Skip to content

Commit 723819e

Browse files
dacharycdacharyc
committed
Add a Go CLI to check monorepo project dependencies
1 parent d88ff73 commit 723819e

File tree

29 files changed

+4097
-0
lines changed

29 files changed

+4097
-0
lines changed

dependency-manager/.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
depman

dependency-manager/README.md

Lines changed: 239 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,239 @@
1+
# Dependency Manager CLI
2+
3+
A powerful CLI tool built with Cobra that scans directories for dependency management files and helps you check and update dependencies across multiple package managers.
4+
5+
## Features
6+
7+
- 🔍 **Multi-language support**: Handles package.json, pom.xml, requirements.txt, go.mod, and .csproj files
8+
- 📊 **Dry run mode**: Check for updates without making changes
9+
- 🔄 **Selective updates**: Update dependency files without installing
10+
-**Full automation**: Update and install dependencies in one command
11+
- 🌳 **Recursive scanning**: Automatically finds all dependency files in subdirectories
12+
13+
## Supported Package Managers
14+
15+
| Language/Framework | File Type | Package Manager | Commands Used |
16+
|-------------------|-----------|-----------------|---------------|
17+
| JavaScript/Node.js | package.json | npm | `npm outdated`, `ncu -u`, `npm install` |
18+
| Java | pom.xml | Maven | `mvn versions:display-dependency-updates`, `mvn versions:use-latest-releases` |
19+
| Python | requirements.txt | pip | `pip list --outdated`, `pip-compile --upgrade`, `pip install -r` |
20+
| Go | go.mod | Go modules | `go list -u -m all`, `go get -u`, `go mod tidy` |
21+
| C#/.NET | .csproj | NuGet | `dotnet list package --outdated`, `dotnet add package`, `dotnet restore` |
22+
23+
## Installation
24+
25+
### Prerequisites
26+
27+
Make sure you have Go 1.25 or later installed.
28+
29+
### Build from source
30+
31+
```bash
32+
cd dependency-manager
33+
go build -o depman
34+
```
35+
36+
### Install globally
37+
38+
```bash
39+
go install
40+
```
41+
42+
## Usage
43+
44+
### Basic Commands
45+
46+
#### Check for updates (Dry Run)
47+
48+
Check for available dependency updates without making any changes:
49+
50+
```bash
51+
depman check --path /path/to/project
52+
```
53+
54+
Or use the current directory:
55+
56+
```bash
57+
depman check
58+
```
59+
60+
#### Update dependency files
61+
62+
Update dependency management files to the latest versions without installing:
63+
64+
```bash
65+
depman update --path /path/to/project
66+
```
67+
68+
#### Full update and install
69+
70+
Update dependency files and install the new dependencies:
71+
72+
```bash
73+
depman install --path /path/to/project
74+
```
75+
76+
### Flags
77+
78+
- `-p, --path`: Starting filepath or directory to scan (default: current directory)
79+
- `--direct-only`: Only check direct dependencies (excludes indirect/dev dependencies)
80+
- `--ignore`: Additional directory names to ignore during scanning (can be specified multiple times)
81+
82+
### Default Ignored Directories
83+
84+
The following directories are always ignored when scanning recursively:
85+
- `node_modules` - npm packages
86+
- `.git` - Git repository data
87+
- `vendor` - Go/PHP vendor directories
88+
- `target` - Maven/Rust build output
89+
- `dist` - Distribution/build output
90+
- `build` - Build output
91+
92+
### Examples
93+
94+
#### Check a single dependency file
95+
96+
```bash
97+
depman check --path ./package.json
98+
```
99+
100+
#### Scan entire project
101+
102+
```bash
103+
depman check --path ./my-project
104+
```
105+
106+
#### Update all dependencies in a monorepo
107+
108+
```bash
109+
depman install --path ./monorepo
110+
```
111+
112+
#### Check only direct dependencies
113+
114+
For Go modules, this excludes indirect dependencies. For npm, this excludes devDependencies:
