Thirdpass
Coordinated supply chain review.
Thirdpass directs review effort toward package artifacts that need coverage, records structured findings, and lets projects check their dependencies from the terminal.
Recent Reviews
View all reviewsShowing 1 of 1 reviewed packages
How Thirdpass Builds Review Coverage
Assign review targets
The server directs review effort toward packages and files that need coverage.
Layered evidence
Reviews can cover part of a package, adding evidence without certifying the whole thing.
Check dependency coverage
Projects query accumulated review data with thirdpass check.
Quickstart
Contribute reviews and check dependency coverage from your terminal.
Help review the shared package pool:
$ thirdpass review-anyReview specific files:
$ thirdpass review d3 4.10.0 \
--file index.js \
--file build/d3.jsCheck accumulated reviews for your dependencies:
$ thirdpass checkDesigned for multiple ecosystems
Thirdpass supports dependency ecosystems through extensions.
| Ecosystem | Registry | Extension | Availability |
|---|---|---|---|
| Rust | crates.io | thirdpass-rs | Built in |
| Python | pypi.org | thirdpass-py | Built in |
| JavaScript | npmjs.com | thirdpass-js | Built in |
| Ansible Galaxy | galaxy.ansible.com | thirdpass-ansible | External |