{"id":17459071,"url":"https://github.com/arjunattam/resolve-packages","last_synced_at":"2025-09-17T20:25:27.952Z","repository":{"id":71618991,"uuid":"176387554","full_name":"arjunattam/resolve-packages","owner":"arjunattam","description":null,"archived":false,"fork":false,"pushed_at":"2022-12-08T04:53:24.000Z","size":17,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-18T07:17:26.413Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arjunattam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-18T23:49:53.000Z","updated_at":"2019-03-20T20:23:03.000Z","dependencies_parsed_at":"2023-02-23T20:45:41.120Z","dependency_job_id":null,"html_url":"https://github.com/arjunattam/resolve-packages","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/arjunattam/resolve-packages","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arjunattam%2Fresolve-packages","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arjunattam%2Fresolve-packages/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arjunattam%2Fresolve-packages/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arjunattam%2Fresolve-packages/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arjunattam","download_url":"https://codeload.github.com/arjunattam/resolve-packages/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arjunattam%2Fresolve-packages/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275658184,"owners_count":25504774,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-17T02:00:09.119Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-18T04:41:56.012Z","updated_at":"2025-09-17T20:25:27.912Z","avatar_url":"https://github.com/arjunattam.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# resolve-packages\n\nScript to resolve npm package versions to commits.\n\n## Usage\n\nSetup dependencies (requires pipenv):\n\n```\npipenv\n```\n\nTo run on a specific package version (for `request@2.88.0` in `npm`):\n\n```\npipenv run python resolve.py npm request 2.88.0\n```\n\nTo download [most depended upon packages](https://www.npmjs.com/browse/depended) and run all:\n\n```\npipenv run python resolve.py npm\n```\n\n```\npipenv run python resolve.py nuget\n```\n\nTo run with GitHub PAT, set a environment variable `GITHUB_TOKEN` with the PAT, and then run the same script.\n\n## Output\n\nExample output on most depended upon NPM packages (32/36 resolved):\n\n```\nlodash: 4.17.11 resolved to 0843bd46ef805dd03c0c8d804630804f3ba0ca3c\nrequest: 2.88.0 resolved to 642024036379239a7fa29c27ef7bb4dd3fa3b3a4\nchalk: 2.4.2 resolved to 9776a2ae5b5b1712ccf16416b55f47e575a81fb9\nreact: 16.8.4 resolved to d8a73b5eb6c7217850103193635ff1b556925ed5\nexpress: 4.16.4 resolved to dc538f6e810bd462c98ee7e6aae24c64d4b1da93\ncommander: 2.19.0 resolved to 78b7dbd18aabc23ccc9d151db411913237a3c483\nmoment: 2.24.0 resolved to 96d0d6791ab495859d09a868803d31a55c917de1\nasync: 2.6.2 resolved to eaf32be0e94f62fddc83d8550814e30a4be66a3c\ndebug: 4.1.1 resolved to 68b4dc8d8549d3924673c38fccc5d594f0a38da1\nbluebird: 3.5.3 resolved to 50bc72e561f55c4e4118988186516ee19d18cf28\nprop-types: 15.7.2 resolved to 953ed9beb0f15498cd7e6e25c90f7cadd5f2149a\nreact-dom: 16.8.4 resolved to d8a73b5eb6c7217850103193635ff1b556925ed5\nfs-extra: 7.0.1 resolved to a32c85282185aa008759890cce059594e4348262\nunderscore: 1.9.1 resolved to ae037f7c41323807ae6f1533c45512e6d31a1574\naxios: 0.18.0 resolved to d59c70fdfd35106130e9f783d0dbdcddd145b58f\ntslib: 1.9.3 resolved to 9dd9aa322c893e5e0b3f1609b1126314ccf37bbb\nuuid: 3.3.2 resolved to fe4ae79c55af2c7cbf2bb39d3bcb6716d5367091\nmkdirp: 