Skip to content

v0.1.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@Stamp9 Stamp9 released this 07 Oct 14:29
· 71 commits to main since this release
v0.1.0
d782fb1

Dirty-Waters v0.1.0

Dirty-Waters is an automated tool for identifying software supply chain issues in wallet projects. This initial release focuses on analyzing JavaScript cryptocurrency wallet projects and provides the following features:

  1. One version Analysis: Examines static data of all dependencies from package registry and source code repository.
  2. Differential Analysis: Compares two versions of a project to highlight changes in the source code.
  3. Comprehensive Reporting: Generates detailed markdown reports for both static and differential analyses.

Key capabilities:

  • Detects dependencies without source code links
  • Flags deprecated dependencies
  • Highlights dependencies sourced from forks
  • Detects dependencies without provenance
  • Identifies packages lacking version tags
  • Identify first-time author and merger in the source code repository

We welcome feedback and contributions to improve the tool's capabilities and expand its support for other ecosystems.

Assets 2
Loading