You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
on home page, show (with title) which apparent mirrors are not listed, and in dashboard mark module paths that won't match due to being on the skip list
dom._kids(document.body,dom.div(dom._class('home'),dom._class('page'),dom.div(style({textAlign: 'right'}),dom.a(attr.href('#overview'),'Login')),dom.h1('GopherWatch'),dom.p('Keep tabs on Go modules.'),dom.p('Subscribe to Go module paths and receive an email when a new module/version is published through the Go module proxy.'),dom.h2('How does it work?'),dom.p('In Go, you use ',dom.span('"go get"',attr.title('Or related commands, such as "go install", "go mod tidy" and more')),' to download Go modules to use as a dependency. Looking up a module is done through the ',dom.a(attr.href('https://sum.golang.org'),attr.rel('noopener'),'Go checksum database'),': A ',dom.a(attr.href('https://research.swtch.com/tlog'),attr.rel('noopener'),'transparency log'),' that proves it is not tampered with, providing high assurance that you get the correct code. It is an append-only public log of all unique Go modules/versions ever requested through "go get". It is just like certificate transparency logs for TLS certificates.'),dom.p('GopherWatch follows the modules/versions appended to the Go sum database. You can subscribe to modules. GopherWatch sends you an email whenever a new matching module/version appears in the append-only log.'),dom.h2('Recent modules'),dom.p(dom.span('Prerelease versions ',attr.title('semver version with a dash, such as v1.2.3-20060102150405-652ceb448533')),' and apparent mirrors not shown.'),dom.table(dom._class('recents'),dom._class('mono'),dom.thead(dom.tr(dom.th('Module',attr.title('Repo URLs are guesses and may be wrong.')),dom.th('Version',attr.title('Tag URLs are guesses and may be wrong.')),dom.th('Age'),dom.th('Docs',attr.title('Doc URLs are guesses and may be wrong.')))),recentsElem),dom.br(),dom.h2('Get started'),dom.p(dom.clickbutton('Create account',functionclick(){
1179
+
dom._kids(document.body,dom.div(dom._class('home'),dom._class('page'),dom.div(style({textAlign: 'right'}),dom.a(attr.href('#overview'),'Login')),dom.h1('GopherWatch'),dom.p('Keep tabs on Go modules.'),dom.p('Subscribe to Go module paths and receive an email when a new module/version is published through the Go module proxy.'),dom.h2('How does it work?'),dom.p('In Go, you use ',dom.span('"go get"',attr.title('Or related commands, such as "go install", "go mod tidy" and more')),' to download Go modules to use as a dependency. Looking up a module is done through the ',dom.a(attr.href('https://sum.golang.org'),attr.rel('noopener'),'Go checksum database'),': A ',dom.a(attr.href('https://research.swtch.com/tlog'),attr.rel('noopener'),'transparency log'),' that proves it is not tampered with, providing high assurance that you get the correct code. It is an append-only public log of all unique Go modules/versions ever requested through "go get". It is just like certificate transparency logs for TLS certificates.'),dom.p('GopherWatch follows the modules/versions appended to the Go sum database. You can subscribe to modules. GopherWatch sends you an email whenever a new matching module/version appears in the append-only log.'),dom.h2('Recent modules'),dom.p(dom.span('Prerelease versions ',attr.title('semver version with a dash, such as v1.2.3-20060102150405-652ceb448533')),' and ',dom.span('apparent mirrors',attr.title((home.SkipModulePrefixes||[]).join('\n'))),' not shown.'),dom.table(dom._class('recents'),dom._class('mono'),dom.thead(dom.tr(dom.th('Module',attr.title('Repo URLs are guesses and may be wrong.')),dom.th('Version',attr.title('Tag URLs are guesses and may be wrong.')),dom.th('Age'),dom.th('Docs',attr.title('Doc URLs are guesses and may be wrong.')))),recentsElem),dom.br(),dom.h2('Get started'),dom.p(dom.clickbutton('Create account',functionclick(){
1177
1180
signup(home.SignupNote);
1178
1181
}),' Do it.'),dom.h2('FAQ'),dom.dl(dom.dt(dom.h3("How does this compare to other mechanism to stay updated on modules?")),dom.dd(dom.p('You have several options for tracking dependencies for a Go project:'),dom.ul(dom.li('Just running "get get -u" to update dependencies to the latest versions.'),dom.li('You can find dependencies that really need to be upgraded with "govulncheck". It helpfully only mentions modules if you are using vulnerable code.'),dom.li('You could also "watch" a repository on e.g. github. But it\'ll be different for each "software forge". On github, it only works if "releases" are created. You cannot watch new tagged versions with the "watch" feature. Though you can watch tags using RSS. The point is, software forges are different, some do not help you.')),dom.br(),dom.p('GopherWatch works regardless of where the software is "hosted". GopherWatch can also notify repositories that match a module prefix, e.g. all modules/versions in an organization, perhaps your own.'),dom.p('GopherWatch can not report on a module if it is never requested through the Go module proxy.'),dom.p('GopherWatch does not currently watch the depedencies of modules you are subscribed to. That could be a good next step: Each time a module version is released, fetch the new go.mod and start monitoring dependencies for new versions. Patches welcome!'))),home.Note ? [
0 commit comments