Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/KyleBanks/depth

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/KyleBanks/depth

  • v1.2.1
  • Source
  • Go
  • Socket score

Version published
Created
Source

depth

GoDoc  Build Status  Go Report Card  Coverage Status

depth is tool to retrieve and visualize Go source code dependency trees.

Install

Download the appropriate binary for your platform from the Releases page, or:

go get github.com/KyleBanks/depth/cmd/depth

Usage

depth can be used as a standalone command-line application, or as a package within your own project.

Command-Line

Simply execute depth with one or more package names to visualize. You can use the fully qualified import path of the package, like so:

$ depth github.com/KyleBanks/depth/cmd/depth
github.com/KyleBanks/depth/cmd/depth
  ├ encoding/json
  ├ flag
  ├ fmt
  ├ io
  ├ log
  ├ os
  ├ strings
  └ github.com/KyleBanks/depth
    ├ fmt
    ├ go/build
    ├ path
    ├ sort
    └ strings
12 dependencies (11 internal, 1 external, 0 testing).

Or you can use a relative path, for example:

$ depth .
$ depth ./cmd/depth
$ depth ../

You can also use depth on the Go standard library:

$ depth strings
strings
  ├ errors
  ├ io
  ├ unicode
  └ unicode/utf8
5 dependencies (5 internal, 0 external, 0 testing).

Visualizing multiple packages at a time is supported by simply naming the packages you'd like to visualize:

$ depth strings github.com/KyleBanks/depth 
strings
  ├ errors
  ├ io
  ├ unicode
  └ unicode/utf8
5 dependencies (5 internal, 0 external, 0 testing).
github.com/KyleBanks/depth
  ├ fmt
  ├ go/build
  ├ path
  ├ sort
  └ strings
7 dependencies (7 internal, 0 external, 0 testing).
-internal

By default, depth only resolves the top level of dependencies for standard library packages, however you can use the -internal flag to visualize all internal dependencies:

$ depth -internal strings
strings
  ├ errors
  ├ io
    ├ errors
    └ sync
      ├ internal/race
        └ unsafe
      ├ runtime
        ├ runtime/internal/atomic
          └ unsafe
        ├ runtime/internal/sys
        └ unsafe
      ├ sync/atomic
        └ unsafe
      └ unsafe
  ├ unicode
  └ unicode/utf8
12 dependencies (12 internal, 0 external, 0 testing).
-max

The -max flag limits the dependency tree to the maximum depth provided. For example, if you supply -max 1 on the depth package, your output would look like so:

$ depth -max 1 github.com/KyleBanks/depth/cmd/depth
github.com/KyleBanks/depth/cmd/depth
  ├ encoding/json
  ├ flag
  ├ fmt
  ├ io
  ├ log
  ├ os
  ├ strings
  └ github.com/KyleBanks/depth
7 dependencies (6 internal, 1 external, 0 testing).

The -max flag is particularly useful in conjunction with the -internal flag which can lead to very deep dependency trees.

-test

By default, depth ignores dependencies that are only required for testing. However, you can view test dependencies using the -test flag:

$ depth -test strings
strings
  ├ bytes
  ├ errors
  ├ fmt
  ├ io
  ├ io/ioutil
  ├ math/rand
  ├ reflect
  ├ sync
  ├ testing
  ├ unicode
  ├ unicode/utf8
  └ unsafe
13 dependencies (13 internal, 0 external, 8 testing).
-explain target-package

The -explain flag instructs depth to print import chains in which the target-package is found:

$ depth -explain strings github.com/KyleBanks/depth/cmd/depth
github.com/KyleBanks/depth/cmd/depth -> strings
github.com/KyleBanks/depth/cmd/depth -> github.com/KyleBanks/depth -> strings
-json

The -json flag instructs depth to output dependencies in JSON format:

$ depth -json github.com/KyleBanks/depth/cmd/depth
{
  "name": "github.com/KyleBanks/depth/cmd/depth",
  "deps": [
    {
      "name": "encoding/json",
      "internal": true,
      "deps": null
    },
    ...
    {
      "name": "github.com/KyleBanks/depth",
      "internal": false,
      "deps": [
        {
          "name": "go/build",
          "internal": true,
          "deps": null
        },
        ...
      ]
    }
  ]
}

Integrating With Your Project

The depth package can easily be used to retrieve the dependency tree for a particular package in your own project. For example, here's how you would retrieve the dependency tree for the strings package:

import "github.com/KyleBanks/depth"

var t depth.Tree
err := t.Resolve("strings")
if err != nil {
    log.Fatal(err)
}

// Output: "'strings' has 4 dependencies."
log.Printf("'%v' has %v dependencies.", t.Root.Name, len(t.Root.Deps)) 

For additional customization, simply set the appropriate flags on the Tree before resolving:

import "github.com/KyleBanks/depth"

t := depth.Tree {
  ResolveInternal: true,
  ResolveTest: true,
  MaxDepth: 10,
}


err := t.Resolve("strings")

Author

depth was developed by Kyle Banks.

License

depth is available under the MIT license.

FAQs

Package last updated on 14 Feb 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc