VDM is a simple tool for managing external dependencies. VDM uses a dependency manifest written in Starlark and patch files to download the dependencies into a source repository.
VDM uses itself to manage its dependencies, so the VDM codebase functions as an example.
VDM works with a dependencies manifest called deps.bzl. This uses Starlark syntax to express the set of dependencies.
Commands:
- The dependencies specified in
deps.bzlare installed in the source repo usingvdm vendor. - The dependency manifest is updated with newer minor/patch versions using
vdm update. Note that this will not affect the source repository without subsequently callingvdm vendor. - The dependency graph can be checked for vulnerabilities and analysed for unused dependencies using
vdm check ROOTS. The given roots are one or more Bazel path.- As an example, the VDM repository is checked using
vdm check //:vdm //cmd/... //internal/....
- As an example, the VDM repository is checked using