Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security vulnerabilities they are currently sporting.
Open Source Insights
Open Source Insights is a Google Cloud Platform-hosted tool that’s accessible via a website into which users can enter the name of specific open source packages and get an overview of how they are put together.
It shows:
Information about the packade (description, ownership, links)
Dependencies (components the package depends on)
Dependents (packages that depend on it)
Security advisories (known vulnerabilities in the package and dependencies, unmanaged dependencies, etc.)
License information
Support the originator by clicking the read the rest link below.
