-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathget_package_stats.py
315 lines (208 loc) · 10.5 KB
/
get_package_stats.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
"""
Collect the total number of dependents over all versions
Reference: https://docs.deps.dev/api/v3alpha/#getdependents
Path parameters
packageKey.system: string
The package management system containing the package.
Can be one of GO, NPM, CARGO, MAVEN, PYPI, NUGET.
packageKey.name: string
The name of the package.
## GetPackage
GET https://api.deps.dev/v3alpha/systems/{packageKey.system}/packages/{packageKey.name}
GetPackage returns information about a package, including a list of its available versions, with the default version marked if known.
Response
packageKey: object
The name of the package. Note that it may differ from the name in the request, due to canonicalization.
packageKey.system: string
The package management system containing the package.
Can be one of GO, NPM, CARGO, MAVEN, PYPI, NUGET.
packageKey.name: string
The name of the package.
purl: string
The purl that identifies this package. Note that the package name may differ from the name in the request, due to canonicalization.
versions[]: object[]
The available versions of the package.
versions[].versionKey: object
The name of the version. Note that the package name may differ from the name in the request, due to canonicalization.
versions[].versionKey.system: string
The package management system containing the package.
Can be one of GO, NPM, CARGO, MAVEN, PYPI, NUGET.
versions[].versionKey.name: string
The name of the package.
versions[].versionKey.version: string
The version of the package.
versions[].purl: string
The purl that identifies this version of the package. Note that the package and version name in the purl may differ from the names in the request, due to canonicalization.
versions[].publishedAt: string
The time when this package version was published, if available, as reported by the package management authority.
versions[].isDefault: boolean
If true, this is the default version of the package: the version that is installed when no version is specified. The precise meaning of this is system-specific, but it is commonly the version with the greatest version number, ignoring pre-release versions.
versions[].isDeprecated: boolean
If true, this version has been marked as deprecated.
## GetDependents
GET /v3alpha/systems/{versionKey.system}/packages/{versionKey.name}/versions/{versionKey.version}:dependents
GetDependents returns information about the number of distinct packages known to depend on the given package version. Dependent counts are currently available for Go, npm, Cargo, Maven and PyPI.
Dependent counts are derived from the dependency graphs computed by deps.dev, which means that only public dependents are counted. As such, dependent counts should be treated as indicative of relative popularity rather than precisely accurate.
Path parameters
versionKey.system: string
The package management system containing the package.
Can be one of GO, NPM, CARGO, MAVEN, PYPI, NUGET.
versionKey.name: string
The name of the package.
versionKey.version: string
The version of the package.
Response
dependentCount: number
The number of packages known to depend on this package version, either directly or indirectly. Note that this may be less than the sum of the direct and indirect dependent counts.
directDependentCount: number
The number of packages known to depend directly on this package version.
indirectDependentCount: number
The number of packages known to depend indirectly on this package version.
GetCapabilities
GET /v3alpha/systems/{versionKey.system}/packages/{versionKey.name}/versions/{versionKey.version}:capabilities
GetCapabilityRequest returns counts for direct and indirect calls to Capslock capabilities for a given package version. Currently only available for Go.
Path parameters
versionKey.system: string
The package management system containing the package.
Can be one of GO, NPM, CARGO, MAVEN, PYPI, NUGET.
versionKey.name: string
The name of the package.
versionKey.version: string
The version of the package.
Response
capabilities[]: object[]
The Capslock capabilities associated with a package, along with the number of direct and indirect callpaths to this capability.
capabilities[].capability: string
A Capslock capability, indicating that the packages uses this capability.
capabilities[].directCount: number
The number of calls from this package directly to this capability.
capabilities[].indirectCount: number
The number of calls from this package to the capability via another package.
GetProject
GET /v3alpha/projects/{projectKey.id}
GetProject returns information about projects hosted by GitHub, GitLab, or BitBucket, when known to us.
Example: /v3alpha/projects/github.com%2Ffacebook%2Freact
Path parameters
projectKey.id: string
A project identifier of the form github.com/user/repo, gitlab.com/user/repo, or bitbucket.org/user/repo.
