golang/depArchived

Features

• Deterministic Dependency Locking - Uses lockfiles to record a transitively complete snapshot of the dependency graph to ensure identical builds across environments.
• Dependency Lock Files - Records a complete transitive dependency graph in a lock file to ensure identical builds across environments.
• Dependency Constraints - Provides mechanisms for defining version compatibility rules and requirements to filter and lock dependencies.
• Constraint Resolvers - Calculates a compatible set of project versions by intersecting semantic version ranges and revisions across the dependency graph.
• Dependency Vendors - Archives external dependency source code locally to support offline builds and source auditing.
• Source Vendoring - Implements source vendoring by fetching and storing third-party source code locally for offline builds.
• Dependency Tracking - Tracks specific versions of external packages in configuration files to maintain environment consistency.
• Dependency Source Mirroring - Mirrors external source code into a local vendor directory to enable offline builds and source auditing.
• Version Constraints - Implements logic to resolve compatible package versions by intersecting semantic version ranges and git revisions.
• Go Version Resolution - Defines semantic version ranges and overrides to resolve conflicts between direct and transitive Go dependencies.
• Go Module Organization - Manages Go code modules, dependencies, and versioning to ensure reproducible builds across environments.
• Resolvable Version Verifiers - Finds the newest compatible version of a dependency that satisfies all intersecting semantic version ranges.
• Go Dependency Managers - Provides comprehensive tracking and locking of external Go package versions for reproducible builds.
• Import Path Mapping - Maps import paths to physical repository URLs using static host rules and HTTP requests.
• Import Path Resolution - Determines the correct source root for an import path using a combination of static patterns and dynamic network requests.
• Repository Root Identification - Identifies the base repository URL from an import path using static host rules or dynamic HTTP requests.
• Dependency and Configuration Synchronization - Aligns import statements, configuration files, and the vendor directory to ensure all required dependencies are consistent.
• Dependency Discovery - Scans source code imports to automatically infer required external packages and their initial versions.
• Repository Cache Managers - Maintains a local cache of pristine remote repository clones to avoid redundant network requests.
• Upstream Source Caching - Maintains a pristine set of remote repository clones in a dedicated local directory to avoid polluting the global workspace.
• Package Content Validation - Ensures imported packages contain valid files and pass basic parsing to prevent build failures.
• Dependency Version Updates - Provides utilities for refreshing pinned package versions to the latest compatible releases based on defined constraints.
• Version Overrides - Allows superseding all other constraints for direct and transitive dependencies to resolve version conflicts.
• Integrity Verifications - Verifies the integrity of the local vendor directory using cryptographic hashes to detect unauthorized modifications.
• Vendor Integrity Verification - Hashes the contents of the local vendor directory and compares them against a lockfile to ensure code remains unchanged.
• Dependency Inference - Analyzes existing source code to automatically infer required libraries and generate an initial dependency lock file.
• Package Management - Dependency management tool for Go.

Star history