banish

command module

v0.1.1 Latest Latest Go to latest Published: Jul 5, 2023 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/humn-ai/banish

Links

Open Source Insights

README ¶

Banish

A Go tool for scanning organisation repositories for blacklisted modules

Report Bug · Request Feature

Table of Contents

About The Project
Installation
Usage
Contributing
License
Contact

About The Project

When maintaining lots of repos, it is often necessary to find a list of repos containing modules that have out-of-date dependencies. This tool will scan all of an organisation's repos looking for go.mod files, and will parse those files looking for modules that need to be removed or updated.

Here's why:

You have updated a module with a breaking change, and want to ensure that all projects that depend upon it have been updated
You have identified a security, license, or some other issue with a dependency and with to make sure that none of your repos depend upon it (including at least one step indirectly)
You have tried to use GitHub's search to help find these issues and value your sanity enough to use some proper tooling instead 😄

(back to top)

Installation

Use go install.

go install github.com/humn-ai/banish@latest

(back to top)

Usage

Running banish without any arguments will output usage information.

A simple scan of all repositories might look like this:

banish -github-token <your token> -org humn-ai -modules github.com/gogo/protobuf

Multiple repositories can be provided with CSV, and minimum versions can be provided with @:

banish \
    -github-token <your token> \
    -org humn-ai \
    -modules github.com/gogo/protobuf,github.com/rs/zerolog@1.0.0

To use a file with a line for each entry to search for, standard POSIX comes in handy. Also note that an environment variable of GITHUB_TOKEN can be used to improve the security of your token handling. Here pass is used to store a token encrypted and avoid leaving it laying around in terminal history or environment variables, and a line-by-line blacklist file is converted to CSV:

GITHUB_TOKEN=$(pass tokens/github-ro) banish \
    -org humn-ai \
    -modules $(cat blacklist.txt | tr '\n' ',')

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue. Don't forget to give the project a star! Thanks again!