0.5.1 resolved to d4eff0f06093aed4f387e88e9fc301cb76beedc7\nclassnames: found repo, cannot resolve 2.2.6 to commit\nbody-parser: 1.18.3 resolved to e6ccf98015fece0851c0c673fc2776c30ad79e5d\nglob: 7.1.3 resolved to 8882c8fccabbe459465e73cc2581e121a5fdd25b\nbabel-runtime: found repo, cannot resolve 6.26.0 to commit\ncolors: 1.3.3 resolved to b63ef88e521b42920a9e908848de340b31e68c9d\nyargs: 13.2.2 resolved to e7f29379707f9e3d5eb6edc09ba278f53cc7db74\nwebpack: 4.29.6 resolved to 685a0626cb10664133ef2fb2e2f9f4cb3971402a\nrxjs: 6.4.0 resolved to d3e7e3f299e277b077602d26c59dab40ef0e1dba\nvue: 2.6.9 resolved to 43115e09e98d484a35f7c12249396b6d5d66c7ff\njquery: 3.3.1 resolved to 32b00373b3f42e5cdcb709df53f3b08b7184a944\nminimist: 1.2.0 resolved to dc624482fcfec5bc669c68cdb861f00573ed4e64\ninquirer: found repo, cannot resolve 6.2.2 to commit\nbabel-core: found repo, cannot resolve 6.26.3 to commit\nyeoman-generator: 3.2.0 resolved to 3bbeef0f8eebd02e9459734c9a3d9c6732a47d14\nthrough2: 3.0.1 resolved to d0696e4be57337c5742ac6fe9d20892a2ab78b2e\naws-sdk: 2.423.0 resolved to aca7cf991add5fb7fcb98aebaf08edf421094a47\nredux: 4.0.1 resolved to c5d87d95f3b9b0ebdb57791f69b53d8507cebbed\nbabel-loader: 8.0.5 resolved to 20c9e0eef9e62e7041a42c71509486cc44bbcb5a\n```\n\nNPM next 36 (33/36 resolved):\n\n```\nq: 1.5.1 resolved to c2f5a6f35456389a806acca50bfd929cbe30c4cb\nwinston: 3.2.1 resolved to 49ccdb6604ecce590eda2915b130970ee0f1b6a3\ndotenv: 7.0.0 resolved to 72fb66b051280ef5c2cc40ce4962ac4601f7f515\nsemver: 5.6.0 resolved to 46727afbe21b8d14641a0d1c4c7ee58bd053f922\ncheerio: 1.0.0-rc.2 resolved to 48eae25c93702a29b8cd0d09c4a2dce2f912d1f4\nrimraf: 2.6.3 resolved to 9442819908e52f2c32620e8fa609d7a5d472cc2c\ncss-loader: 2.1.1 resolved to bc16c3db953dbf4d711753fbb0cc60253def6916\neslint: 5.15.3 resolved to a6168f85f9017332777b2bac5af8c4a979e06298\ncore-js: 2.6.5 resolved to e778e8026aed8a58f93f1ee4e3192cd1a7d7bdf5\n@angular/core: 7.2.9 resolved to 5abb9360d822ad98a7905d11ff89e42e80050c6a\nreact-redux: 6.0.1 resolved to 162b81a3fffe75ff6181b711777067ba6e63a34b\ntypescript: 3.3.3333 resolved to b145eaf160e6b2729aaacb89856bc2346f85ac4c\nshelljs: 0.8.3 resolved to d4d1317ce62531fbd49085852b8492db3dd39312\nstyle-loader: 0.23.1 resolved to 80039665d612248535557c41de03a5aa377484a8\n@types/node: repository url not resolved\n@angular/common: 7.2.9 resolved to 5abb9360d822ad98a7905d11ff89e42e80050c6a\njs-yaml: 3.12.2 resolved to e4267fc733452d074a3e494fb5cab2a07c7e6b87\nzone.js: 0.8.29 resolved to ce9c2e056e1393e2d5e01be688f4cbf6d174ce15\nobject-assign: 4.1.1 resolved to a89774b252c91612203876984bbd6addbe3b5a0e\ngulp: 4.0.0 resolved to 55eb23a268dcc7340bb40808600fd4802848c06f\nbabel-polyfill: found repo, cannot resolve 6.26.0 to commit\nramda: 0.26.1 resolved to 6709cb8beca00178d2288f79568cc5ca9e95d2f5\nbabel-preset-es2015: found repo, cannot resolve 6.24.1 to commit\nbabel-eslint: 10.0.1 resolved to 4cf0a21a4b12e64ce4012bbfcc62d0d969053f8b\ngulp-util: 3.0.8 resolved to 28c2aa2a3f8782a995b47ed051ab52885c705024\n@angular/platform-browser: 7.2.9 resolved to 5abb9360d822ad98a7905d11ff89e42e80050c6a\nfile-loader: 3.0.1 resolved to 011cc38d4ed470729ff0fbc6c1d7146896603598\nrequest-promise: 4.2.4 resolved to 4e3b7ed87ae9a120aae2c4613e93aec3f8a615a9\nnode-fetch: 2.3.0 resolved to 5367fe6a978e01745e4264384a91140dc99a4bf8\nmongoose: 5.4.19 resolved to 5e47d8be8b35599e4997d5f2ef88ef19c7853a32\n@angular/compiler: 7.2.9 resolved to 5abb9360d822ad98a7905d11ff89e42e80050c6a\nhandlebars: 4.1.1 resolved to