Additional filters on dependency info

[debopamsengupta]

Hi @matteofigus ,

Came across this CLI and seems a really neat way to check info on dependencies and plugins.
If it's alright, we wanted to add a few extra filters and options to it like:

• checking devDependencies of components (to see libraries used on the client-side code)
• checking through all versions of each component

If that's alright with you, we can make PRs 😄
cc @NimaSoroush

[debopamsengupta]

Would be interesting to add authentication to this as well ?

[matteofigus]

Hi!

• devDependencies would be a good addition, let's do it!
• we developed this mostly because we always try to push consumers to use the latest version, so that's the most interesting fact for us. If we want to navigate all the versions of all components, it would be doable but my preference would be to have an extra parameter like --all-versions

In regards of the authentication:
The cli uses the public oc api, so everything that it fetches is already publicly available. If we would need to protect some of this info via credentials, then that would need to be a quite radical change in the way the api exposes its information (and as consequence, the way the clients interact with it, including this little tool).

At the moment, nothing here is strictly private imho, do you think any of this should be?

[debopamsengupta]

Yeah, I was thinking --all-versions could be an extra parameter :)
For the authentication :
I'm not sure how much of a risk it is for the dependency and dependency version of a component to be known. But as you pointed out, all of this is publicly available at the moment, so might not be any issues with keeping it that way :)