Google put into operation new service Open Source Insights (DEPS.DEV), visualizing a complete graph of direct and indirect dependencies for packages distributed through the repositories Npm , go , Maven and cargo (in the near future support will additionally appear nuget And pypi ). The main purpose of the service is to analyze vulnerabilities in modules and libraries present in the dependency chain, which may be useful for identifying vulnerabilities depending on the high level of nesting (dependence dependencies).
From possible areas of application is also called the study of the licensed cleanliness of the project (statistics are shown about which licenses are used in dependencies), tracking the release of new versions and events associated with dependencies (for example, identifying vulnerabilities) and evaluation of dependent projects (you can see the report What projects use the specified library directly or through other dependencies). The data sources use package repositories and data from GitHub, including Issues.
