# goblin_prospector
[](https://crates.io/crates/goblin_prospector)
A little tool to read lockfiles in a project and get information from each dependency's repo and get newer changes that aren't used by the project (hopefully containing a vulnerability or behaviour that was recently changed/fixed upstream but can still be exploited on said project).
[Gif made with vhs](https://github.com/charmbracelet/vhs)
## Currently supports:
### Lockfiles
- yarn (yarn.lock)
- npm (package-lock.json)
- ruby (Gemfile.lock)
### Releases from repositories
- GitHub
- GitLab
## Installation
You can install from crates.io using cargo:
```
cargo install goblin_prospector
```
Or download a [prebuilt binary from the releases.](https://gitlab.com/bea_stung/goblin_prospector/-/releases)
You can also just clone the repo and build the tool with cargo:
```
git clone https://gitlab.com/bea_stung/goblin_prospector.git
cd goblin_prospector
cargo install --path=.
```
## Usage
### Basic usage
```
goblin_prospector -d ~/repos/gitlab --github-token GITHUB_TOKEN_HERE -c 40
```
Example Output:
```
[[ GitHub KaTeX/KaTeX ]]:
katex (Yarn) [0.13.2]:
GitHub (KaTeX/KaTeX): git+https://github.com/KaTeX/KaTeX.git
More recent releases:
[v0.16.8]:
0.16.8 (2023-06-24)
Features
expose error length and raw error message on ParseError (#3820) (710774a)
[v0.16.7]:
0.16.7 (2023-04-28)
Bug Fixes
docs/support_table.md: delete redundant "varPsi" (#3814) (33a1b98)
.....
```
### Help message
```
goblin_prospector --help
```
Example Output:
```
Goblin goes and gets information about new dependancy features introduced after the versions used by a project.
Point me at a project directory and watch me go boss, yeehaw!
Supports:
Lockfiles:
- yarn (yarn.lock)
- npm (package-lock.json)
- ruby (Gemfile.lock)
Releases from repositories:
- GitHub
- GitLab
Usage: goblin_prospector [OPTIONS] --dir
Options:
-d, --dir Directory of project to check
--github-token GitHub token for API
--gitlab-token GitLab token for API
-c, --concurrent-requests Number of concurrent requests
-o, --output