Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Folks may also be interested in checking out https://stackaid.us (previous discussion https://news.ycombinator.com/item?id=32837829) as a different platform doing similar work


Tidelift also has a similar program: https://tidelift.com/about/lifter

But dependency tracking is hard and all of these platforms only scratch the surface. For example, I've never seen a solution that detects C libraries used from other languages, let alone the dependencies of these libraries. Then there are build-time dependencies which are hard to detect. Here's an example of a complex dependency chain:

    redmine -> ruby-commonmarker -> libcmark -> re2c
Wake me up if someone offers a solution that detects chains like that.


Seems to like this fan the flames of is-even[1] type spam dependencies even more .

[1] https://www.npmjs.com/package/is-even?activeTab=code




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: