Elm packages audit tool


#1

Do you know any tool to audit third-party package?
Some think like npm audit(or Soatype in Java world).

Tool which check third-party dependencies (Elm packagse) and say if they are out-of-date or have known issues.


#2

I believe it would be possible to have a tool that checks third-party dependencies for out-of-date versions, but I don’t know what would known issues mean in Elm ecosystem.

ie. what would be the Elm equivalent of https://www.npmjs.com/advisories ? Is it even possible to have security vulnerabilities in published Elm packages? Or do you mean bugs etc. by known issues?


#3

Yes typical know issues in nodejs packages are not possible in Elm world but still there can be some issues in implementation which leads to recommendation to not use it (like Arrays in Elm 0.18).

Thanks for elm-outdated. I missed that.


#4

I like the idea but less for the package content itself and more for checking compatible licenses (whatever that means, is probably context dependent and is not legally binding…) and such :slight_smile:


#5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.