Skip to content

aboutcode-org/dependency-inspector

Repository files navigation

DepLock

license version build

DepLock (Dependency Locker) is a command line tool to generate package lockfiles, and parsable package manifests to make it possible and easy to collect resolved dependencies and accurate metadata for a project. It uses the standard package management tool for each package type or ecosystem.

This tool is designed for use before a scan and is deployed as a single, standalone executable file. It should be running in a shell or command prompt configured to run the project build, with all required package management tools pre-installed and configured.

The main usage is to run as a front command before a ScanCode.io or ScanCode Toolkit scan but it is generic and can be used with any other tool.

See this tutorial on how to Analyze Codebase End-to-End with DepLock, ScanCode.io and DejaCode https://scancodeio.readthedocs.io/en/latest/tutorial_cli_end_to_end_scanning_to_dejacode.html.

Supported Ecosystems

Installation

To install DepLock, follow these steps:

# Download the latest binary depending on your OS and architecture
# Replace <OS> with your operating system (linux, darwin, windows)
# Replace <ARCH> with your architecture (amd64, arm64)
curl -LO https://github.com/aboutcode-org/dependency-inspector/releases/latest/download/deplock-<OS>-<ARCH>

# Make the binary executable
chmod +x deplock-<OS>-<ARCH>

# [Optional] Rename and move the binary to your PATH
mv deplock-<OS>-<ARCH> /usr/local/bin/deplock

Alternatively you can build it from source as exaplained below.

Requirements

To use DepLock, you need to ensure that you have installed and configured the package manager(s) your project needs.

For instance, npm must be installed to generate npm lockfiles.

Usage

Here is how to get started and use the various commands:

# Display the general help for DepLock
deplock --help

# Display help for a specific command
deplock [command] --help

Example

Generating lockfile for an npm project:

# Generate lockfile in the current directory
deplock npm

# Generate lockfile in specified directory
deplock npm /path/to/project

# Forcefully generate lockfile, ignoring existing lockfiles
deplock npm /path/to/project --force

Contribution

We welcome contributions from the community! If you find a bug or have an idea for a new feature, please open an issue on the GitHub repository. If you want to contribute code, you can fork the repository, make your changes, and submit a pull request.

Development setup

Run these commands, starting from a git clone of https://github.com/aboutcode-org/dependency-inspector.git

make dev
  • Compile and run:

    $ go run main.go
  • Create binary:

    $ make build
  • Run tests:

    $ make test

License

SPDX-License-Identifier: Apache-2.0

DepLock is licensed under Apache License version 2.0.

You may not use this software except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

A general purpose, mostly universal software package dependency resolver.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •