| Name | depgate JSON |
| Version |
0.1.2
JSON |
| download |
| home_page | None |
| Summary | DepGate detects and prevents dependency confusion and supply-chain risks. (Hard fork of Apiiro's Dependency Combobulator) |
| upload_time | 2025-09-04 13:52:11 |
| maintainer | None |
| docs_url | None |
| author | cognitivegears |
| requires_python | >=3.8 |
| license | Apache-2.0 |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# DepGate — Dependency Supply‑Chain Risk & Confusion Checker
DepGate is a modular CLI that detects dependency confusion and related supply‑chain risks across npm, Maven, and PyPI projects. It analyzes dependencies from manifests, checks public registries, and flags potential risks with a simple, scriptable interface.
DepGate is a fork of Apiiro’s “Dependency Combobulator”, maintained going forward by cognitivegears. See Credits & Attribution below.
## Features
- Pluggable analysis: compare vs. heuristics levels (`compare/comp`, `heuristics/heur`).
- Multiple ecosystems: npm (`package.json`), Maven (`pom.xml`), PyPI (`requirements.txt`).
- Flexible inputs: single package, manifest scan, or list from file.
- Structured outputs: human‑readable logs plus CSV/JSON exports for CI.
- Designed for automation: predictable exit codes and quiet/log options.
## Requirements
- Python 3.8+
- Network access for registry lookups when running analysis
## Install
Using uv (development):
- `uv venv && source .venv/bin/activate`
- `uv sync`
From PyPI (after publishing):
- pip: `pip install depgate`
- pipx: `pipx install depgate`
- uvx: `uvx depgate --help`
## Quick Start
- Single package (npm): `depgate -t npm -p left-pad`
- Scan a repo (Maven): `depgate -t maven -d ./tests`
- Heuristics + JSON: `depgate -t pypi -a heur -j out.json`
With uv during development:
- `uv run depgate -t npm -d ./tests`
- `uv run depgate -t pypi -a heur -j out.json`
## Inputs and Scanning
- `-p, --package <name>`: single package name
- npm: package name (e.g., `left-pad`)
- PyPI: project name (e.g., `requests`)
- Maven: not used (see below)
- `-d, --directory <path>`: scan local source
- npm: finds `package.json` (and `devDependencies`)
- Maven: finds `pom.xml`, emits `groupId:artifactId`
- PyPI: finds `requirements.txt`
- `-l, --load_list <file>`: newline‑delimited identifiers
- npm/PyPI: package names per line
- Maven: `groupId:artifactId` per line
## Analysis Levels
- `compare` or `comp`: presence/metadata checks against public registries
- `heuristics` or `heur`: adds scoring, version count, age signals
## Output
- Default: logs to stdout (respecting `--loglevel` and `--quiet`)
- CSV: `-c, --csv <path>`
- Columns: `Package Name, Package Type, Exists on External, Org/Group ID, Score, Version Count, Timestamp, Risk: Missing, Risk: Low Score, Risk: Min Versions, Risk: Too New, Risk: Any Risks`
- JSON: `-j, --json <path)`
- Array of objects with keys: `packageName, orgId, packageType, exists, score, versionCount, createdTimestamp, risk.{hasRisk,isMissing,hasLowScore,minVersions,isNew}`
## CLI Options (summary)
- `-t, --type {npm,pypi,maven}`: package manager
- `-p/‑d/‑l`: input source (mutually exclusive)
- `-a, --analysis {compare,comp,heuristics,heur}`: analysis level
- `-c/‑j`: CSV/JSON export paths
- Logging: `--loglevel {DEBUG,INFO,WARNING,ERROR,CRITICAL}`, `--logfile <path>`, `-q, --quiet`
- Scanning: `-r, --recursive` (for `--directory` scans)
- CI: `--error-on-warnings` (non‑zero exit if risks detected)
## Exit Codes
- `0`: success (no risks or informational only)
- `1`: file/IO error
- `2`: connection error
- `3`: risks found and `--error-on-warnings` set
## Contributing
- See `AGENTS.md` for repo layout, dev commands, and linting.
- Lint: `uv run pylint src`
## Credits & Attribution
- DepGate is a fork of “Dependency Combobulator” originally developed by Apiiro and its contributors: https://github.com/apiiro/combobulator - see `CONTRIBUTORS.md`.
- Licensed under the Apache License 2.0. See `LICENSE` and `NOTICE`.
