pkg

package

v1.6.2 Latest Latest Go to latest Published: May 13, 2026 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacktower-io/stacktower

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pkg provides the core libraries for Stacktower dependency visualization.

Overview ¶

Stacktower transforms dependency trees into visual tower diagrams where packages rest on what they depend on—inspired by XKCD #2347 ("Dependency"). The pkg directory is organized into these areas:

core - Domain logic (dependency resolution, graph structures, rendering)
integrations - External API clients (PyPI, npm, GitHub, etc.)
pipeline - Orchestration (parse → layout → render)
graph - Serialization types for graphs and layouts
cache - Caching interfaces and implementations
security - Vulnerability scanning and license analysis
sbom - SBOM generation (CycloneDX, SPDX)
errors - Structured error types and codes
observability - Pipeline and security event hooks
buildinfo - Build-time version metadata
fonts - Embedded font data for SVG rendering
session - GitHub session and credential storage

Architecture ¶

The typical data flow through Stacktower:

Package Registry/Manifest
         ↓
    [core/deps] package (resolve dependencies)
         ↓
    [core/dag] package (graph structure + transformations)
         ↓
    [core/render] package (layout + visualization)
         ↓
    SVG/PDF/PNG/JSON output

Quick Start ¶

Resolve dependencies and render a tower visualization:

import (
    "context"
    "github.com/stacktower-io/stacktower/pkg/core/deps/python"
    "github.com/stacktower-io/stacktower/pkg/core/dag/transform"
    "github.com/stacktower-io/stacktower/pkg/core/render/tower/layout"
    "github.com/stacktower-io/stacktower/pkg/core/render/tower/sink"
)

// 1. Resolve dependencies
resolver, _ := python.Language.Resolver()
g, _ := resolver.Resolve(context.Background(), "fastapi", deps.Options{
    MaxDepth: 10,
    MaxNodes: 1000,
})

// 2. Transform the graph
_, _ = transform.Normalize(g)

// 3. Compute layout
l := layout.Build(g, 1200, 800)

// 4. Render to SVG
svg := sink.RenderSVG(l, sink.WithGraph(g))

Main Packages ¶

## Core Domain Logic

core/deps - Dependency resolution supporting 7 languages (Python, Rust, JavaScript, Go, Ruby, PHP, Java). Each language has its own subpackage with manifest parsers and registry resolvers.

core/dag - Directed acyclic graph optimized for row-based layered layouts. Nodes are organized into horizontal rows with edges connecting consecutive rows only. Supports regular, subdivider, and auxiliary node types.

core/render - Visualization rendering with two output formats: tower (stacked blocks) and nodelink (traditional directed graphs).

## External Integrations

integrations - HTTP clients for package registries (PyPI, npm, crates.io, RubyGems, Packagist, Maven, Go proxy) and code hosts (GitHub, GitLab).

## Graph Transformations

dag/transform - Graph transformations: transitive reduction, layering, edge subdivision, and span overlap resolution. [transform.Normalize] runs the complete pipeline.

dag/perm - Permutation algorithms including PQ-trees for efficiently generating valid orderings with partial ordering constraints.

## Visualization

render/tower - Stacktower's signature tower visualization. The rendering pipeline: ordering → layout → transform → sink.

render/tower/ordering: Minimize edge crossings (barycentric, optimal)
render/tower/layout: Compute block positions and dimensions
render/tower/transform: Post-layout (merge subdividers, randomize widths)
render/tower/sink: Output formats (SVG, PDF, PNG, JSON)
render/tower/styles: Visual styles (simple, hand-drawn)
render/tower/feature: Analysis (Nebraska ranking, brittle detection)

render/nodelink - Traditional directed graph diagrams using Graphviz.

render - Top-level utilities for format conversion (SVG to PDF/PNG).

## Serialization

graph - Serialization types for graphs and layouts (JSON node-link format).

## Orchestration

pipeline - Complete visualization pipeline (parse → layout → render) used by CLI and API. Ensures consistent behavior across all entry points.

## Compliance & Security

sbom - SBOM generation in CycloneDX and SPDX formats, including package identifiers (purls), license data, and vulnerability findings.

## Infrastructure

errors - Structured error types with machine-readable codes for CLI and API.

observability - Hook interfaces for pipeline and security lifecycle events (resolution progress, ordering, vulnerability scanning).

buildinfo - Build-time version, commit, and date metadata populated via ldflags.

fonts - Embedded font data (Gaegu) used by the hand-drawn SVG renderer.

session - GitHub OAuth session storage and credential management.

Common Workflows ¶

Parse a manifest file:

parser := python.PoetryLock{}
result, _ := parser.Parse("poetry.lock", deps.Options{})
g := result.Graph

Enrich with GitHub metadata:

provider, _ := metadata.NewGitHub(token, 24*time.Hour)
opts := deps.Options{MetadataProviders: []deps.MetadataProvider{provider}}
g, _ := resolver.Resolve(ctx, "fastapi", opts)

Render with custom style:

l := layout.Build(g, 1200, 800)
style := handdrawn.New(42)
svg := sink.RenderSVG(l, sink.WithGraph(g), sink.WithStyle(style))

Analyze maintainer risk:

rankings := feature.RankNebraska(g, 10)
for _, n := range g.Nodes() {
    if feature.IsBrittle(n) {
        fmt.Printf("Warning: %s may be unmaintained\n", n.ID)
    }
}

Testing ¶

Run tests:

go test ./pkg/...                    # All tests
go test ./pkg/core/dag/...           # Specific package
go test -run Example                 # Examples only
go test -tags integration ./pkg/...  # Include integration tests

