Skip to content
@git-pkgs

git-pkgs

Dependency tools for git
README.md

git-pkgs tracks package dependencies across your repository's git history. It answers questions like "who added this dependency?", "when was it introduced?", and "how long were we exposed to this vulnerability?" Works with 35+ package managers.

Install it with:

brew tap git-pkgs/git-pkgs
brew install git-pkgs

Or download a binary from the releases page.

Or build from source:

go install github.com/git-pkgs/git-pkgs@latest

Tools

  • brief - Detect a project's toolchain, configuration, and conventions
  • capcheck - Fail CI when Go code or dependencies gain new privileged operations
  • outline - Reduce a source tree to a structural skeleton for LLM context
  • pin - Vendor browser assets without npm
  • proxy - Lightweight caching proxy for package registries

Libraries

  • archives - Reading and browsing archive files in memory
  • attestation - Parsing SLSA provenance v1 attestation bundles
  • changelog - Parsing changelog files into structured entries
  • cooldown - Filtering package versions by minimum age across ecosystems
  • enrichment - Fetching package metadata from multiple sources
  • forge - Fetching repository metadata from git forges
  • gitignore - Matching paths against gitignore rules
  • managers - Wrapping package manager CLIs behind a common interface
  • manifests - Parsing package manager manifest and lockfiles
  • markup - Rendering markup files to HTML
  • platforms - Translating platform identifiers across package ecosystems
  • pom - Resolving effective POMs for Maven artifacts
  • purl - Package URL construction, parsing, and registry URL mapping
  • registries - Fetching package metadata from registry APIs
  • resolve - Parsing package manager resolve output into dependency trees
  • reuse - Extracting SPDX license and copyright data from REUSE-compliant projects
  • sbom - Reading and writing Software Bill of Materials documents
  • sigstore - Verifying attestation bundles against the Sigstore TUF trust root
  • spdx - SPDX license expression parsing, normalization, and validation
  • vers - Version range parsing and comparison per the VERS spec
  • vulns - Fetching vulnerability data from multiple sources

Integrations

  • actions - Reusable GitHub Actions for git-pkgs dependency analysis
  • skills - Claude Code skills plugin for git-pkgs and brief

Pinned Loading

  1. git-pkgs git-pkgs Public

    About A git subcommand for analyzing package/dependency usage in git repositories over time

    Go 161 9

  2. forge forge Public

    Go library and CLI for working with git forges. Supports GitHub, GitLab, Gitea/Forgejo, and Bitbucket Cloud through a single interface.

    Go 192 10

  3. proxy proxy Public

    A lightweight caching proxy for package registries.

    Go 142 15

  4. brief brief Public

    A single-binary CLI tool that detects a software project's toolchain, configuration, and conventions, then outputs a structured report.

    Go 50 4

  5. manifests manifests Public

    A Go library for parsing package manager manifest and lockfiles.

    Go 5 3

  6. managers managers Public

    A Go library that wraps package manager CLIs behind a common interface.

    Go 5 2

Repositories

Showing 10 of 40 repositories
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…