Skip to content

Instantly share code, notes, and snippets.

@jexp
Last active January 5, 2023 13:09
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jexp/9541bbfc17e0383d1e55388a7d7e3162 to your computer and use it in GitHub Desktop.
Google deps.dev to #Neo4j graph on dev.neo4j.com/sandbox

Google deps.dev to Neo4j

Google released a new tool that provides dependencies for maven, npm, cargo and pypi

It has a nice UI, comes with security advisories, information about the packages and a REST API

Source: https://deps.dev/maven/org.neo4j:neo4j-kernel

REST API

We used just the depdencies endpoint to create our graph, starting with neo4j-kernel version 4.2.6

Spin up a blank sandbox and run the commands from dependencies.cypher

The endpoint https://deps.dev/_/s/maven/p/org.neo4j%3Aneo4j-kernel/v/4.2.6/dependencies

returns this result json

{
"package": {
"system": "MAVEN",
"name": "org.neo4j:neo4j-kernel"
},
"version": "4.2.6",
"dependencyCount": 76,
"dependencies": [
{
"package": {
"system": "MAVEN",
"name": "com.github.jbellis:jamm"
},
"version": "0.3.3",
"type": "",
"description": "\n    Jamm provides MemoryMeter, a java agent to measure actual object memory use including JVM overhead.\n  ",
"owners": [],
"license": "Apache-2.0",
"advisories": [],
"distance": 1,
"dependencyCount": 0
},
{
"package": {
"system": "MAVEN",
"name": "com.google.code.findbugs:annotations"
},
"version": "3.0.1",
"type": "",
"description": "Annotation the FindBugs tool supports",
"owners": [],
"advisories": [],
"distance": 1,
"dependencyCount": 2
},...
]}

that we then can just take and turn into packages that depend on each other with cypher

with "org.neo4j:neo4j-kernel" as name, '4.2.6' as version
call apoc.load.json("https://deps.dev/_/s/maven/p/"+name+"/v/"+version+"/dependencies") yield value
where value.package.system = 'MAVEN'
merge (p:Package:Maven {name:value.package.name, version:value.version})
with * 
unwind value.dependencies as dep
with p, dep where dep.package.system = 'MAVEN'
merge (d:Package:Maven {name:dep.package.name, version:dep.version})
on create set d += dep {.license, .description }
merge (p)-[:DEPENDS_ON]->(d)

We can then run repeatedly over our packages and fetch more dependencies.

// load initial package, adjust your name and version
with "org.neo4j:neo4j-kernel" as name, '4.2.6' as version
call apoc.load.json("https://deps.dev/_/s/maven/p/"+name+"/v/"+version+"/dependencies") yield value
where value.package.system = 'MAVEN'
merge (p:Package:Maven {name:value.package.name, version:value.version})
with *
unwind value.dependencies as dep
with p, dep where dep.package.system = 'MAVEN'
merge (d:Package:Maven {name:dep.package.name, version:dep.version})
on create set d += dep {.license, .description }
merge (p)-[:DEPENDS_ON]->(d);
// run repeatedly to add more packages
match (p:Package:Maven) where not exists { (p)-[:DEPENDS_ON]->() } and not p:Processed
with p limit 250
set p:Processed with *
call apoc.load.json("https://deps.dev/_/s/maven/p/"+p.name+"/v/"+p.version+"/dependencies") yield value
where value.package.system = 'MAVEN'
unwind value.dependencies as dep
with p, dep where dep.package.system = 'MAVEN'
merge (d:Package:Maven {name:dep.package.name, version:dep.version})
on create set d += dep {.license, .description }
merge (p)-[:DEPENDS_ON]->(d);
@jexp
Copy link
Author

jexp commented Jun 4, 2021

If you like this please like or retweet:

https://twitter.com/mesirii/status/1400747811348623362

First Dependencies in Neo4j Browser

image

Dependencies in Bloom

image

@Gby56
Copy link

Gby56 commented Feb 9, 2022

I think the dependents is limited to 100 results in the API, sadly :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment