{"id":50454084,"url":"https://github.com/mizcausevic-dev/dependency-drift-watch","last_synced_at":"2026-06-01T01:05:38.263Z","repository":{"id":358387778,"uuid":"1240022748","full_name":"mizcausevic-dev/dependency-drift-watch","owner":"mizcausevic-dev","description":"Rust Axum control plane for dependency drift, release lag, stale lockfiles, CVE pressure, and owner-lane review.","archived":false,"fork":false,"pushed_at":"2026-05-17T05:12:46.000Z","size":26,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-17T07:26:47.896Z","etag":null,"topics":["axum","backend","dependency-management","governance","package-drift","platform-reliability","portfolio","prometheus","release-engineering","rust"],"latest_commit_sha":null,"homepage":"https://kineticgain.com/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mizcausevic-dev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-15T17:29:03.000Z","updated_at":"2026-05-17T05:12:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mizcausevic-dev/dependency-drift-watch","commit_stats":null,"previous_names":["mizcausevic-dev/dependency-drift-watch"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/mizcausevic-dev/dependency-drift-watch","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fdependency-drift-watch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fdependency-drift-watch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fdependency-drift-watch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fdependency-drift-watch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mizcausevic-dev","download_url":"https://codeload.github.com/mizcausevic-dev/dependency-drift-watch/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fdependency-drift-watch/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33755379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["axum","backend","dependency-management","governance","package-drift","platform-reliability","portfolio","prometheus","release-engineering","rust"],"created_at":"2026-06-01T01:05:38.155Z","updated_at":"2026-06-01T01:05:38.246Z","avatar_url":"https://github.com/mizcausevic-dev.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dependency Drift Watch\r\n\r\nRust and Axum control surface for **package drift, release lag, stale lockfiles, CVE pressure, and owner-lane review prioritization**.\r\n\r\n\u003e **What this repo proves**\r\n\u003e\r\n\u003e Dependency freshness becomes useful only when operators can see which packages are drifting, why they are risky, and which owner lane should move next.\r\n\r\n## Why this repo exists\r\n\r\nPlatform teams usually have some combination of lockfiles, Dependabot, and patch notes. What they often do not have is a clean reliability surface that turns package lag into a readable queue:\r\n\r\n- which packages are too far behind the current release line\r\n- which stale lockfiles are hiding transitive risk\r\n- which major-version jumps deserve human review instead of blind automation\r\n- which owner lanes are letting drift stack up across critical services\r\n\r\n`dependency-drift-watch` models that review layer directly. It treats dependency freshness as a platform-reliability and release-governance concern, not just a background automation task.\r\n\r\n## Screenshots\r\n\r\n![Overview](./screenshots/01-overview.svg)\r\n![Package board](./screenshots/02-package-board.svg)\r\n![Review queue](./screenshots/03-review-queue.svg)\r\n![Metrics proof](./screenshots/04-metrics-proof.svg)\r\n\r\n## What it includes\r\n\r\n- Rust + Axum service with HTML proof surfaces and JSON APIs\r\n- modeled package fleet across Python, Rust, Node, and Java lanes\r\n- drift scoring for release gap, lockfile age, CVE pressure, breaking changes, automation coverage, and service tier\r\n- owner-lane review surface for package stewardship\r\n- Prometheus-compatible `/metrics` endpoint\r\n- policy configuration and audit/evidence surface for scan events and review recommendations\r\n- screenshot generator, docs, origin story, changelog, tests, and CI\r\n\r\n## Local run\r\n\r\n```powershell\r\ncd dependency-drift-watch\r\n$env:Path = \"$env:USERPROFILE\\\\.cargo\\\\bin;$env:Path\"\r\ncargo run\r\n```\r\n\r\nThen open:\r\n\r\n- `http://127.0.0.1:5048/`\r\n- `http://127.0.0.1:5048/packages`\r\n- `http://127.0.0.1:5048/review-queue`\r\n- `http://127.0.0.1:5048/owners`\r\n- `http://127.0.0.1:5048/metrics-preview`\r\n- `http://127.0.0.1:5048/docs`\r\n\r\nIf that port is busy:\r\n\r\n```powershell\r\n$env:PORT = \"5052\"\r\ncargo run\r\n```\r\n\r\n## Validation\r\n\r\n```powershell\r\ncd dependency-drift-watch\r\n$env:Path = \"$env:USERPROFILE\\\\.cargo\\\\bin;$env:Path\"\r\ncargo test\r\ncargo build\r\npython scripts\\\\generate_screenshots.py\r\n```\r\n\r\n## API routes\r\n\r\n- `GET /api/dashboard/summary`\r\n- `GET /api/packages`\r\n- `GET /api/packages/{id}`\r\n- `GET /api/review-queue`\r\n- `GET /api/owners`\r\n- `GET /api/policy`\r\n- `GET /api/audit`\r\n- `GET /api/sample`\r\n- `GET /metrics`\r\n\r\n## Architecture\r\n\r\n```mermaid\r\nflowchart LR\r\n  A[\"Package snapshots\"] --\u003e B[\"Rust Axum routes\"]\r\n  B --\u003e C[\"Drift scoring engine\"]\r\n  C --\u003e D[\"Review queue\"]\r\n  C --\u003e E[\"Owner lanes\"]\r\n  C --\u003e F[\"Prometheus metrics\"]\r\n  C --\u003e G[\"Audit and policy surface\"]\r\n  D --\u003e H[\"Operator action\"]\r\n  E --\u003e H\r\n  F --\u003e H\r\n  G --\u003e H\r\n```\r\n\r\nMore detail lives in [docs/architecture.md](./docs/architecture.md).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fdependency-drift-watch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmizcausevic-dev%2Fdependency-drift-watch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fdependency-drift-watch/lists"}