Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → david942j → honest

david942j / honest

Licence: Apache-2.0 license

Are your installed packages _really_ the same as you saw on GitHub?

Programming Languages

77523 projects

139335 projects - #7 most used programming language

36898 projects - #4 most used programming language

Labels

security package-manager

Projects that are alternatives of or similar to honest

The missing package manager for golang binaries (its homebrew for "go install")

Stars: ✭ 177 (+608%)

Mutual labels: package-manager

Pawn package manager for SA-MP

Stars: ✭ 14 (-44%)

Mutual labels: package-manager

Purely functional build system and package manager

Stars: ✭ 173 (+592%)

Mutual labels: package-manager

Package manager for Halo Custom Edition

Stars: ✭ 20 (-20%)

Mutual labels: package-manager

meta-package-manager

🎁 a wrapper around all package managers

Stars: ✭ 277 (+1008%)

Mutual labels: package-manager

establish trust in community repositories, cryptographically signed by library authors

Stars: ✭ 32 (+28%)

Mutual labels: package-manager

Chocolatey - the package manager for Windows

Stars: ✭ 8,643 (+34472%)

Mutual labels: package-manager

Project evolved into Software Network: https://github.com/SoftwareNetwork/sw

Stars: ✭ 108 (+332%)

Mutual labels: package-manager

Work with Python distributions on Windows how it’s supposed to work.

Stars: ✭ 25 (+0%)

Mutual labels: package-manager

InterSystems ObjectScript Package Manager

Stars: ✭ 17 (-32%)

Mutual labels: package-manager

slapt-get is an APT like system for Slackware package management.

Stars: ✭ 26 (+4%)

Mutual labels: package-manager

Another package manager for HPC warriors.

Stars: ✭ 56 (+124%)

Mutual labels: package-manager

com.newtonsoft.json

Unity package manager setup for Newtonsoft's JSON library

Stars: ✭ 27 (+8%)

Mutual labels: package-manager

🚀 A Lightweight NPM Private Active Management Service.We don't design a scheme to synchronize to local caching. We only focus on building private active CRUDs that are compatible with NPM public package downloads.

Stars: ✭ 67 (+168%)

Mutual labels: package-manager

Dependency management built for Sass, Less, and CSS.

Stars: ✭ 19 (-24%)

Mutual labels: package-manager

Nix - Static, Permissionless, Installation-free, Pre-configured

Stars: ✭ 356 (+1324%)

Mutual labels: package-manager

Software Manager. Build System, Build System Generator and Package Manager. C/C++ and other languages. Tools and libraries for Software Management.

Stars: ✭ 93 (+272%)

Mutual labels: package-manager

Bored from installing tiny shell scripts and .dotfiles manually? Huh! Missing Shell Package Manager For Linux

Stars: ✭ 21 (-16%)

Mutual labels: package-manager

Git-based package manager written in POSIX shell

Stars: ✭ 72 (+188%)

Mutual labels: package-manager

LÖVE + Luarocks

Stars: ✭ 80 (+220%)

Mutual labels: package-manager

View All Similar Projects ➔

Honest: Are your installed packages honest?

Are your installed packages really the same as you saw on GitHub?

Verify the source code before you installed it!

Why

All open-source projects can be reviewed on GitHub, BitBucket, GitLab, etc.

But are you sure those packages published to pip/gem exactly same as they are in git-repositories?

Imagine this: It looks all good, secure, many-users on GitHub, but who has checked the packge pushed to PyPI? What if the developer hide an one-line backdoor in source-code before pushing it? Once you installed it, you got owned!

Let's find out whether the packages you installed are Honest!

Installation

$ git clone https://github.com/david942j/honest
$ cd honest
$ ./install.sh /usr/local # you may need sudo before the command
# or you can install somewhere under your home directory, such as:
# $ mkdir ~/local && ./install.sh ~/local && export PATH="$HOME/local/bin:$PATH"

$ honest --version # check if the installation succeed!

Usage

$ honest github:david942j/one_gadget gem:one_gadget
# [INFO] OK, one_gadget is Honest!

You can specify a version:

honest github:bbatsov/rubocop gem:rubocop -v 0.55.0
# [INFO] OK, rubocop is Honest!

Compare with a local directory:

$ honest ./httpie pip:httpie -v 0.9.8
# [INFO] OK, httpie is Honest!

See help for more details

$ honest
# Honest version 1.0.0
# Usage: honest [-h/--help] [--version]
#               <git-url> <package> [-v version[:version]]
#
# Examples:
#        honest --version
#        honest github:david942j/one_gadget gem:one_gadget
#        honest github:david942j/one_gadget gem:one_gadget -v master:1.6.0
#        honest https://github.com/pypa/setuptools pip:setuptools -v 39.0.1
#        honest ~/path_on_my_laptop/seccomp-tools gem:seccomp-tools -v 1.2.0
#
# Options:
#        -h, --help
#               Show this usage.
#        --version
#               Display version information and exit.
#
# Git Url Parameter:
#        <git-url> can be:
#               - A relative/absolute path
#               - An url like https://<git host>/<author>/<project>
#               - <github|bitbucket|gitlab>:<author>/<project>
#        If no branch/commit/tag is specified in the `-v` option, the latest release(tag) will be used.
#        With this behavior we can have the simplest usage of honest: `$ honest github:user/proj pip:proj`.

Screenshots

Supported Package Manager

RubyGems (Ruby)
PyPi (Python)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 25

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