Source Files ¶

View all Source files

doc.go

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
buildinfo Package buildinfo provides build-time version information.	Package buildinfo provides build-time version information.
cache Package cache provides a minimal caching interface for the pipeline.	Package cache provides a minimal caching interface for the pipeline.
core
dag Package dag provides a directed acyclic graph (DAG) optimized for row-based layered layouts used in tower visualizations.	Package dag provides a directed acyclic graph (DAG) optimized for row-based layered layouts used in tower visualizations.
dag/perm Package perm provides permutation generation algorithms and the PQ-tree data structure for constrained ordering problems.	Package perm provides permutation generation algorithms and the PQ-tree data structure for constrained ordering problems.
dag/transform Package transform provides graph transformations that prepare a DAG for tower rendering.	Package transform provides graph transformations that prepare a DAG for tower rendering.
deps Package deps provides dependency resolution from package registries and manifest files.	Package deps provides dependency resolution from package registries and manifest files.
deps/constraints
deps/golang Package golang provides dependency resolution for Go modules.	Package golang provides dependency resolution for Go modules.
deps/java Package java provides dependency resolution for Maven/Java packages.	Package java provides dependency resolution for Maven/Java packages.
deps/javascript Package javascript provides dependency resolution for npm packages.	Package javascript provides dependency resolution for npm packages.
deps/languages Package languages provides the complete list of supported language ecosystems.	Package languages provides the complete list of supported language ecosystems.
deps/metadata Package metadata provides metadata enrichment from external sources.	Package metadata provides metadata enrichment from external sources.
deps/php Package php provides dependency resolution for PHP Composer packages.	Package php provides dependency resolution for PHP Composer packages.
deps/python Package python provides dependency resolution for Python packages.	Package python provides dependency resolution for Python packages.
deps/ruby Package ruby provides dependency resolution for Ruby gems.	Package ruby provides dependency resolution for Ruby gems.
deps/rust Package rust provides dependency resolution for Rust crates.	Package rust provides dependency resolution for Rust crates.
render Package render provides visualization rendering for dependency graphs.	Package render provides visualization rendering for dependency graphs.
render/nodelink Package nodelink provides node-and-edge graph visualization using Graphviz.	Package nodelink provides node-and-edge graph visualization using Graphviz.
render/tower Package tower provides the physical tower visualization engine.	Package tower provides the physical tower visualization engine.
render/tower/feature Package feature provides analysis features for tower visualizations.	Package feature provides analysis features for tower visualizations.
render/tower/layout Package layout computes block positions for tower visualizations.	Package layout computes block positions for tower visualizations.
render/tower/ordering Package ordering provides algorithms for determining the left-to-right arrangement of nodes within each row of a layered graph.	Package ordering provides algorithms for determining the left-to-right arrangement of nodes within each row of a layered graph.
render/tower/sink Package sink provides output format renderers for tower visualizations.	Package sink provides output format renderers for tower visualizations.
render/tower/styles Package styles defines visual styles for tower rendering.	Package styles defines visual styles for tower rendering.
render/tower/styles/handdrawn Package handdrawn provides an XKCD-inspired hand-drawn visual style.	Package handdrawn provides an XKCD-inspired hand-drawn visual style.
render/tower/transform Package transform provides post-layout transformations for tower rendering.	Package transform provides post-layout transformations for tower rendering.
errors Package errors provides structured error types for the Stacktower application.	Package errors provides structured error types for the Stacktower application.
fonts
graph Package graph provides serialization types for dependency graphs and layouts.	Package graph provides serialization types for dependency graphs and layouts.
integrations Package integrations provides HTTP clients for package registry APIs.	Package integrations provides HTTP clients for package registry APIs.
crates Package crates provides an HTTP client for the crates.io API.	Package crates provides an HTTP client for the crates.io API.
github Package github provides an HTTP client for the GitHub API.	Package github provides an HTTP client for the GitHub API.
gitlab Package gitlab provides an HTTP client for the GitLab API.	Package gitlab provides an HTTP client for the GitLab API.
goproxy Package goproxy provides an HTTP client for the Go Module Proxy.	Package goproxy provides an HTTP client for the Go Module Proxy.
maven Package maven provides an HTTP client for Maven Central.	Package maven provides an HTTP client for Maven Central.
npm Package npm provides an HTTP client for the npm registry API.	Package npm provides an HTTP client for the npm registry API.
osv Package osv provides a client for the OSV.dev vulnerability database API.	Package osv provides a client for the OSV.dev vulnerability database API.
packagist Package packagist provides an HTTP client for the Packagist API.	Package packagist provides an HTTP client for the Packagist API.
pypi Package pypi provides an HTTP client for the Python Package Index API.	Package pypi provides an HTTP client for the Python Package Index API.
rubygems Package rubygems provides an HTTP client for the RubyGems.org API.	Package rubygems provides an HTTP client for the RubyGems.org API.
observability Package observability provides hooks for metrics, tracing, and logging.	Package observability provides hooks for metrics, tracing, and logging.
pipeline Package pipeline provides the core visualization pipeline for Stacktower.	Package pipeline provides the core visualization pipeline for Stacktower.
sbom Package sbom generates standards-compliant Software Bill of Materials from Stacktower dependency graphs.	Package sbom generates standards-compliant Software Bill of Materials from Stacktower dependency graphs.
security Package security provides vulnerability scanning and license compliance checking for dependency graphs.	Package security provides vulnerability scanning and license compliance checking for dependency graphs.
session Package session provides session management for authenticated users.	Package session provides session management for authenticated users.
sessiontest Package sessiontest provides test helpers for the session package.	Package sessiontest provides test helpers for the session package.