f691db546e7563e1db3437d5a72f478f9e556714\nmocha: 6.0.2 resolved to 00a895f6ad9c1e4c5500851d6ff875e8254a5e06\nmongodb: 3.1.13 resolved to c6f417e5fe54691783bccc466e7703a5d380739e\n@angular/forms: 7.2.9 resolved to 5abb9360d822ad98a7905d11ff89e42e80050c6a\n@angular/platform-browser-dynamic: 7.2.9 resolved to 5abb9360d822ad98a7905d11ff89e42e80050c6a\n```\n\nNuGet top 100 (65/100 resolved):\n\n```\nnewtonsoft.json: 12.0.1 resolved to 509643a8\ncastle.core: 4.3.1 resolved to 1ba6c894\nmoq: 4.10.1 resolved to 8acf1c88\nserilog: 2.8.0 resolved to 870feca6\nxunit.extensibility.core: 2.4.1 resolved to c54cc52f\nxunit.abstractions: found repo, cannot resolve 2.0.3 to commit\nxunit.assert: 2.4.1 resolved to c54cc52f\nxunit.extensibility.execution: 2.4.1 resolved to c54cc52f\nxunit.core: 2.4.1 resolved to c54cc52f\nxunit: 2.4.1 resolved to c54cc52f\nmicrosoft.entityframeworkcore.abstractions: found repo, cannot resolve 2.2.3 to commit\nmicrosoft.entityframeworkcore.analyzers: found repo, cannot resolve 2.2.3 to commit\nautomapper: 8.0.0 resolved to af60a492\nxunit.runner.visualstudio: 2.4.1 resolved to c54cc52f\nnunit: found repo, cannot resolve 3.11.0 to commit\nxunit.analyzers: found repo, cannot resolve 0.10.0 to commit\nawssdk.core: found repo, cannot resolve 3.3.32.2 to commit\nswashbuckle.aspnetcore.swagger: 4.0.1 resolved to 28e8673e\nswashbuckle.aspnetcore.swaggergen: 4.0.1 resolved to 28e8673e\njquery: could not resolve to url or version\nautofac: 4.9.1 resolved to 831973f4\nswashbuckle.aspnetcore.swaggerui: 4.0.1 resolved to 28e8673e\nnlog: 4.5.11 resolved to 5d14e566\nfluentassertions: 5.6.0 resolved to 6cf1d347\nswashbuckle.aspnetcore: 4.0.1 resolved to 28e8673e\nmicrosoft.aspnetcore.connections.abstractions: 2.2.0 resolved to 5db63947\nlog4net: could not resolve to url or version\ndapper: 1.60.1 resolved to b520e26a\nrestsharp: found repo, cannot resolve 106.6.9 to commit\nsystem.interactive.async: found repo, cannot resolve 3.2.0 to commit\nantlr: 3.5.0.2 resolved to dd3bb201\nowin: found repo, cannot resolve 1.0.0 to commit\npolly: found repo, cannot resolve 7.1.0 to commit\nserilog.extensions.logging: found repo, cannot resolve 2.0.2 to commit\nidentitymodel: 3.10.6 resolved to 653d4b09\nnunit3testadapter: found repo, cannot resolve 3.13.0 to commit\nserilog.sinks.file: could not resolve to url or version\nremotion.linq: could not resolve to url or version\nserilog.sinks.console: 3.1.1 resolved to e43ff813\nmicrosoft.identitymodel.jsonwebtokens: 5.4.0 resolved to 4d5d77d9\nbootstrap: could not resolve to url or version\nfluentvalidation: could not resolve to url or version\nmicrosoft.aspnetcore.http.connections.common: 1.1.0 resolved to a9def470\nmicrosoft.aspnetcore.signalr.protocols.json: 1.1.0 resolved to a9def470\nwebactivatorex: found repo, cannot resolve 2.2.0 to commit\nstackexchange.redis: found repo, cannot resolve 2.0.571 to commit\nmicrosoft.aspnetcore.http.connections: 1.1.0 resolved to a9def470\nmodernizr: could not resolve to url or version\nmicrosoft.aspnetcore.identity.ui: 2.2.0 resolved to 99f352a9\njquery.validation: could not resolve to url or version\nawssdk.s3: found repo, cannot resolve 3.3.31.24 to commit\nmicrosoft.aspnetcore.mvc.analyzers: 2.2.0 resolved to a6199bbf\nnpgsql: 4.0.5 resolved to 12f62263\nunity: found repo, cannot resolve 5.10.1 to commit\ncommonservicelocator: found repo, cannot resolve 2.0.4 to commit\nsqlitepclraw.core: 1.1.13 resolved to 5895fe88\nrabbitmq.client: could not resolve to url or version\nhtmlagilitypack: 1.11.0 resolved to