{"id":13741444,"url":"https://github.com/bwireman/go-over","last_synced_at":"2025-10-28T15:07:38.796Z","repository":{"id":241958969,"uuid":"802661500","full_name":"bwireman/go-over","owner":"bwireman","description":"A tool to audit Erlang \u0026 Elixir dependencies, to make sure your ✨ gleam projects really sparkle!","archived":false,"fork":false,"pushed_at":"2025-04-05T15:44:19.000Z","size":3230,"stargazers_count":17,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-10T04:07:20.923Z","etag":null,"topics":["audit","beam","cli","dependencies","dependency","elixir","erlang","ghsa","gleam","javascript","security","security-audit","security-tools","tools","vulnerable"],"latest_commit_sha":null,"homepage":"https://hex.pm/packages/go_over","language":"Gleam","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bwireman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-18T22:58:19.000Z","updated_at":"2025-04-05T15:44:22.000Z","dependencies_parsed_at":"2024-08-24T23:26:36.931Z","dependency_job_id":"d4263bfb-d99c-4a08-9efe-93bc264b7fe7","html_url":"https://github.com/bwireman/go-over","commit_stats":null,"previous_names":["bwireman/go-over"],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwireman%2Fgo-over","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwireman%2Fgo-over/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwireman%2Fgo-over/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bwireman%2Fgo-over/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bwireman","download_url":"https://codeload.github.com/bwireman/go-over/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248154986,"owners_count":21056543,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","beam","cli","dependencies","dependency","elixir","erlang","ghsa","gleam","javascript","security","security-audit","security-tools","tools","vulnerable"],"created_at":"2024-08-03T04:00:59.253Z","updated_at":"2025-10-28T15:07:38.790Z","avatar_url":"https://github.com/bwireman.png","language":"Gleam","funding_links":[],"categories":["Gleam","Packages"],"sub_categories":["Project Tooling"],"readme":"# 🕵️‍♂️ go_over\n\n[![Package Version](https://img.shields.io/hexpm/v/go_over)](https://hex.pm/packages/go_over)\n[![Hex Docs](https://img.shields.io/badge/hex-docs-ffaff3)](https://hexdocs.pm/go_over/)\n[![mit](https://img.shields.io/github/license/bwireman/go-over?color=brightgreen)](https://github.com/bwireman/over/blob/main/LICENSE)\n[![gleam js](https://img.shields.io/badge/%20gleam%20%E2%9C%A8-js%20%F0%9F%8C%B8-yellow)](https://gleam.run/news/v0.16-gleam-compiles-to-javascript/)\n[![gleam erlang](https://img.shields.io/badge/erlang%20%E2%98%8E%EF%B8%8F-red?style=flat\u0026label=gleam%20%E2%9C%A8)](https://gleam.run)\n\nA tool to audit Erlang \u0026 Elixir dependencies, to make sure your ✨ gleam\nprojects really sparkle!\n\n🚨 _**NOTE**_: security advisories are _NOT_ currently monitored for gleam\ndependencies. The language, while excellent, is far too new and niche.\n\n⚠️ Dependencies sourced directly from git or locally have limited support, only\nchecking for security advisories and not retirements or outdated versions\n\n# 🔽 Install\n\n```sh\ngleam add --dev go_over\n```\n\n## 📣 Also!\n\n- add `.go-over/` to your `.gitignore`\n- make sure `git` is installed. (If not running via the BEAM you need `curl`,\n  `wget` _or_ `httpie` installed as well)\n\n#### 🌸 Javascript\n\nIf running with Javascript install\n\n```json\n{\n  \"devDependencies\": {\n    \"yaml\": \"^2.4.3\"\n  }\n}\n```\n\nBun, Deno \u0026 Nodejs are _all_ supported!\n\n# ▶️ Usage\n\n```sh\ngleam run -m go_over\n```\n\n### 🎥 Obligatory VHS\n\n![demo](https://raw.githubusercontent.com/bwireman/go-over/main/images/demo.gif)\n\n### 🏴 Flags\n\n- `--format` Specify the output format of any warnings, [minimal, verbose, json]\n  (default: None)\n- `--puller` Specify the tool used to reach out to hex.pm, [native, curl, wget,\n  httpie] (default: None)\n- `--force`: Force pulling new data even if the cached data is still valid\n- `--outdated`: Additionally check if newer versions of dependencies exist\n- `--ignore-indirect`: Ignore all warnings for indirect dependencies\n- `--verbose`: Print progress as packages are checked\n- `--help,-h`: Print help\n\nFlags override config values if set\n\n### ⚙️ Config\n\nOptional settings that can be added to your project's `gleam.toml`\n\n```toml\n[go-over]\n# disables caching if false\n# default: true\ncache = true\n# if true all cached data will be stored in user's home directory\n# allowing cache to be shared between projects\n# default: true\nglobal = true\n# sets output format for warnings [\"minimal\", \"detailed\", \"json\"]\n# default: \"minimal\"\nformat = \"minimal\"\n# will additionally check if newer versions of dependencies exist\n# default: true\noutdated = true\n# tool used to pull information from hex.pm [\"native\", \"curl\", \"wget\", \"httpie\"]\n# default: \"curl\" for JS and \"native\" for Erlang\npuller = \"curl\"\n# licenses dependencies are allowed to use. If left empty then all licenses are allowed\n# default: []\nallowed_licenses = []\n\n[go-over.ignore]\n# will ignore all warnings for indirect dependencies\n# default: false\nindirect = false\n# will ignore all warnings for dev-dependencies. Note: to ignore indirect dependencies regardless of source see go-over.ignore.indirect\n# default: false\ndev_dependencies = false\n# list of package names to skip when auditing dependencies\n# default: []\npackages = [\"example_package\"]\n# list of warning severities to skip when auditing dependencies\n# default: []\n# (case insensitive)\nseverity = [\"example_moderate\"]\n# list of advisory IDs to skip when auditing dependencies\n# default: []\nids = [\"GHSA-xxxx-yyyy-zzzz\"]\n```\n\n### ⌛ Caching\n\n- Security advisory data is cached for **_six_** hours\n- hex.pm retired package data is cached for **_one_** hour\n\n## 🪝 pre-commit hooks\n\nYou can add go_over to you're pre-commit hooks by installing\n[🌵cactus](https://hex.pm/packages/cactus) \u0026 then adding this to your\n`gleam.toml`\n\n```toml\n[cactus.pre-commit]\nactions = [\n  { command = \"go_over\" },\n]\n```\n\n## ⚙️ CI\n\nYou can also schedule daily runs to keep your deps up to date and open issues\nwhen necessary!\n[Example ▶️](https://github.com/bwireman/go-over/blob/main/.github/workflows/deps.yml)\n\n# 🖌️ Other Art\n\n- As I'm sure is no surprise this tool is inspired by (and all around worse\n  than) [mirego/mix_audit](https://github.com/mirego/mix_audit). Please check it\n  out!\n- It also draws inspiration from\n  [mix hex.audit](https://hexdocs.pm/hex/Mix.Tasks.Hex.Audit.html)\n\n# ⚖️ License\n\n- This tool uses\n  [mirego/elixir-security-advisories](https://github.com/mirego/elixir-security-advisories)\n  which is it self licensed with\n\n  - `BSD-3-Clause license`\n  - `CC-BY 4.0 open source license`.\n  - See their\n    [#license section](https://github.com/mirego/elixir-security-advisories?tab=readme-ov-file#license)\n\n- Code original to this repo is Licensed under `MIT`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwireman%2Fgo-over","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbwireman%2Fgo-over","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbwireman%2Fgo-over/lists"}