Choosing dependencies using

Choosing a project’s dependencies is something we sometimes overlook, but it can have a very relevant impact. The following image illustrates the idea:


To facilitate this process, Google recently launched a new project, Its slogan summarizes its objective: Understand your dependencies. The tool supports programming languages such as JavaScript, Rust, Go, Python, and Java.

To show the advantages, imagine a scenario: a team is developing an API in Go and needs to choose a library to implement the Circuit Breaker pattern. After some research on the internet and the excellent website Awesome Go, they reduced the list to the following options:

Let’s search each in to start the comparison. These are the links to the analysis of the libs:

Some of the information presented stood out to me. For example, in the analysis of gobreaker:

  • The tool creates a score for the lib, using criteria such as security, license, and whether it is actively maintained:


  • We can see how many dependencies the lib has and how many projects are using it, which can be a good sign of quality and trust from the community:


It is also possible to see if the lib has any security warnings. The mercari/go-circuitbreaker lib presents a risk in this regard:


With this information, the team can make a safer decision as to which libs they can use in their project.

Another handy feature is that has an API. With this API, it is possible to create a check in the project’s Continuous Integration service to verify if there are any security warnings related to dependencies or if there is a new version of an essential library. is a worthwhile project that can help teams choose and manage their project’s dependencies.