| layout | home | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| hero |
|
|||||||||||||||||||||||||||||||||||
| features |
|
Limier is a CLI tool for one narrow job: compare a baseline dependency version with a candidate version inside the same sample application, capture what changed, and tell a reviewer what to do next.
It is especially useful when you want to answer questions like:
- Did this dependency start launching a new process?
- Did install-time behavior change?
- Did the package stop behaving the same way in a realistic sample app?
- Is this difference benign, suspicious, or too noisy to trust?
Limier is intentionally not a general-purpose application security scanner. It is focused on dependency behavior drift.
- Pick the dependency you want to review.
- Point Limier at a fixture that uses that dependency.
- Give Limier a scenario that says how to install and exercise the fixture.
- Run the same scenario against the current version and the candidate version.
- Inspect the verdict, findings, and evidence.
The current adapters are:
npmpipcargo
- Getting Started if you want a first successful run as quickly as possible.
- Use In CI if you want the recommended GitHub and CI workflow shape.
- Review Your Own Project if you already know which dependency and fixture you want to test.
- Understand Results if you have a report and want to know what to do with it.
- Use With Codex if you want to package repository knowledge as a Codex skill or plugin.
- CLI Reference if you want the exact commands and flags.