Thirdpass
Coordinated supply chain review.
Thirdpass directs review effort toward package artifacts that need coverage, records structured findings, and lets projects check their dependencies from the terminal.
$ thirdpass review-any --nightshiftRecent Reviews
View all reviewsShowing 5 of 42 reviewed packages
How Thirdpass Works
Thirdpass separates ecosystem-specific package handling from review coordination, so coverage gathered for one package artifact can be reused by every project that depends on it.
Extensions resolve packages
Ecosystem extensions find dependency files, understand registry metadata, and fetch exact package archives by version.
The server assigns work
The server keeps a prioritized queue of package versions. Nightshift mode keeps asking for the next target in a loop.
The CLI reviews focused files
Each review focuses on selected files, while the configured review agent can use the rest of the package as context.
Projects check coverage
The check command asks extensions to identify dependencies, then compares them with submitted and committed project reviews.
Quickstart
Contribute reviews and check dependency coverage from your terminal.
Help review the shared package pool:
$ thirdpass review-any --nightshiftReview specific files:
$ thirdpass review d3 4.10.0 \
--file index.js \
--file build/d3.jsCheck accumulated reviews for your dependencies:
$ thirdpass checkDesigned for multiple ecosystems
Thirdpass supports dependency ecosystems through extensions.
| Ecosystem | Registry | Extension | Availability |
|---|---|---|---|
| Rust | crates.io | thirdpass-rs | Built in |
| Python | pypi.org | thirdpass-py | Built in |
| JavaScript | npmjs.com | thirdpass-js | Built in |
| Ansible Galaxy | galaxy.ansible.com | thirdpass-ansible | External |