Raw data
{
"_id": null,
"home_page": null,
"name": "depgate",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": null,
"author": "cognitivegears",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/b2/bb/294a6f67455b2baa01695292248eeb773ae4856ca189ada81688b22785f6/depgate-0.1.2.tar.gz",
"platform": null,
"description": "# DepGate \u2014 Dependency Supply\u2011Chain Risk & Confusion Checker\n\nDepGate is a modular CLI that detects dependency confusion and related supply\u2011chain risks across npm, Maven, and PyPI projects. It analyzes dependencies from manifests, checks public registries, and flags potential risks with a simple, scriptable interface.\n\nDepGate is a fork of Apiiro\u2019s \u201cDependency Combobulator\u201d, maintained going forward by cognitivegears. See Credits & Attribution below.\n\n## Features\n\n- Pluggable analysis: compare vs. heuristics levels (`compare/comp`, `heuristics/heur`).\n- Multiple ecosystems: npm (`package.json`), Maven (`pom.xml`), PyPI (`requirements.txt`).\n- Flexible inputs: single package, manifest scan, or list from file.\n- Structured outputs: human\u2011readable logs plus CSV/JSON exports for CI.\n- Designed for automation: predictable exit codes and quiet/log options.\n\n## Requirements\n\n- Python 3.8+\n- Network access for registry lookups when running analysis\n\n## Install\n\nUsing uv (development):\n\n- `uv venv && source .venv/bin/activate`\n- `uv sync`\n\nFrom PyPI (after publishing):\n\n- pip: `pip install depgate`\n- pipx: `pipx install depgate`\n- uvx: `uvx depgate --help`\n\n## Quick Start\n\n- Single package (npm): `depgate -t npm -p left-pad`\n- Scan a repo (Maven): `depgate -t maven -d ./tests`\n- Heuristics + JSON: `depgate -t pypi -a heur -j out.json`\n\nWith uv during development:\n\n- `uv run depgate -t npm -d ./tests`\n- `uv run depgate -t pypi -a heur -j out.json`\n\n## Inputs and Scanning\n\n- `-p, --package <name>`: single package name\n - npm: package name (e.g., `left-pad`)\n - PyPI: project name (e.g., `requests`)\n - Maven: not used (see below)\n- `-d, --directory <path>`: scan local source\n - npm: finds `package.json` (and `devDependencies`)\n - Maven: finds `pom.xml`, emits `groupId:artifactId`\n - PyPI: finds `requirements.txt`\n- `-l, --load_list <file>`: newline\u2011delimited identifiers\n - npm/PyPI: package names per line\n - Maven: `groupId:artifactId` per line\n\n## Analysis Levels\n\n- `compare` or `comp`: presence/metadata checks against public registries\n- `heuristics` or `heur`: adds scoring, version count, age signals\n\n## Output\n\n- Default: logs to stdout (respecting `--loglevel` and `--quiet`)\n- CSV: `-c, --csv <path>`\n - Columns: `Package Name, Package Type, Exists on External, Org/Group ID, Score, Version Count, Timestamp, Risk: Missing, Risk: Low Score, Risk: Min Versions, Risk: Too New, Risk: Any Risks`\n- JSON: `-j, --json <path)`\n - Array of objects with keys: `packageName, orgId, packageType, exists, score, versionCount, createdTimestamp, risk.{hasRisk,isMissing,hasLowScore,minVersions,isNew}`\n\n## CLI Options (summary)\n\n- `-t, --type {npm,pypi,maven}`: package manager\n- `-p/\u2011d/\u2011l`: input source (mutually exclusive)\n- `-a, --analysis {compare,comp,heuristics,heur}`: analysis level\n- `-c/\u2011j`: CSV/JSON export paths\n- Logging: `--loglevel {DEBUG,INFO,WARNING,ERROR,CRITICAL}`, `--logfile <path>`, `-q, --quiet`\n- Scanning: `-r, --recursive` (for `--directory` scans)\n- CI: `--error-on-warnings` (non\u2011zero exit if risks detected)\n\n## Exit Codes\n\n- `0`: success (no risks or informational only)\n- `1`: file/IO error\n- `2`: connection error\n- `3`: risks found and `--error-on-warnings` set\n\n## Contributing\n\n- See `AGENTS.md` for repo layout, dev commands, and linting.\n- Lint: `uv run pylint src`\n\n## Credits & Attribution\n\n- DepGate is a fork of \u201cDependency Combobulator\u201d originally developed by Apiiro and its contributors: https://github.com/apiiro/combobulator - see `CONTRIBUTORS.md`.\n- Licensed under the Apache License 2.0. See `LICENSE` and `NOTICE`.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "DepGate detects and prevents dependency confusion and supply-chain risks. (Hard fork of Apiiro's Dependency Combobulator)",
"version": "0.1.2",
"project_urls": {
"Bug Tracker": "https://github.com/cognitivegears/depgate/issues",
"Homepage": "https://github.com/cognitivegears/depgate",
"Upstream": "https://github.com/apiiro/combobulator"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "371a5a5f71c03eb6afc5b389f2f8c744bffb57ae0d12807367f5b8c5f575ff65",
"md5": "10ff152eb6d537c49fa8a47d90f51ec2",
"sha256": "4567588060f663d0fdaf16e6d8e8d7fe1073ade55060aec3b823f5dc7e0980ee"
},
"downloads": -1,
"filename": "depgate-0.1.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "10ff152eb6d537c49fa8a47d90f51ec2",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 21138,
"upload_time": "2025-09-04T13:52:09",
"upload_time_iso_8601": "2025-09-04T13:52:09.993827Z",
"url": "https://files.pythonhosted.org/packages/37/1a/5a5f71c03eb6afc5b389f2f8c744bffb57ae0d12807367f5b8c5f575ff65/depgate-0.1.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "b2bb294a6f67455b2baa01695292248eeb773ae4856ca189ada81688b22785f6",
"md5": "db165808c75866bdd7ee64e817ffbbba",
"sha256": "abdf92efedf02dea9ce0c4fd09eb894903e754f708012a76fa7e055de52dc11a"
},
"downloads": -1,
"filename": "depgate-0.1.2.tar.gz",
"has_sig": false,
"md5_digest": "db165808c75866bdd7ee64e817ffbbba",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 16891,
"upload_time": "2025-09-04T13:52:11",
"upload_time_iso_8601": "2025-09-04T13:52:11.444912Z",
"url": "https://files.pythonhosted.org/packages/b2/bb/294a6f67455b2baa01695292248eeb773ae4856ca189ada81688b22785f6/depgate-0.1.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-04 13:52:11",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cognitivegears",
"github_project": "depgate",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "depgate"
}