d2e75820\nstackexchange.redis.strongname: 1.2.6 resolved to 90236efc\nmicrosoft.aspnetcore.app: 2.2.3 resolved to fbe49b39\nsqlitepclraw.bundle_green: 1.1.13 resolved to 5895fe88\nelasticsearch.net: 6.5.1 resolved to caf150d3\nsqlitepclraw.lib.e_sqlite3.v110_xp: 1.1.13 resolved to 5895fe88\nsqlitepclraw.lib.e_sqlite3.osx: 1.1.13 resolved to 5895fe88\nserilog.aspnetcore: 2.1.1 resolved to 5fb585de\nsqlitepclraw.lib.e_sqlite3.linux: 1.1.13 resolved to 5895fe88\nserilog.sinks.periodicbatching: 2.1.1 resolved to 16c50371\nmicrosoft.extensions.hosting: 2.2.0 resolved to 0724e6cd\ncsvhelper: 12.1.2 resolved to 89edc486\nserilog.settings.configuration: 3.0.1 resolved to 008a61e3\nnsubstitute: could not resolve to url or version\nserilog.sinks.rollingfile: could not resolve to url or version\ndocumentformat.openxml: 2.9.1 resolved to 2157ec80\nselenium.webdriver: could not resolve to url or version\nmongodb.bson: could not resolve to url or version\ngoogle.protobuf: 3.7.0 resolved to 582743bf\nstylecop.analyzers: 1.0.2 resolved to 21559d87\nsharpziplib: 1.1.0 resolved to 45347c34\nautofixture: 4.8.0 resolved to 98c5a270\nmongodb.driver.core: could not resolve to url or version\nmongodb.driver: could not resolve to url or version\nsqlitepclraw.provider.e_sqlite3.netstandard11: 1.1.13 resolved to 5895fe88\nswashbuckle.core: 5.6.0 resolved to 0996fa33\nrespond: 1.4.2 resolved to 20b7f4a1\nautomapper.extensions.microsoft.dependencyinjection: 6.0.0 resolved to 1a346cdc\nmicrosoft.aspnetcore.hostfiltering: 2.2.0 resolved to 2d3ad1cb\nsystem.net.websockets.websocketprotocol: could not resolve to url or version\nmicrosoft.extensions.http: 2.2.0 resolved to 6619149a\ngoogle.apis.core: 1.38.0 resolved to a696b98a\nnewtonsoft.json.bson: 1.0.2 resolved to a1db9267\ngoogle.apis: 1.38.0 resolved to a696b98a\ngoogle.apis.auth: 1.38.0 resolved to a696b98a\nnodatime: 2.4.4 resolved to a3ce3a01\nselenium.support: could not resolve to url or version\nautofac.extensions.dependencyinjection: 4.4.0 resolved to de6c51b5\ndotnet-xunit: 2.3.1 resolved to 8b319328\nprotobuf-net: 2.4.0 resolved to 1b5b6570\nhangfire.core: could not resolve to url or version\nportable.bouncycastle: found repo, cannot resolve 1.8.5 to commit\nswashbuckle: 5.6.0 resolved to 0996fa33\n```\n\n## Known issues\n\nGeneral assumptions\n\n1. Only github.com is considered as a code host\n2. Only latest version of the package is attempted for resolution to a commit\n\n`npm`\n\n1. Resolution to _a_ commit sha does not necessarily imply that it is the _correct_ commit sha. While this seems to be valid in most cases, `lodash` is an exception: the package published to npm is tagged as `{version}-npm`, which is different from the `{version}` (which we resolve to).\n2. Currently, we match version `A.B.C` with potential tag names: `A.B.C`, `vA.B.C`. The `inquirer` package uses `inquirer@A.B.C` tag naming convention.\n3. The tags API call on GitHub only looks at the first page right now, and this fails on the `babel-*@6.x` packages.\n\n`nuget`\n\n1. Some repository urls have `.git`, need to remove that\n2. Semver equality is breaking. For instance, NUnit has 3.11.0 on Nuget, but on GitHub it is 3.11.\n3. We are not fetching the latest version for all packages. To repro, run on one of the AWS SDK packages\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farjunattam%2Fresolve-packages","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farjunattam%2Fresolve-packages","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farjunattam%2Fresolve-packages/lists"}