Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/edoardottt/depsdev
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
https://github.com/edoardottt/depsdev
blue-team cargo defensive-security dependency dependency-management dependency-scanning dependency-security go go-module golang-module hacktoberfest maven npm npm-module nuget package-security pypi sbom sbom-generator security
Last synced: 3 months ago
JSON representation
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
- Host: GitHub
- URL: https://github.com/edoardottt/depsdev
- Owner: edoardottt
- License: apache-2.0
- Created: 2023-04-22T08:01:13.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-17T10:12:23.000Z (8 months ago)
- Last Synced: 2024-07-30T18:03:51.923Z (6 months ago)
- Topics: blue-team, cargo, defensive-security, dependency, dependency-management, dependency-scanning, dependency-security, go, go-module, golang-module, hacktoberfest, maven, npm, npm-module, nuget, package-security, pypi, sbom, sbom-generator, security
- Language: Go
- Homepage: https://deps.dev
- Size: 157 KB
- Stars: 39
- Watchers: 3
- Forks: 7
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
depsdev
CLI client (and Golang module) for deps.dev API.
Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
Coded with 💙 by edoardottt
Install •
Get Started •
Examples •
Changelog •
Contributing •
License
Install 📡
----------
### Using Snap
```console
sudo snap install depsdev
```
### Using Go
```console
go install github.com/edoardottt/depsdev@latest
```
Get Started 🎉
----------
```console
Usage:
depsdev [command]
Available Commands:
advisory Get info about an (OSV) advisory
completion Generate the autocompletion script for the specified shell
deps Get info about a package's dependencies
graph Generate a Graphviz compatible dependencies graph
help Help about any command
info Get info about a package or a specific version of that
packages Get info about a project's package versions (GitHub, GitLab, or BitBucket)
project Get info about a project (GitHub, GitLab, or BitBucket)
query Get info about multiple package versions using a query
reqs Get info about a package's requirements
Flags:
-h, --help help for depsdev
Use "depsdev [command] --help" for more information about a command.
```
Examples 💡
----------
> **Note**
> The supported package managers are `go`, `npm`, `cargo`, `maven`, `pypi` and `nuget`.
For more information [read the API documentation](https://docs.deps.dev/api/v3alpha/).
Get information about a package, including a list of its available versions, with the default version marked if known.
```console
depsdev info npm @colors/colors
```
Get information about a specific package version including its licenses and any security advisories known to affect it.
```console
depsdev info npm @colors/colors 1.5.0
```
Get information about a resolved dependency graph for the given package version.
```console
depsdev deps npm @colors/colors 1.5.0
```
Get information about projects hosted by GitHub, GitLab, or BitBucket (if available).
```console
depsdev project github.com/facebook/react
```
Get information about security advisories hosted by OSV.
```console
depsdev advisory GHSA-2qrg-x229-3v8q
```
Get information about multiple package versions, which can be specified by name, content hash, or both.
```console
depsdev query "versionKey.system=NPM&versionKey.name=react&versionKey.version=18.2.0"
```
Generate a Graphviz compatible dependencies graph for a specific version of a package.
```console
depsdev graph npm slice-ansi 6.0.0
```
Get information about the package requirements for a given version in a system-specific format.
```console
depsdev reqs npm slice-ansi 6.0.0
```
Returns known mappings between the requested project and package versions.
```console
depsdev packages github.com/eslint/espree
```
**Use depsdev as a Go module**
```Go
import (
"fmt"
"github.com/edoardottt/depsdev/pkg/depsdev"
)
func main() {
client := depsdev.NewAPI()
i, err := client.GetInfo("npm", "defangjs")
if err != nil {
fmt.Println(err)
}
fmt.Println(i)
}
```
Read the full [`package documentation here`](https://pkg.go.dev/github.com/edoardottt/depsdev/pkg/depsdev)
Changelog 📌
-------
Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/depsdev/releases).
Contributing 🛠
-------
Just open an [issue](https://github.com/edoardottt/depsdev/issues) / [pull request](https://github.com/edoardottt/depsdev/pulls).
Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run
```console
golangci-lint run
```
If there aren't errors, go ahead :)
The HTTP client implementation is partially taken from [@liamg/hackerone](https://github.com/liamg/hackerone).
License 📝
-------
This repository is under [Apache2.0 License](https://github.com/edoardottt/depsdev/blob/main/LICENSE).
[edoardoottavianelli.it](https://www.edoardoottavianelli.it) to contact me.