Google Releases ‘Open Source Insights’ Dependency Visualization Tool
From today’s edition of Mike Melanson’s “This Week in Programming” column:
If you’ve been using open source software for any amount of time, then you’re well aware of the tangled web of dependencies often involved in such projects. If not, there’s any number of tools out there that explore just how interconnected everything is, and this week Google has jumped into the game with its own offering — an exploratory visualization site called Open Source Insights that gives users an interactive view of dependencies of open source projects.

Now, Google isn’t the first to get into the game of trying to uncover and perhaps untangle the dizzying dependency graph of the open source world, but the company argues that it is more so trying to lay everything out in a way that developers can see, visually, just how, well, hopelessly screwed they really are.

“There are tools to help, of course: vulnerability scanners and dependency audits that can help identify when a package is exposed to a vulnerability. But it can still be difficult to visualize the big picture, to understand what you depend on, and what that implies,” they write.

The Open Source Insights tool — currently “experimental” — gives users either a table or graphical visualization of how a project is composed, allowing them to explore the dependency graph and examine how using different versions of certain projects might actually affect that dependency graph. One of the benefits, Google notes, is that it allows users to see all this information “without asking you to install the package first. You can see instantly what installing a package — or an updated version — might mean for your project, how popular it is, find links to source code and other information, and then decide whether it should be installed.”

Currently, the tool supports npm, Maven, Go modules, and Cargo, with more packaging systems on the way soon…

Read more of this story at Slashdot.

By admin