# 🕵️♂️ go_over
[](https://hex.pm/packages/go_over)
[](https://hexdocs.pm/go_over/)
[](https://github.com/bwireman/delay/blob/main/LICENSE)
[](https://gleam.run/news/v0.16-gleam-compiles-to-javascript/)
[](https://gleam.run)
A tool to audit Erlang & Elixir dependencies, to make sure your gleam projects really sparkle! ✨
🚨 _**NOTE**_: security advisories are _NOT_ currently monitored for gleam dependencies. The language, while excellent, is far too new and niche
# 🔽 Install
```sh
gleam add --dev go_over
```
## 📣 Also!
- add `.go-over/` to your `.gitignore`
- make sure `git` is installed
#### 🌸 Javascript
If running with Javascript install
```json
{
"dependencies": {
"sync-fetch": "^0.5.2",
"yaml": "^2.4.3"
}
}
```
Bun & Nodejs are supported
# ▶️ Usage
```sh
gleam run -m go_over
```
### 🎥 Obligatory Asciinema

### 🏴 Flags
Override config values if set
- `--force`: will force pulling new data even if the cached data is still valid
- `--format=<format>`: specify the output format of any warnings. `["minimal", "detailed", "json"]`
### ⚙️ Config
Optional settings that can be added to your project's `gleam.toml`
```toml
[go-over]
# disables caching if false
# default: true
cache = true
# sets output format for warnings ["minimal", "detailed", "json"]
# default: "minimal"
format = "minimal"
[go-over.ignore]
# list of package names to skip when checking for advisories & warnings
# default: []
packages = ["example_package"]
# list of warning severities to skip when checking for advisories & warnings
# default: []
# (case insensitive)
severity = ["example_moderate"]
# list of advisory IDs to skip when checking for advisories & warnings
# default: []
ids = ["GHSA-xxxx-yyyy-zzzz"]
```
### ⌛ Caching
- Security advisory data is cached for **_six_** hours
- hex.pm retired package data is cached for **_one_** hour
# 🖌️ Other Art
- As I'm sure is no surprise this tool is inspired by (and all around worse than) [mirego/mix_audit](https://github.com/mirego/mix_audit). Please check it out!
- It also draws inspiration from [mix hex.audit](https://hexdocs.pm/hex/Mix.Tasks.Hex.Audit.html)
# ⚖️ License
- This tool uses [mirego/elixir-security-advisories](https://github.com/mirego/elixir-security-advisories) which is it self licensed with
- `BSD-3-Clause license`
- `CC-BY 4.0 open source license`.
- See their [#license section](https://github.com/mirego/elixir-security-advisories?tab=readme-ov-file#license)
- Code original to this repo is Licensed under `MIT`