0.1.0 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform
Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.
MIT - MIT LicenseHoplon is a package that helps you verify that the code in your project's dependencies
contains exactly what's on their GitHub and no other malicious code.
Hoplon is a set of tools to create and share signed "audits" describing the security status of hexpm (or other) packages. It allows you to maintain a collection of "trusted keys" - people whose audits you can fetch and take into account when assessing packages you (want to) use.
See CodeBEAM STO presentation slides for details. Video of the talk coming soon.
There is no current version of hoplon on hex.pm, you need to get it from github:
defp deps do
[
{:hoplon, github: "nietaki/hoplon"},
]
end
After you add it to your dependencies, you gain access to the relevant hoplon tasks.
The currently relevant hoplon tasks are mix hoplon.fetch, mix hoplon.my_key,
mix hoplon.status and mix hoplon.trusted_keys
All of those mix tasks come with documentation:
mix help hoplon.trusted_keys