A tool for checking for lingering free namespaces for private package names referenced in dependency configuration
for Python (pypi) requirements.txt or JavaScript (npm) package.json
-
Download a prebuilt binary from releases page, unpack and run!
or
-
If you have recent go compiler installed:
go get -u github.com/visma-prodsec/confused(the same command works for updating)or
-
git clone https://github.com/visma-prodsec/confused ; cd confused ; go get ; go build
Usage:
./confused [-l LANGUAGENAME] depfilename.ext
Usage of ./confused:
-l string
Package repository system. Possible values: "pip", "npm" (default "pip")
-v Verbose output
./confused -l pip requirements.txt
Issues found, the following packages are not available in public package repositories:
[!] internal_package1