{"id":15048126,"url":"https://github.com/github/dependency-submission-toolkit","last_synced_at":"2025-04-05T10:07:20.468Z","repository":{"id":36970099,"uuid":"491162902","full_name":"github/dependency-submission-toolkit","owner":"github","description":"A TypeScript library for creating dependency snapshots. ","archived":false,"fork":false,"pushed_at":"2025-03-24T21:32:44.000Z","size":1116,"stargazers_count":48,"open_issues_count":11,"forks_count":13,"subscribers_count":204,"default_branch":"main","last_synced_at":"2025-03-29T09:08:35.824Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-11T15:11:47.000Z","updated_at":"2025-03-25T13:02:34.000Z","dependencies_parsed_at":"2024-02-06T08:49:16.495Z","dependency_job_id":"c47b1da8-274b-4ad2-85d0-b1acf818cc84","html_url":"https://github.com/github/dependency-submission-toolkit","commit_stats":{"total_commits":112,"total_committers":19,"mean_commits":5.894736842105263,"dds":0.5267857142857143,"last_synced_commit":"81aca25297fae3b1240e94193b5892ddab553687"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fdependency-submission-toolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fdependency-submission-toolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fdependency-submission-toolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fdependency-submission-toolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","download_url":"https://codeload.github.com/github/dependency-submission-toolkit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247318744,"owners_count":20919484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T21:08:25.829Z","updated_at":"2025-04-05T10:07:20.438Z","avatar_url":"https://github.com/github.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# Dependency Submission Toolkit\n\n`@github/dependency-submission-toolkit` is a TypeScript library for creating\ndependency snapshots and submitting them to the dependency submission API.\nSnapshots are a set of dependencies grouped by manifest with some related\nmetadata. A manifest can be a physical file or a more abstract representation of\na dependency grouping (such processing of program outputs). After submission to\nthe API, the included dependencies appear in the repository's\n[dependency graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).\n\n## Installation\n\n```\nnpm install @github/dependency-submission-toolkit\n```\n\n## Writing Your Own Dependency Submission Action\n\nYou may use classes from `@github/dependency-submission-toolkit` to help in\nbuilding your own GitHub Action for submitting dependencies to the Dependency\nSubmission API. At a high level, the steps to use the classes are:\n\n1. Create a `PackageCache` of all of the packages that could be included in your\n   manifest, as well define as the relationships between them.\n\n2. Using the packages defined in `PackageCache`, create a `Manifest` or a\n   `BuildTarget`, which defines the dependencies of the build environment or\n   specific build artifact.\n\n3. Create a `Snapshot` to include one or more `Manifests` or `BuildTargets`. The\n   snapshot is the base container for submitting dependencies to the Dependency\n   Submission API.\n\n4. Follow the instructions for\n   [Creating a JavaScript Action](https://docs.github.com/en/actions/creating-actions/creating-a-javascript-action).\n   These include:\n\n   - Defining an `action.yml` action metadata file\n   - Compiling the JavaScript into a single script using `ncc`\n   - Testing your action in a workflow\n\nA full example action using this library is included in the `example/`\ndirectory. This example uses the output from the `npm list` to create an\naccurate and complete graph of the dependencies used in this library. This\naction is also included in a workflow in this repository and runs for each\ncommit to the `main` branch.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fdependency-submission-toolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithub%2Fdependency-submission-toolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Fdependency-submission-toolkit/lists"}