{"id":20325776,"url":"https://github.com/aboutcode-org/dependency-inspector","last_synced_at":"2025-04-11T20:04:35.681Z","repository":{"id":141074245,"uuid":"83418266","full_name":"aboutcode-org/dependency-inspector","owner":"aboutcode-org","description":"A general purpose, mostly universal software package dependency resolver.","archived":false,"fork":false,"pushed_at":"2024-08-20T04:02:06.000Z","size":71,"stargazers_count":2,"open_issues_count":11,"forks_count":2,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-04-11T20:04:29.076Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aboutcode-org.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-28T10:11:43.000Z","updated_at":"2024-08-20T04:01:16.000Z","dependencies_parsed_at":"2024-08-20T07:07:26.763Z","dependency_job_id":null,"html_url":"https://github.com/aboutcode-org/dependency-inspector","commit_stats":null,"previous_names":["nexb/dependency-inspector","aboutcode-org/dependency-inspector"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fdependency-inspector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fdependency-inspector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fdependency-inspector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fdependency-inspector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aboutcode-org","download_url":"https://codeload.github.com/aboutcode-org/dependency-inspector/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248473129,"owners_count":21109628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T19:41:38.250Z","updated_at":"2025-04-11T20:04:35.655Z","avatar_url":"https://github.com/aboutcode-org.png","language":"Go","readme":"===================\nDepLock\n===================\n\n|license| |version| |build|\n\n.. |license| image:: https://img.shields.io/badge/License-Apache--2.0-blue.svg?style=for-the-badge\n :target: https://opensource.org/licenses/Apache-2.0\n\n.. |version| image:: https://img.shields.io/github/v/release/nexB/dependency-inspector?style=for-the-badge\n\n.. |build| image:: https://img.shields.io/github/actions/workflow/status/nexB/dependency-inspector/ci.yml?style=for-the-badge\u0026logo=github\n\n**DepLock** (Dependency Locker) is a command line tool to generate package lockfiles,\nand parsable package manifests to make it possible and easy to collect resolved dependencies\nand accurate metadata for a project. It uses the standard package management tool for\neach package type or ecosystem.\n\nThis tool is designed for use before a scan and is deployed as a single,\nstandalone executable file. It should be running in a shell or command prompt\nconfigured to run the project build, with all required package management tools\npre-installed and configured.\n\nThe main usage is to run as a front command before a ScanCode.io or ScanCode Toolkit scan\nbut it is generic and can be used with any other tool.\n\nSee this tutorial on how to Analyze Codebase End-to-End with DepLock, ScanCode.io and DejaCode\nhttps://scancodeio.readthedocs.io/en/latest/tutorial_cli_end_to_end_scanning_to_dejacode.html.\n\nSupported Ecosystems\n=====================\n\n- **npm**: https://www.npmjs.com/\n- **pnpm**: https://pnpm.io/\n- **yarn**: https://yarnpkg.com/\n- **swift**: https://www.swift.org/documentation/package-manager/\n- **cocoapods**: https://cocoapods.org/\n- **pypi**: https://pypi.org/\n- **nuget**: https://www.nuget.org/\n\n\nInstallation\n============\n\nTo install DepLock, follow these steps:\n\n.. code-block:: bash\n\n # Download the latest binary depending on your OS and architecture\n # Replace \u003cOS\u003e with your operating system (linux, darwin, windows)\n # Replace \u003cARCH\u003e with your architecture (amd64, arm64)\n curl -LO https://github.com/aboutcode-org/dependency-inspector/releases/latest/download/deplock-\u003cOS\u003e-\u003cARCH\u003e\n\n # Make the binary executable\n chmod +x deplock-\u003cOS\u003e-\u003cARCH\u003e\n\n # [Optional] Rename and move the binary to your PATH\n mv deplock-\u003cOS\u003e-\u003cARCH\u003e /usr/local/bin/deplock\n\nAlternatively you can build it from source as exaplained below.\n\n\nRequirements\n============\n\nTo use DepLock, you need to ensure that you have installed and configured\nthe package manager(s) your project needs.\n\nFor instance, `npm` must be installed to generate `npm` lockfiles.\n\n\nUsage\n=======\n\nHere is how to get started and use the various commands:\n\n.. code-block:: bash\n\n # Display the general help for DepLock\n deplock --help\n\n # Display help for a specific command\n deplock [command] --help\n\nExample\n-------\n\nGenerating lockfile for an npm project:\n\n.. code-block:: bash\n\n # Generate lockfile in the current directory\n deplock npm\n\n # Generate lockfile in specified directory\n deplock npm /path/to/project\n\n # Forcefully generate lockfile, ignoring existing lockfiles\n deplock npm /path/to/project --force\n\n\nContribution\n=============\n\nWe welcome contributions from the community! If you find a bug or have an idea for a new feature,\nplease open an issue on the GitHub repository. If you want to contribute code, you can fork the\nrepository, make your changes, and submit a pull request.\n\n- Please try to write a good commit message, see `good commit message wiki.\n \u003chttps://aboutcode.readthedocs.io/en/latest/contributing/writing_good_commit_messages.html\u003e`_\n- Add DCO Sign Off to your commits.\n\nDevelopment setup\n------------------\nRun these commands, starting from a git clone of https://github.com/aboutcode-org/dependency-inspector.git\n\n.. code-block:: bash\n\n make dev\n\n- Compile and run:\n\n .. code-block:: bash\n\n $ go run main.go\n\n- Create binary:\n\n .. code-block:: bash\n\n $ make build\n\n- Run tests:\n\n .. code-block:: bash\n\n $ make test\n\n\nLicense\n=======\n\nSPDX-License-Identifier: Apache-2.0\n\nDepLock is licensed under Apache License version 2.0.\n\n.. code-block:: none\n\n You may not use this software except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faboutcode-org%2Fdependency-inspector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faboutcode-org%2Fdependency-inspector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faboutcode-org%2Fdependency-inspector/lists"}