The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Dependency Open-Source Projects
-
> Yes, it is awesome until you have to sysadmin it, apply updates, patch it, fix security holes, etc. I am not saying all self-hosted solutions are like that. There are exceptions. However, the majority of open-source self-hosted solutions require a lot of extra work.
I'm currently self-hosting 10 different applications on my local server, which represents everything I've ever seen that looked fun or useful to me. Every one of them had a Docker image with an example compose file, which means updating them just requires periodically running Renovate [0] on the repo that stores all my compose files and then running a script that docker compose pulls the updates. It takes maybe 10 minutes every other week, and is actually kinda fun.
It helps that all the apps are only accessible from within my VPN, so I'm not too worried about fixing security updates within a tiny time window.
-
Project mention: Finding Stars and Affirmations in the Sky with Three.js for Ayra Starr | dev.to | 2024-04-01
In order to allow users to use their device as a controller to adjust the position of the camera and find stars, I use the depreciated DeviceOrientationControls by patching it back into Three. In order for DeviceOrientationControls to function, we need access the user to grant access to their device's orientation. I attempt to gain access to this, alongside their camera, during a previous step of the UX using a custom composable I wrote for this purpose. You can see that permission step in the mockup video above. Once this permission is granted, we can initialize our DeviceOrienationControls with a single line.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
Project mention: Madge: Create graphs from your CommonJS, AMD or ES6 module dependencies | news.ycombinator.com | 2024-02-15
-
-
dependency-cruiser
Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.
With dependency-cruiser, you can enforce which imports are allowed. This enables you to create an architecture fitness function that ensures your code continues to adhere to the initial design. You can also visualize your dependencies to gain a clearer understanding of your code's actual structure, allowing you to compare it with your mental model and make improvements where necessary.
-
-
Project mention: Why I recommend Renovate over any other dependency update tools | news.ycombinator.com | 2024-04-12
Oh yes, https://github.com/dependabot/dependabot-core/issues/3253. I wouldn't go so far as saying it was locked because it was too uncivil, mostly just because "additional commentary wasn't adding value" ;)
Your read on the situation is spot on, and no, it doesn't look like it's been "fixed" (mostly because "fixing it would re-introduce the same potential vulnerability).
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
CPM.cmake
📦 CMake's missing package manager. A small CMake script for setup-free, cross-platform, reproducible dependency management.
I like to pin GitHub dependencies using a commit hash, instead of a tag. You need a recent CPM.cmake file in your project for CPM to work.
-
-
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
Project mention: ScanCode: Scan license and packages, dependencies and origin information | news.ycombinator.com | 2023-08-11 -
Not to be confused with Rebar3 [0] which is a de-facto package manager and build tool for Erlang.
-
-
Project mention: ThinMachine – A $25 Thin Client macOS Time Machine Appliance | news.ycombinator.com | 2023-06-25
I have found that Asimov alleviates this issue.
https://github.com/stevegrunwell/asimov
I wrote a tiny blurb about it here:
https://nabeards.com/time-machine-backups-ignoring-npm-modul...
-
There's a video on the homepage at https://jamiemason.github.io/syncpack and a getting started guide at https://jamiemason.github.io/syncpack/guide/getting-started/.
-
dep-tree
tool for helping developers keep their code bases clean and decoupled. It allows visualising a "code base entropy" using a 3d force-directed graph of files and the dependencies between.
Project mention: Show HN: Visualize the Entropy of a Codebase with a 3D Force-Directed Graph | news.ycombinator.com | 2024-01-31The portion of the code in charge of rendering lives inside the `internal/entropy` (https://github.com/gabotechs/dep-tree/tree/main/internal/ent...).
Force-directed is an algorithm for displaying graphs in a 2d or 3d space, which simulates attraction/repulsion based on the dependencies between the nodes, the wikipedia page explains it really well https://en.wikipedia.org/wiki/Force-directed_graph_drawing
> Love it, I think dependency trees are super underused data for static analysis.
Definitely, specially for evaluating "the big picture" of a codebase
-
-
-
tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)
-
Conan is a package manager for C/C++. See: https://conan.io/.
The way it works is that you can provide "recipes", which are Python scripts, that automate the process of collecting source code (usually from a remote Git repository, or a remote source tarball), patching it, making its dependencies and transitive dependencies available, building for specific platform and architecture (via any number of build systems), then packaging up and serving binaries. There's a lot of complexity involved.
Here are the two recipes I mentioned:
libcurl: https://github.com/conan-io/conan-center-index/blob/master/r...
OpenSSL v3: https://github.com/conan-io/conan-center-index/blob/master/r...
Now, for the sake of this thread I want to highlight three things here:
- Conan recipes are usually made by people unaffiliated with the libraries they're packaging;
- The recipes are fully Turing-complete, do a lot of work, have their own bugs - therefore they should really be treated as software comonents themselves, for the purpose of OSS clearing/supply chain verification, except as far as I know, nobody does it;
- The recipes can, and do, patch source code and build scripts. There's supporting infrastruture for this built into Conan, and of course one can also do it by brute-force search and replace. See e.g. ZLib recipe that does it both at the same time:
https://github.com/conan-io/conan-center-index/blob/7b0ac710... -- `_patch_sources` does both direct search-and-replace in source files, and applies the patches from https://github.com/conan-io/conan-center-index/tree/master/r....
Now, good luck keeping track of what's going on there.
-
-
deptry – Find unused, missing and transitive dependencies in a Python project
-
-
import-linter
Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.
Project mention: Kraken Technologies: How we organise our large Python monolith | news.ycombinator.com | 2023-07-18Never heard of https://import-linter.readthedocs.io/ before. Not sure if I like this type of solution, but it's interesting, and certainly the problem is real.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2024-04-13.
Dependencies related posts
- Show HN: MyFirst Rust Project: Finding unused Python packages
- Why I recommend Renovate over any other dependency update tools
- Show HN: Deptry 0.14.0 – detect unused Python dependencies up to 10 times faster
- Show HN: Visualize the Entropy of a Codebase with a 3D Force-Directed Graph
- Show HN: I Made a Tool for Visualizing the Entropy of a Code Base in the Browser
- Show HN: I Made a Tool for Visualizing the Entropy of a Code Base
- About Software Complexity...
-
A note from our sponsor - WorkOS
workos.com | 15 Apr 2024
Index
What are some of the best open-source Dependency projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | renovate | 15,658 |
| 2 | patch-package | 9,910 |
| 3 | madge | 8,362 |
| 4 | yalc | 5,351 |
| 5 | dependency-cruiser | 4,945 |
| 6 | athens | 4,328 |
| 7 | dependabot-core | 3,839 |
| 8 | CPM.cmake | 2,548 |
| 9 | taze | 2,213 |
| 10 | scancode-toolkit | 1,961 |
| 11 | Rebar3 | 1,655 |
| 12 | ort | 1,463 |
| 13 | asimov | 1,442 |
| 14 | syncpack | 1,249 |
| 15 | dep-tree | 1,223 |
| 16 | scala-steward | 1,121 |
| 17 | licensed | 966 |
| 18 | tern | 931 |
| 19 | conan-center-index | 887 |
| 20 | shrinkpack | 793 |
| 21 | deptry | 756 |
| 22 | MANUL | 664 |
| 23 | import-linter | 616 |
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com