check_submodules
Advanced tools
Build a tree of all submodules in a github repository and prints it, with small warning signs if a submodule is referenced twice with different references.
Small command line utility to verify submodule references in a git repository.
WARNING: This script was designed specifically for https://github.com/azure/azure-iot-sdk-c and its submodules. While it should in theory work against other repos, you should carefully test as the script itself doesn't receive generic testing.
Some repositories (such as https://github.com/azure/azure-iot-sdk-c) reference the same submodule at multiple places in their source tree. Sometimes it's even more complicated, for example:
a (main repository)
-> submodule b
-> submodule c
-> submodule b (ie. submodule c also references b as a submodule)
In those cases it might be useful to verify that when a submodule is reused in multiple places in the source tree, all the references to that submodule point to the same commit hash.
This utility performs that check.
Even if the submodules are consistent, it is possible for a submodule to be on a branch and later that branch could get deleted. This leaves the master (or main) in an inconsistent state.
To avoid this hazard, this utility also verifies that submodules being checked in are 0 commits ahead of their own masters when merging into a branch into master.
FAQs
Build a tree of all submodules in a github repository and prints it, with small warning signs if a submodule is referenced twice with different references.
The npm package check_submodules receives a total of 1 weekly downloads. As such, check_submodules popularity was classified as not popular.
We found that check_submodules demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
Security News
Rustâs crates.io team is advancing an RFC to add a Security tab that surfaces RustSec vulnerability and unsoundness advisories directly on crate pages.
Security News
/Research
Socket found a Rust typosquat (finch-rust) that loads sha-rust to steal credentials, using impersonation and an unpinned dependency to auto-deliver updates.