Dependency Submission Toolkit

A TypeScript library for creating dependency snapshots and submitting them to the dependency submission API. Snapshots are a set of dependencies grouped by manifest with some related metadata. After submission to the API, the included dependencies appear in the repository's dependency graph.

Usage

Some useful commands to navigate using the library:

npm run build to generate the JavaScript files
npm run package to compile the code into a single file
npm run all will do the above and additional commands (e.g. lint the code, test)
npm publish will create the JavaScript files before publishing the code

Writing Your Own Snapshot Action

To use the library to create and submit a snapshot for your packaging ecosystem, you'll need to:

Write a ProcessDependenciesContent function that:
- Uses the provided readDependencies to get the text data from a specified manifest path or with a specified manifest command (e.g. in Go you may use go mod graph)
- Take that text data and translate it into a ParsedDependencies map of the dependency package URL to the Entry object with the package name, version, package_url and any dependencies specified. The package_url specification has details on formatting (e.g. for npm, if the dependency is tunnel and version 0.0.1 the package_url is pkg:npm/tunnel@0.0.1)
Use the run function and provide the following below to create and submit a snapshot:
- Your implemented ProcessDependenciesContent
- The manifestInfo - either a manifest path (e.g. src/package.json) in the repository or a command line command to obtain the data (e.g. in Go you may use go mod graph)
- options data: Detector data that includes the detector name, url, and version; Metadata data of max eight pieces of information of type null, boolean, string, number. You can find these definitions in the snapshot.ts file.

There is a provided src/example.ts file which demonstrates how to use the library, as it is detailed above.

Testing

This library uses the jest testing framework with tests located in the /test directory. To run the tests, you can use npm test to execute the test script. Otherwise you can use jest directly.

Installation

The dependency-submission-toolkit library is hosted on GitHub's npm registry. Follow the documentation to install the package in your project.

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github/workflows		.github/workflows
src		src
test		test
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
.npmignore		.npmignore
.npmrc		.npmrc
.prettierrc		.prettierrc
CODEOWNERS		CODEOWNERS
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
LICENSE		LICENSE
README.md		README.md
jest.config.d.ts		jest.config.d.ts
jest.config.js		jest.config.js
jsconfig.json		jsconfig.json
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Dependency Submission Toolkit

Usage

Writing Your Own Snapshot Action

Testing

Installation

About

Uh oh!

Releases 16

Packages

Uh oh!

Uh oh!

Contributors 26

Uh oh!

Languages

License

github/dependency-submission-toolkit

Folders and files

Latest commit

History

Repository files navigation

Dependency Submission Toolkit

Usage

Writing Your Own Snapshot Action

Testing

Installation

About

Resources

License

Code of conduct

Security policy

Uh oh!

Stars

Watchers

Forks

Releases 16

Packages 0

Uh oh!

Uh oh!

Contributors 26

Uh oh!

Languages

Packages