github.com/rinkiyakedad/dependency-analyzer-poc
Readme
depstat is a CLI for analyzing dependencies of Go modules enabled projects.
Currently, to test depstat out you can generate the binary directly by running go build in the project directory and then pointing to the location of the binary from the project whose dependencies you want to analyze. Releases will be supported once the repository for depstat gets finalized.
depstat can be used as a standalone command-line application. It is also to be used in the Kubernetes CI pipeline. For more info on the latter see #100792.
To see the list of commands depstat offers you can run depstat help. depstat currently supports the following commands:
depstat cycles shows all the cycles present in the dependencies of the project.
An example of a cycle in project dependenies is:
golang.org/x/net -> golang.org/x/crypto -> golang.org/x/net
--json prints the output of the cycles command in JSON format. For the above example the JSON output would look like this:
{
"cycles": [
[
"golang.org/x/net",
"golang.org/x/crypto",
"golang.org/x/net"
]
]
}
depstat graph will generate a graph.dot file which can be used with Graphviz's dot command to visualize the dependencies of a project.
For example, after running depstat graph, an SVG can be created using:
twopi -Tsvg -o dag.svg graph.dot
depstat list shows a sorted list of all project dependencies. These include both direct and transitive dependencies.
Direct dependencies: Dependencies that are directly used in the code of the project. These do not include standard go packages like fmt, etc.
Transitive dependencies: These are dependencies that get imported because they are needed by some direct dependency of the project.
depstat stats will provide the following metrics about the dependencies of the project:
Total Dependencies: Total number of dependencies of the project. This is the sum of direct and transitive dependencies.
Max Depth of Dependencies: Number of dependencies in the longest dependency chain present in the project.
Transitive Dependencies: Total number of transitive dependencies.
--json flag gives this output in a JSON format.--verbose mode will help provide you with the list of all the dependencies and will also print the longest dependency chain.depstat is being developed under the code organization sub-project under SIG Architecture. The goal is to make it easy to evaluate dependency updates to Kubernetes. This will be done by running depstat as part of the Kubernetes CI pipeline.
You can reach the maintainers of this project at:
#k8s-code-organization on the Kubernetes slack.
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.