dep-doctor

command module

v0.2.2 Latest Latest Go to latest Published: Oct 30, 2023 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyoshidajp/dep-doctor

Links

Open Source Insights

README ¶

dep-doctor

dep-doctor is a tool to diagnose whether your software dependency packages are maintained.

Today, most software relies heavily on external packages. Vulnerabilities in those packages can be detected by vulnerability scanners (dependabot, trivy, Grype, etc) if they are publicly available.

However, some packages have archived their source code repositories or have had their development stopped, although not explicitly. dep-doctor will notify you of those packages in the dependencies files.

overview

Support dependencies files

language	package manager	file (e.g.)	status
Ruby	bundler	Gemfile.lock	✔
JavaScript	yarn	yarn.lock	✔
JavaScript	npm	package-lock.json	✔
Python	pip	requirements.txt	✔
Python	poetry	poetry.lock	(later)
Python	pipenv	Pipfile.lock	(later)
PHP	composer	composer.lock	✔
Go	golang	go.mod	✔
Rust	cargo	Cargo.lock	(later)

Support repository hosting services

Only GitHub.com

Install

Homebrew (macOS and Linux)

$ brew tap kyoshidajp/dep-doctor
$ brew install kyoshidajp/dep-doctor/dep-doctor

Binary packages

Releases

How to use

GITHUB_TOKEN must be set as an environment variable before execution.

Usage:
  dep-doctor diagnose [flags]

Flags:
  -h, --help               help for diagnose
  -i, --ignores string     ignore dependencies (separated by a space)
  -f, --lock_file string   lock file path (default "Gemfile.lock")
  -p, --package string     package manager (default "bundler")
  -y, --year int           max years of inactivity (default 5)

For example:

$ dep-doctor diagnose -p bundler -f /path/to/Gemfile.lock
concurrent-ruby
dotenv
faker
i18n
method_source
paperclip
......
[error] paperclip (archived): https://github.com/thoughtbot/paperclip
Diagnosis completed! 6 dependencies.
1 error, 0 warn (0 unknown), 0 info (0 ignored)

Report level

level	e.g.
error	Source code repository is already archived.
warn	Source code repository is not active or unknown.
info	Other reasons. (specified to be ignored)

How works

how_works

Author

Katsuhiko YOSHIDA

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
github

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL