pub audit feature

Open mit-mit opened this issue 5 years ago • 1 comments

This tracks a potential new pub audit feature. This would analyse all direct dependencies, and all of their transitive dependencies, and provide key information about all of them in a tabular format. Candidate information includes:

Version
Publication date
License
Status (discontinued, broken, etc.)
Known security issues (assuming pub.dev gets support for reporting vulnerabilities)

Apr 14 '21 12:04 mit-mit

This would be fantastic. An example of such a tool for the Python package manager pip is pip-audit (though I guess there must be lots out there for different managers).

May 18 '24 15:05 olof-dev