sbom 2.1.0 sbom: ^2.1.0 copied to clipboard
A Software Bill of Materials generator specifically for Dart packages.
We analyzed this package 40 hours ago, and awarded it 150 pub points (of a possible 160):
0/10 points: Provide a valid pubspec.yaml
Failed to verify repository URL.
Please provide a valid repository
URL in pubspec.yaml
, such that:
repository
can be cloned,- a clone of the repository contains a
pubspec.yaml
, which:,- contains
name: sbom
, - contains a
version
property, and, - does not contain a
publish_to
property.
- contains
Repository has multiple matching pubspec.yaml
with name: sbom
.
5/5 points: Provide a valid README.md
5/5 points: Provide a valid CHANGELOG.md
10/10 points: Use an OSI-approved license
Detected license: MIT
.
10/10 points: 20% or more of the public API has dartdoc comments
127 out of 244 API elements (52.0 %) have documentation comments.
Some symbols that are missing documentation: sbom
, sbom.SbomConstants.binDir
, sbom.SbomConstants.louder
, sbom.SbomConstants.pubspecDescription
, sbom.SbomConstants.pubspecVersion
.
10/10 points: Package has an example and has no issues with screenshots
20/20 points: Supports 5 of 6 possible platforms (iOS, Android, Web, Windows, macOS, Linux)
-
✓ Android
-
✓ iOS
-
✓ Windows
-
✓ Linux
-
✓ macOS
These platforms are not supported:
Package not compatible with platform Web
Because:
package:sbom/sbom.dart
that imports:dart:io
0/0 points: WASM compatibility
Package not compatible with runtime wasm
Because:
package:sbom/sbom.dart
that imports:dart:io
This package is not compatible with runtime wasm
, and will not be rewarded full points in a future version of the scoring model.
See https://dart.dev/web/wasm for details.
50/50 points: code has no errors, warnings, lints, or formatting issues
10/10 points: All of the package dependencies are supported in the latest version
Package | Constraint | Compatible | Latest |
---|---|---|---|
args |
^2.5.0 |
2.6.0 | 2.6.0 |
crypto |
^3.0.5 |
3.0.6 | 3.0.6 |
meta |
^1.15.0 |
1.16.0 | 1.16.0 |
path |
^1.8.3 |
1.9.1 | 1.9.1 |
yaml |
^3.1.2 |
3.1.2 | 3.1.2 |
Transitive dependencies
Package | Constraint | Compatible | Latest |
---|---|---|---|
collection |
- | 1.19.1 | 1.19.1 |
source_span |
- | 1.10.0 | 1.10.0 |
string_scanner |
- | 1.4.0 | 1.4.0 |
term_glyph |
- | 1.2.1 | 1.2.1 |
typed_data |
- | 1.4.0 | 1.4.0 |
To reproduce run dart pub outdated --no-dev-dependencies --up-to-date --no-dependency-overrides
.
10/10 points: Package supports latest stable Dart and Flutter SDKs
20/20 points: Compatible with dependency constraint lower bounds
pub downgrade
does not expose any static analysis error.
Analyzed with Pana 0.22.15
, Dart 3.5.4
.
Check the analysis log for details.