prescriptions
repometascore
prescriptions | repometascore | |
---|---|---|
1 | 1 | |
17 | 33 | |
- | - | |
4.3 | 0.0 | |
11 months ago | almost 2 years ago | |
Python | Python | |
GNU Affero General Public License v3.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
prescriptions
-
Insights for any repository on Github
When I checked it, prescriptions was the most active... apparently, they have a bot pushing commits to update some kind of manifest file for each dependency, one by one (and there's a lot of them), every few days. That seems to be how they got to 22,000+ commits!!!!
repometascore
-
RepoMetaScore: evaluate supply chain risks of open-source projects
Repometascore uses public information disclosed by contributors themselves. RepoMetaScore collects such info through the APIs and calculates results as a risk rating. It can be the first tool in a series of security checkup developers go through when deciding whether to add a certain project or not.
What are some alternatives?
special-broccoli
cppdep - C/C++ Dependency Analyzer: a rewrite of John Lakos' dep_utils (adep/cdep/ldep) from "Large-Scale C++ Software Design"
dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
ochrona-cli - A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Android-multimodule-dependency-graph - Creates a dependency graph for an Android multimodule project.
emerge - Emerge is a browser-based interactive codebase and dependency visualization tool for many different programming languages. It supports some basic code quality and graph metrics and provides a simple and intuitive way to explore and analyze a codebase by using graph structures.