https://github.com/bhupesh-v/godeping
Ping your Go project dependencies for aliveness (are they maintained or not?)
https://github.com/bhupesh-v/godeping
cleanup cli dependencies go go-tools healthcheck ping refactoring
Last synced: 11 months ago
JSON representation
Ping your Go project dependencies for aliveness (are they maintained or not?)
- Host: GitHub
- URL: https://github.com/bhupesh-v/godeping
- Owner: Bhupesh-V
- License: gpl-3.0
- Created: 2025-05-18T17:03:10.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-01T14:09:23.000Z (about 1 year ago)
- Last Synced: 2025-07-04T19:24:53.830Z (12 months ago)
- Topics: cleanup, cli, dependencies, go, go-tools, healthcheck, ping, refactoring
- Language: Go
- Homepage:
- Size: 64.5 KB
- Stars: 11
- Watchers: 2
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# godeping
_Pronounced: "Go deping". Technically, "Go dep ping"_
> **A Go tool to check whether you Go project dependencies are maintained or not.**
[](https://github.com/Bhupesh-V/godeping/actions/workflows/main.yml)
## Installation
```
go install github.com/Bhupesh-V/godeping@latest
```
## Use-cases
1. **Tech Debt, Refactoring & Cleanup**
- When inheriting an unfamiliar Go project, get a sense of technical debt in terms of dependencies.
2. **Security Audits & Compliance**
- Flag deps that might not receive security patches anymore.
3. **Open-Source Spirit**
- Help (sponsor) maintainers to keep the unmaintained libraries alive.
- Fork the ones that cannot be helped. Take charge on giving back to the community 🏃🏼♂️.
## Judgement Criteria
`godeping` relies on the Go Infrastructure to determine whether a dependency is archived or not. Namely `pkg.go.dev` which itself is powered by [`index.golang.org`](https://index.golang.org/).
- As of today an API for [`pkg.go.dev` is still not available](https://github.com/golang/go/issues/36785).
- By default, `godeping` considers a module unmaintained if it hasn't been updated in 2 years. This threshold can be customized using the `-since` flag.
## Usage
Quick start (assuming you are in the root of your Go project):
```bash
godeping -quiet .
```
All options:
```bash
godeping [options]
Options:
-json
Output in JSON format
-quiet
Suppress progress output
-since string
Consider dependencies as unmaintained if not updated since this duration (e.g. 1y, 6m, 2y3m) (default "2y")
```
### Duration Format for `-since`
The `-since` flag accepts durations in several formats:
```
-since 3y
-since 2y5m
```
## Example
### Text (Default) Mode
```
$ godeping -quiet /path/to/your/project
Analyzing Go project at: /path/to/your/project
Found 90 dependencies in go.mod
Module: /path/to/your/project
Go Version: 1.24.2
Direct Dependencies: 30
Archived (Dead) Direct Dependencies:
github.com/avast/retry-go
Last Published: Oct 13, 2020
github.com/golang/mock
Last Published: Jun 11, 2021
github.com/pkg/errors
Last Published: Jan 14, 2020
github.com/opentracing/opentracing-go
Last Published: Jul 1, 2020
github.com/patrickmn/go-cache
Last Published: Jul 22, 2017
Summary:
- Total Dependencies: 90
- Direct Dependencies: 30
- Unmaintained Dependencies: 5
```
### Using Custom Duration
```
$ godeping -quiet -since 6m /path/to/your/project
```
This checks for dependencies that haven't been updated in the last 6 months.
### JSON Mode
Use the `-json` flag to output the results in JSON format. JSON mode enables `-quiet` by default.
```
godeping -json /path/to/your/project
```
```json
{
"module": "your/main/module",
"goVersion": "1.24.2",
"totalDependencies": 90,
"directDependencies": 30,
"deadDirectDependencies": [
{
"module_path": "github.com/golang/mock",
"last_published": "2021-06-11T00:00:00Z"
},
{
"module_path": "github.com/avast/retry-go",
"last_published": "2020-10-13T00:00:00Z"
},
{
"module_path": "github.com/patrickmn/go-cache",
"last_published": "2017-07-22T00:00:00Z"
},
{
"module_path": "github.com/pkg/errors",
"last_published": "2020-01-14T00:00:00Z"
},
{
"module_path": "github.com/opentracing/opentracing-go",
"last_published": "2020-07-01T00:00:00Z"
}
]
}
```
## Alternatives
If you fancy freedom.
```bash
go mod edit -json \
| jq -r '.Require[].Path' \
| grep github.com \
| while read -r path; do
# Strip github.com/
repo=$(echo "$path" | sed -E 's|^github.com/||')
# Remove /v2, /v3, etc. at the end
clean_repo=$(echo "$repo" | sed -E 's|/v[0-9]+$||')
echo -n "$clean_repo: "
gh repo view "$clean_repo" --json isArchived --jq '.isArchived' 2>/dev/null || echo "not found"
done
```
## License
This project is licensed under the GNU General Public License v3.0 License - see the [LICENSE](LICENSE) file for details.