Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
- API
  
  Reference documentation for the pkg.go.dev API
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

pin

package module

Go to main page

Versions in this module

v0

v0.1.0

May 13, 2026

Changes in this version

+ const DefaultLock

+ const DefaultManifest

+ const ExitOutdated

+ const ExitYanked

+ const SeverityBehind

+ const SeverityDeprecated

+ const SeverityOK

+ const SeverityProvenanceDowngrade

+ const SeverityYanked

+ const ToolName

+ var ErrFrozenDrift = errors.New("manifest and lockfile disagree")

+ var ErrNoLockfile = errors.New("no lockfile; run sync first")

+ var ErrPathCollision = errors.New("two assets resolve to the same output path")

+ var ErrPathEscape = errors.New("output path escapes out directory")

+ var ErrProvenanceMissing = errors.New("no attestation recorded")

+ var ErrPublisherMismatch = errors.New("attestation source repository mismatch")

+ var ErrVerifyFailed = errors.New("verify failed")

+ var ToolVersion = "dev"

+ func EncodeLock(l *lock.Lock) ([]byte, error)

+ func Init(dir, manifestPath string) error

+ func OutdatedExitCode(reports []OutdatedReport) int

+ func Path(name string, opts VerifyOptions) ([]string, error)

+ func SBOM(w io.Writer, opts SBOMOptions) error

+ type AddOptions struct

+ Dir string

+ DryRun bool

+ Exact bool

+ Lock string

+ Manifest string

+ RegistryURL string

+ type AddResult struct

+ Entry manifest.Entry

+ Resolved string

+ SyncResult *SyncResult

+ func Add(ctx context.Context, spec string, files []string, opts AddOptions) (*AddResult, error)

+ type Client struct

+ Forge *forge.Source

+ NPM *npm.Source

+ URL *rawurl.Source

+ func New(opts ClientOptions) *Client

+ func (c *Client) Add(ctx context.Context, spec string, files []string, opts AddOptions) (*AddResult, error)

+ func (c *Client) Outdated(ctx context.Context, opts OutdatedOptions) ([]OutdatedReport, error)

+ func (c *Client) RegisterResolver(purlType string, r source.Resolver)

+ func (c *Client) Remove(ctx context.Context, names []string, opts SyncOptions) (*SyncResult, error)

+ func (c *Client) Resolver(purlType string) source.Resolver

+ func (c *Client) Sync(ctx context.Context, opts SyncOptions) (*SyncResult, error)

+ func (c *Client) Verify(opts VerifyOptions) (*VerifyResult, error)

+ type ClientOptions struct

+ Forge forge.Options

+ HTTPClient *http.Client

+ RegistryURL string

+ SignatureMode npm.SignatureMode

+ Verifier source.ProvenanceVerifier

+ type Drift struct

+ Actual string

+ Expected string

+ Out string

+ type ListEntry struct

+ Integrity string

+ Name string

+ Out string

+ PURL string

+ Path string

+ Size int64

+ Type string

+ Version string

+ func List(opts VerifyOptions) ([]ListEntry, error)

+ type OutdatedOptions struct

+ Dir string

+ Lock string

+ RegistryURL string

+ type OutdatedReport struct

+ AgeDays int

+ Behind bool

+ Deprecated string

+ LastPublish string

+ Latest string

+ LicenseChange bool

+ LicenseLatest string

+ LicenseLocked string

+ Locked string

+ Name string

+ ProvenanceDowngrade bool

+ ProvenanceUpgrade bool

+ Unmaintained bool

+ Yanked bool

+ func Outdated(ctx context.Context, opts OutdatedOptions) ([]OutdatedReport, error)

+ func (r *OutdatedReport) Severity() string

+ type SBOMFormat string

+ const SBOMCycloneDXJSON

+ const SBOMCycloneDXXML

+ const SBOMSPDXJSON

+ type SBOMOptions struct

+ Dir string

+ Format SBOMFormat

+ Lock string

+ StripPinProperties bool

+ type SyncOptions struct

+ Concurrency int

+ Dir string

+ DryRun bool

+ FS pinfs.Writer

+ Forge forge.Options

+ Frozen bool

+ Lock string

+ Manifest string

+ NoFetch bool

+ RegistryURL string

+ RequirePublisherMatchesRepository bool

+ SignatureMode npm.SignatureMode

+ StrictProvenance bool

+ Update []string

+ UpdateAll bool

+ VerifyProvenance bool

+ type SyncResult struct

+ Changes lock.Changes

+ Lock *lock.Lock

+ Removed []string

+ Written []string

+ func Remove(ctx context.Context, names []string, opts SyncOptions) (*SyncResult, error)

+ func Sync(ctx context.Context, opts SyncOptions) (*SyncResult, error)

+ type VerifyOptions struct

+ Dir string

+ Lock string

+ RegistryURL string

+ Strict bool

+ type VerifyResult struct

+ Drifted []Drift

+ Extra []string

+ Missing []string

+ OK []string

+ func Verify(opts VerifyOptions) (*VerifyResult, error)

+ func (r *VerifyResult) Failed() bool

+ func (r *VerifyResult) Summary() string