Dirty-Waters is an automated tool for identifying software supply chain issues in wallet projects. This initial release focuses on analyzing JavaScript cryptocurrency wallet projects and provides the following features:
1. One version Analysis: Examines static data of all dependencies from package registry and source code repository.
2. Differential Analysis: Compares two versions of a project to highlight changes in the source code.
3. Comprehensive Reporting: Generates detailed markdown reports for both static and differential analyses.
Key capabilities:
- Detects dependencies without source code links
- Flags deprecated dependencies
- Highlights dependencies sourced from forks
- Detects dependencies without provenance
- Identifies packages lacking version tags
- Identify first-time author and merger in the source code repository
We welcome feedback and contributions to improve the tool's capabilities and expand its support for other ecosystems.