace
Similar Resources

Find vulnerable versions of Log4j on Linux

log4jtool Find vulnerable versions of Log4j on Linux This tool does not change a

Jan 14, 2022

A detector for the Trojan Source and other unicode-based vulnerabilities.

Trojan Source Detector This application detects Trojan Source attacks in source code. It can be used as part of the CI system to make sure there are n

Jan 6, 2022

A fast and easy to use URL health checker ⛑️ Keep your links healthy during tough times

A fast and easy to use URL health checker ⛑️ Keep your links healthy during tough times

AreYouOK? A minimal, fast & easy to use URL health checker Who is AreYouOk made for ? OSS Package Maintainers 📦️

Oct 7, 2022

The most complete TigoPesa API Wrapper written in golang with zero external dependencies. Supports Push Pay, C2B and B2C.

tigopesa tigopesa is open source fully compliant tigo pesa client written in golang contents usage example projects links contributors sponsors usage

Jan 9, 2022

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side (

Database protection suite with field level encryption and intrusion detection. | Acra Engineering Examples | Documentation | Installation | Examples a

Dec 28, 2022

A CLI tool that can be used to disrupt wireless connectivity in your area by jamming all the wireless devices connected to multiple access points.

sig-716i A CLI tool written in Go that can be used to disrupt wireless connectivity in the area accessible to your wireless interface. This tool scans

Oct 14, 2022

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index

Nancy nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index, and as well, works with Nexus IQ Server

Dec 22, 2022

Use golang.org/x/vuln to scan your dependencies

vulnz - Use golang.org/x/vuln to scan your dependencies vulnz uses golang.org/x/vuln to scan the dependencies in your go.mod. Install go install githu

Oct 10, 2022
Scan and analyze OSS dependencies and licenses from compiled Go binaries
Scan and analyze OSS dependencies and licenses from compiled Go binaries

golicense - Go Binary OSS License Scanner golicense is a tool that scans compiled Go binaries and can output all the dependencies, their versions, and

Nov 6, 2022
WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions

Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn

Nov 20, 2022
Health-go - Web based app for health tracking and monitoring (Go port)

Health Web based app for health tracking and monitoring. Work in progress. Installation Clone the repository: git clone [email protected]:jonathantorr

Dec 31, 2021
Small utility package for stealing tokens from other processes and using them in current threads, or duplicating them and starting other processes

getsystem small utility for impersonating a user in the current thread or starting a new process with a duplicated token. must already be in a high in

Dec 24, 2022
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

Dec 27, 2022
PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Dec 30, 2022
Web-Security-Academy - Web Security Academy, developed in GO

Web-Security-Academy - Web Security Academy, developed in GO

Feb 23, 2022
A Go Module to interact with Passbolt, a Open source Password Manager for Teams

go-passbolt A Go Module to interact with Passbolt, a Open source Password Manager for Teams This Module tries to Support the Latest Passbolt Community

Oct 29, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

Nov 17, 2022
Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

Dec 28, 2021