Google released a new tool that provides dependencies for maven, npm, cargo and pypi
It has a nice UI, comes with security advisories, information about the packages and a REST API
Source: https://deps.dev/maven/org.neo4j:neo4j-kernel
REST API
- Suggestions: https://deps.dev/_/search/suggest?q=neo4&system=MAVEN
- Main https://deps.dev/_/s/maven/p/org.neo4j%3Aneo4j-kernel/v/
- Versions: https://deps.dev/_/s/maven/p/org.neo4j%3Aneo4j-kernel/versions
- Dependents: https://deps.dev/_/s/maven/p/org.neo4j:neo4j-kernel/v/4.2.6/dependents
- Dependencies: https://deps.dev/_/s/maven/p/org.neo4j%3Aneo4j-kernel/v/4.2.6/dependencies
- Dependencies with Graph: https://deps.dev/_/s/maven/p/org.neo4j%3Aneo4j-kernel/v/4.2.6/dependenciesWithGraph
We used just the depdencies endpoint to create our graph, starting with neo4j-kernel version 4.2.6
Spin up a blank sandbox and run the commands from dependencies.cypher
The endpoint https://deps.dev/_/s/maven/p/org.neo4j%3Aneo4j-kernel/v/4.2.6/dependencies
returns this result json
{
"package": {
"system": "MAVEN",
"name": "org.neo4j:neo4j-kernel"
},
"version": "4.2.6",
"dependencyCount": 76,
"dependencies": [
{
"package": {
"system": "MAVEN",
"name": "com.github.jbellis:jamm"
},
"version": "0.3.3",
"type": "",
"description": "\n Jamm provides MemoryMeter, a java agent to measure actual object memory use including JVM overhead.\n ",
"owners": [],
"license": "Apache-2.0",
"advisories": [],
"distance": 1,
"dependencyCount": 0
},
{
"package": {
"system": "MAVEN",
"name": "com.google.code.findbugs:annotations"
},
"version": "3.0.1",
"type": "",
"description": "Annotation the FindBugs tool supports",
"owners": [],
"advisories": [],
"distance": 1,
"dependencyCount": 2
},...
]}
that we then can just take and turn into packages that depend on each other with cypher
with "org.neo4j:neo4j-kernel" as name, '4.2.6' as version
call apoc.load.json("https://deps.dev/_/s/maven/p/"+name+"/v/"+version+"/dependencies") yield value
where value.package.system = 'MAVEN'
merge (p:Package:Maven {name:value.package.name, version:value.version})
with *
unwind value.dependencies as dep
with p, dep where dep.package.system = 'MAVEN'
merge (d:Package:Maven {name:dep.package.name, version:dep.version})
on create set d += dep {.license, .description }
merge (p)-[:DEPENDS_ON]->(d)
We can then run repeatedly over our packages and fetch more dependencies.
If you like this please like or retweet:
https://twitter.com/mesirii/status/1400747811348623362
First Dependencies in Neo4j Browser
Dependencies in Bloom