New REES local analyzer that emits a plain, informational summary of dependency manifest changes — which direct deps were added, removed, or version-changed across package.json / requirements.txt / pyproject / go.mod / Cargo.toml — as a compact reviewer surface. Distinct from the vuln-scanning dependency analyzer: this is the neutral inventory delta (no registry calls), useful even when nothing is vulnerable. Pure compute over manifest patches.
Deliverables
References
review-enrichment/src/analyzers/dependency/descriptor.ts (existing dependency analyzer to draw manifest parsing from — do NOT duplicate its OSV vuln scan)
review-enrichment/src/analyzers/dependency-scan.ts (manifest extraction logic)
review-enrichment/src/analyzers/registry.ts:36-63 (supply-chain local descriptor template)
Part of #1499.
size: S · gittensor:feature
New REES local analyzer that emits a plain, informational summary of dependency manifest changes — which direct deps were added, removed, or version-changed across package.json / requirements.txt / pyproject / go.mod / Cargo.toml — as a compact reviewer surface. Distinct from the vuln-scanning dependency analyzer: this is the neutral inventory delta (no registry calls), useful even when nothing is vulnerable. Pure compute over manifest patches.
Deliverables
DependencyDiffFinding({ ecosystem, package, from: string|null, to: string|null, direction: 'add'|'remove'|'change' }) +dependencyDiff?key to review-enrichment/src/types.tsReferences
review-enrichment/src/analyzers/dependency/descriptor.ts (existing dependency analyzer to draw manifest parsing from — do NOT duplicate its OSV vuln scan)review-enrichment/src/analyzers/dependency-scan.ts (manifest extraction logic)review-enrichment/src/analyzers/registry.ts:36-63 (supply-chain local descriptor template)Part of #1499.
size: S · gittensor:feature