Skip to content

Releases: chains-project/dirty-waters

v0.1.1

15 Oct 00:09
@Stamp9 Stamp9
v0.1.1
3612b3f
Compare
Choose a tag to compare
v0.1.1 Latest
Latest

This release add one new feature: Check release tag accessibility of the dependencies

Assets 2
Loading

v0.1.0

07 Oct 14:29
@Stamp9 Stamp9
v0.1.0
d782fb1
Compare
Choose a tag to compare
v0.1.0 Pre-release
Pre-release

Dirty-Waters v0.1.0

Dirty-Waters is an automated tool for identifying software supply chain issues in wallet projects. This initial release focuses on analyzing JavaScript cryptocurrency wallet projects and provides the following features:

  1. One version Analysis: Examines static data of all dependencies from package registry and source code repository.
  2. Differential Analysis: Compares two versions of a project to highlight changes in the source code.
  3. Comprehensive Reporting: Generates detailed markdown reports for both static and differential analyses.

Key capabilities:

  • Detects dependencies without source code links
  • Flags deprecated dependencies
  • Highlights dependencies sourced from forks
  • Detects dependencies without provenance
  • Identifies packages lacking version tags
  • Identify first-time author and merger in the source code repository

We welcome feedback and contributions to improve the tool's capabilities and expand its support for other ecosystems.

Assets 2
Loading