go-licenses
gitgen
go-licenses | gitgen | |
---|---|---|
1 | 2 | |
767 | 4 | |
1.2% | - | |
3.4 | 0.0 | |
10 days ago | almost 3 years ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
go-licenses
-
Shouldn't have happened: A vulnerability postmortem
> I don't think the exact URL is the problem, it is the fact that it is so easy to include dependencies from external repository that is the problem. In Rust every non-trivial library pulls in 10s or even 100s of dependencies.
But it's also quite a lot easier to audit those dependencies, even automatically (incidentally, GitHub provides dependency scanning for free for many languages).
> Then there is the issue of licencing - how to verify that I am not using some library in violation of its licence and what happens if the licence changes down the road and I don't notice it because I am implicitly using 500 dependencies due to my 3 main libraries?
This is also an automated task. For example, https://github.com/google/go-licenses
> go-licenses analyzes the dependency tree of a Go package/binary. It can output a report on the libraries used and under what license they can be used. It can also collect all of the license documents, copyright notices and source code into a directory in order to comply with license terms on redistribution.
> Rust and Go have solved memory safety compared to C and C++ but have introduced dependency hell of yet unknown proportions.
I mean, it's been a decade and things seem to be going pretty well. Also, I don't think anyone who has actually used these languages seriously has ever characterized their dependency management as "dependency hell"; however, lots of people talk about the "dependency hell" of managing C and C++ dependencies.
> Python and other dynamically typed languages are in a league of their own in that on top of the dependency hell they also do not provide compiler checks that would allow user to see the problem before the exact conditions occur at runtime.
I won't argue with you there.
gitgen
What are some alternatives?
automaxprocs - Automatically set GOMAXPROCS to match Linux container CPU quota.
jwt-key-server - JWT based remote licensing server.
addlicense - A program which ensures source code files have copyright license headers by scanning directory patterns recursively
Gogs - Gogs is a painless self-hosted Git service
JDK - JDK main-line development https://openjdk.org/projects/jdk
lazygit - simple terminal UI for git commands
cli - GitHub’s official command line tool
f-license - Open Source License Key Generation and Verification Tool written in Go