Skip to content

Latest commit

 

History

History
67 lines (53 loc) · 2.79 KB

File metadata and controls

67 lines (53 loc) · 2.79 KB
layout home
hero
name image text tagline actions
Limier
src alt
/logo.png
Limier logo
Understand what a dependency upgrade actually did
Limier compares two versions of the same dependency in a controlled fixture and tells you whether the change looks safe, needs review, should be blocked, or should be rerun.
theme text link
brand
Get Started
/guide/getting-started
theme text link
alt
Use In CI
/guide/ci-and-deploy
theme text link
alt
Review Your Project
/guide/review-your-own-project
features
title details
Compare the same workflow twice
Limier runs your baseline and candidate dependency versions in the same fixture, with the same scenario, so the diff is easier to trust.
title details
See a reviewer-facing outcome
The result is intentionally simple: `good_to_go`, `needs_review`, `block`, or `rerun`, with a JSON report, Markdown summary, and evidence bundle.
title details
Use it where reviews already happen
Run Limier locally while investigating a package upgrade or wire it into CI to review dependency changes automatically.

What Is Limier?

Limier is a CLI tool for one narrow job: compare a baseline dependency version with a candidate version inside the same sample application, capture what changed, and tell a reviewer what to do next.

It is especially useful when you want to answer questions like:

  • Did this dependency start launching a new process?
  • Did install-time behavior change?
  • Did the package stop behaving the same way in a realistic sample app?
  • Is this difference benign, suspicious, or too noisy to trust?

Limier is intentionally not a general-purpose application security scanner. It is focused on dependency behavior drift.

How A Review Works

  1. Pick the dependency you want to review.
  2. Point Limier at a fixture that uses that dependency.
  3. Give Limier a scenario that says how to install and exercise the fixture.
  4. Run the same scenario against the current version and the candidate version.
  5. Inspect the verdict, findings, and evidence.

Supported Ecosystems

The current adapters are:

  • npm
  • pip
  • cargo

Start Here