VDM: Vendoring Dependency Manager

VDM is a simple tool for managing external dependencies. VDM uses a dependency manifest written in Starlark and patch files to download the dependencies into a source repository.

VDM uses itself to manage its dependencies, so the VDM codebase functions as an example.

VDM works with a dependencies manifest called deps.bzl. This uses Starlark syntax to express the set of dependencies.

Commands:

The dependencies specified in deps.bzl are installed in the source repo using vdm vendor.
The dependency manifest is updated with newer minor/patch versions using vdm update. Note that this will not affect the source repository without subsequently calling vdm vendor.
The dependency graph can be checked for vulnerabilities and analysed for unused dependencies using vdm check ROOTS. The given roots are one or more Bazel path.
- As an example, the VDM repository is checked using vdm check //:vdm //cmd/... //internal/....

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
cmd		cmd
internal		internal
patches		patches
vendor		vendor
.bazelrc		.bazelrc
.bazelversion		.bazelversion
.gitignore		.gitignore
AUTHORS		AUTHORS
BUILD.bazel		BUILD.bazel
CONTRIBUTORS		CONTRIBUTORS
LICENSE		LICENSE
MODULE.bazel		MODULE.bazel
MODULE.bazel.lock		MODULE.bazel.lock
README.md		README.md
WORKSPACE		WORKSPACE
deps.bzl		deps.bzl
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

VDM: Vendoring Dependency Manager

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

ProjectSerenity/vdm

Folders and files

Latest commit

History

Repository files navigation

VDM: Vendoring Dependency Manager

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages