pub audit feature - Githubissues

dart-lang / pub

The pub command line tool

https://dart.dev/tools/pub/cmd

BSD 3-Clause "New" or "Revised" License

1.04k stars 224 forks source link

pub audit feature #2961

Open mit-mit opened 3 years ago

mit-mit commented 3 years ago

This tracks a potential new pub audit feature. This would analyse all direct dependencies, and all of their transitive dependencies, and provide key information about all of them in a tabular format. Candidate information includes:

Version
Publication date
License
Status (discontinued, broken, etc.)
Known security issues (assuming pub.dev gets support for reporting vulnerabilities)

olof-dev commented 4 months ago

This would be fantastic. An example of such a tool for the Python package manager pip is pip-audit (though I guess there must be lots out there for different managers).