confused

Tool to check for dependency confusion vulnerabilities in multiple package management systems

MIT License

Downloads

103

Stars

650

View Code on GitHub

Ecosystems: JavaScript, npm, PHP, Java, Maven, Python

Bot releases are hidden (Show)

confused - v0.5 Latest Release

Published by joohoi almost 2 years ago

Changelog

96fb2e4 Update README.md and golangci-lint workflow (#41)
360169a Add support for RubyGems (#40)

confused - v0.4

Published by joohoi over 3 years ago

Changelog

0bffa50 Prepare for release v0.4 (#25)
47a0f45 npm: handle git urls correctly (#24)
cdd385a Added mvn repository support (#22)
e56947e Update pip.go (#21)
ca69ed9 Add checks for local, http & https and GitHub repository links for NPM (#19)
99de16d Check unpublish information of a "found" npm package (#18)

confused - v0.3

Published by joohoi over 3 years ago

Changelog

39a7485 Prepare v0.3 release (#13)
5f45f09 Add a command line parameter to flag namespaces as known-safe (#12)
94de6a7 Fix npm module parsing issues caused by broken spec (#11)
6954d49 Clarify the purpose and usage of the tool (#9)
f0b15f4 Pip line continuation (#8)
4f97bcc Add automated linter checks (#7)
238d1d7 Create codeql-analysis.yml
2f01505 Add PHP (composer) support (#4)

confused - v0.2

Published by joohoi over 3 years ago

Changelog

d0cafe9 Changed npm registry URL, added throttling and additional package.json deps (dev, optional, bundled)
03ea60f Fix readme

confused - v0.1

Published by joohoi over 3 years ago

Changelog

3b04928 Initial release
a42b20a Initialize

Package Rankings

Top 31.57% on Npmjs.org

Top 4.96% on Proxy.golang.org

Related Projects

audit-ci

Audit NPM, Yarn, PNPM, and Bun dependencies in continuous integration environments, preventing in...

13 Nov 2018 264

npm2rpm

Convert npm packages to RPM packages

np

A better `npm publish`

16 Aug 2015 7,461

meta-package-manager

🎁 wraps all package managers with a unifying CLI

17 Aug 2016 438

updates

Flexible npm and poetry dependency update tool

modern-guide-to-packaging-js-library

A guide to help ensure your JavaScript library is the most compatible, fast, and efficient librar...

24 Aug 2022 1,437

package.json

package.json 非官方中文版

lockfile

Read and write lockfiles with reasonable losses

cli

the package manager for JavaScript

05 Jul 2018 8,072

nodep

A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.

package-json-scripts

A NodeJS package to test how package.json scripts are being scheduled by different package managers.

check-dependency-version-consistency

CLI tool which checks that dependencies are on consistent versions across a monorepo / npm/pnpm/Y...

package.json

文件 package.json 的说明文档。

bskt

A CLI tool to check and update your package.json dependencies to their latest versions.