115+
116+
```bash
117+
depman check --path ./my-project --direct-only
118+
```
119+
120+
#### Ignore additional directories
121+
122+
Ignore custom directories in addition to the default ignored directories:
123+
124+
```bash
125+
depman check --path ./my-project --ignore .cache --ignore tmp
126+
```
127+
128+
## How It Works
129+
130+
1. **Scanning**: The tool recursively scans the specified path for dependency management files
131+
2. **Detection**: Identifies file types (package.json, pom.xml, etc.)
132+
3. **Checking**: Uses the appropriate package manager to check for updates
133+
4. **Updating**: Based on the command, either:
134+
- Shows available updates (check)
135+
- Updates the dependency file (update)
136+
- Updates and installs dependencies (install)
137+
138+
## Special Considerations
139+
140+
### npm (package.json)
141+
142+
- Requires `npm-check-updates` (ncu) for updating: `npm install -g npm-check-updates`
143+
- Uses `npm outdated` for checking updates
144+
- With `--direct-only`: excludes devDependencies (only checks/updates production dependencies)
145+
146+
### Maven (pom.xml)
147+
148+
- Uses Maven versions plugin
149+
- Creates backup files (automatically cleaned up)
150+
151+
### pip (requirements.txt)
152+
153+
- Requires `pip-tools` for updating: `pip install pip-tools`
154+
- Uses `pip list --outdated` for checking
155+
156+
### Go modules (go.mod)
157+
158+
- Uses native Go commands
159+
- Automatically runs `go mod tidy` after updates
160+
- With `--direct-only`: excludes indirect dependencies (only checks/updates direct dependencies)
161+
162+
### NuGet (.csproj)
163+
164+
- Uses `dotnet` CLI
165+
- Runs `dotnet restore` and `dotnet build` for full updates
166+
167+
## Output Example
168+
169+
```
170+
Found 3 dependency management file(s):
171+
172+
Checking ./frontend/package.json (package.json)...
173+
Found 5 update(s):
174+
Package Current Latest Type
175+
------- ------- ------ ----
176+
react 18.2.0 18.3.1 minor
177+
typescript 5.0.4 5.3.3 minor
178+
@types/react 18.2.0 18.2.48 patch
179+
eslint 8.45.0 8.56.0 minor
180+
vite 4.4.5 5.0.10 major
181+
182+
Checking ./backend/go.mod (go.mod)...
183+
Found 2 update(s):
184+
Package Current Latest Type
185+
------- ------- ------ ----
186+
github.com/spf13/cobra v1.7.0 v1.8.0 minor
187+
github.com/stretchr/testify v1.8.4 v1.9.0 minor
188+
189+
Checking ./api/pom.xml (pom.xml)...
190+
All dependencies are up to date!
191+
```
192+
193+
## Error Handling
194+
195+
The tool will:
196+
- Skip files if the required package manager is not installed
197+
- Continue processing other files if one fails
198+
- Display clear error messages for troubleshooting
199+
200+
## Development
201+
202+
### Project Structure
203+
204+
```
205+
dependency-manager/
206+
├── cmd/ # Cobra commands
207+
│ ├── root.go # Root command
208+
│ ├── check.go # Check command
209+
│ ├── update.go # Update command
210+
│ └── install.go # Install command
211+
├── internal/
212+
│ ├── scanner/ # File scanning logic
213+
│ │ └── scanner.go
214+
│ └── checker/ # Dependency checkers
215+
│ ├── checker.go # Interface and registry
216+
│ ├── npm.go # npm checker
217+
│ ├── maven.go # Maven checker
218+
│ ├── pip.go # pip checker
219+
│ ├── gomod.go # Go modules checker
220+
│ └── nuget.go # NuGet checker
221+
├── main.go
222+
├── go.mod
223+
└── README.md
224+
```
225+
226+
### Adding a New Package Manager
227+
228+
1. Create a new checker in `internal/checker/`
229+
2. Implement the `Checker` interface
230+
3. Register the checker in `cmd/check.go`, `cmd/update.go`, and `cmd/install.go`
231+
232+
## License
233+
234+
See LICENSE file for details.
235+
236+
## Contributing
237+
238+
Contributions are welcome! Please feel free to submit a Pull Request.
239+

0 commit comments

Comments
 (0)