vet_core

Scanner core for Vet, a static-analysis security scanner for Elixir dependencies. Walks the AST of every dependency in your lock file and flags supply-chain attack indicators.

Most users should depend on vet_cli instead, which provides the mix vet and mix vet.check tasks.

Direct API

VetCore.scan(project_path, opts)
VetCore.PreInstallCheck.check_package(:some_package)
VetCore.PreInstallCheck.check_deps(project_path)
VetCore.VersionDiff.diff(path, :pkg, "1.0.0", "1.1.0")

See the main README for full documentation.