Response
projectKey: object
The identifier for the project. Note that this may differ from the identifier in the request, due to canonicalization.
projectKey.id: string
A project identifier of the form github.com/user/repo, gitlab.com/user/repo, or bitbucket.org/user/repo.
openIssuesCount: number
The number of open issues reported by the project host. Only available for GitHub and GitLab.
starsCount: number
The number of stars reported by the project host. Only available for GitHub and GitLab.
forksCount: number
The number of forks reported by the project host. Only available for GitHub and GitLab.
license: string
The license reported by the project host.
description: string
The description reported by the project host.
homepage: string
The homepage reported by the project host.
scorecard: object
An OpenSSF Scorecard for the project, if one is available.
scorecard.date: string
The date at which the scorecard was produced. The time portion of this field is midnight UTC.
scorecard.repository: object
The source code repository and commit the scorecard was produced from.
scorecard.repository.name: string
The source code repository the scorecard was produced from.
scorecard.repository.commit: string
The source code commit the scorecard was produced from.
scorecard.scorecard: object
The version and commit of the Scorecard program used to produce the scorecard.
scorecard.scorecard.version: string
The version of the Scorecard program used to produce the scorecard.
scorecard.scorecard.commit: string
The commit of the Scorecard program used to produce the scorecard.
scorecard.checks[]: object[]
The results of the Scorecard Checks performed on the project.
scorecard.checks[].name: string
The name of the check.
scorecard.checks[].documentation: object
Human-readable documentation for the check.
scorecard.checks[].documentation.shortDescription: string
A short description of the check.
scorecard.checks[].documentation.url: string
A link to more details about the check.
scorecard.checks[].score: number
A score in the range [0,10]. A higher score is better. A negative score indicates that the check did not run successfully.
scorecard.checks[].reason: string
The reason for the score.
scorecard.checks[].details[]: string[]
Further details regarding the check.
scorecard.overallScore: number
A weighted average score in the range [0,10]. A higher score is better.
scorecard.metadata[]: string[]
Additional metadata associated with the scorecard.
ossFuzz: object
Details of this project’s testing by the OSS-Fuzz service. Only set if the project is tested by OSS-Fuzz.
ossFuzz.lineCount: number
The total number of lines of code in the project.
ossFuzz.lineCoverCount: number
The number of lines of code covered by fuzzing.
ossFuzz.date: string
The date the fuzz test that produced the coverage information was run against this project. The time portion of this field is midnight UTC.
ossFuzz.configUrl: string
The URL containing the configuration for the project in the OSS-Fuzz repository.
"""
import requests
def get_package_info(system: str, package_name: str) -> dict:
"""Get package information from deps.dev API"""
url = f"https://api.deps.dev/v3alpha/systems/{system}/packages/{package_name}"
response = requests.get(url)
if response.status_code != 200:
raise Exception(f"API request failed: {response.status_code}")
return response.json()
def get_version_info(system: str, package_name: str, version: str) -> dict:
"""Get specific version information including dependents"""
url = f"https://api.deps.dev/v3alpha/systems/{system}/packages/{package_name}/versions/{version}"
response = requests.get(url)
if response.status_code != 200:
raise Exception(f"API request failed: {response.status_code}")
return response.json()
def get_dependents_for_version(system: str, package_name: str, version: str) -> int:
"""Get dependent count for a specific version"""
url = f"https://api.deps.dev/v3alpha/systems/{system}/packages/{package_name}/versions/{version}:dependents"
response = requests.get(url)
if response.status_code != 200:
return 0
data = response.json()
return data.get('dependentCount', 0)
def get_total_dependents(system: str, package_name: str) -> int:
"""
Get total number of dependents across all versions of a package
Args:
system: Package system (NPM, PYPI, etc)
package_name: Name of the package
Returns:
Total number of unique dependents
"""
try:
# Get all versions
package_info = get_package_info(system, package_name)
if 'versions' not in package_info:
return 0
total_dependents = 0
for version in package_info['versions']:
version_key = version['versionKey']
dependents = get_dependents_for_version(
version_key['system'],
version_key['name'],
version_key['version']
)
total_dependents = max(total_dependents, dependents)
print(f"Version {version_key['version']}: {dependents} dependents")
return total_dependents
except Exception as e:
print(f"Error collecting dependents for {package_name}: {str(e)}")
return 0
if __name__ == "__main__":
# Example usage
system = "MAVEN"
package = "org.apache.logging.log4j:log4j-api"
total = get_total_dependents(system, package)
print(f"Total unique dependents for {package}: {total}")