GitHub Action - Dependency Wishlist Reporting
Automatically discover and track wishlists from your project dependencies
Action Report Features
A private report of all dependencies with active wishlists, giving you visibility into the sustainability needs of the open source projects you depend on.
Private dependency report: Lists all dependencies with active wishlists
OpenSSF Scorecard & Criticality filters: Optional filtering by Scorecard (0–10) and Criticality (0–1) scores
Multi-ecosystem support: Works with npm, PyPI, Cargo, Maven, RubyGems, Go, NuGet, Hex, Pub, Composer, and more
SBOM analysis: Works with SPDX and CycloneDX formats
Maintainer affiliation flags: Identifies dependencies whose maintainers use Big Tech email domains
Example: Your project depends on 150 open source packages. The action discovers that 12 of them have active wishlists requesting governance support, security audits, or documentation help. Now you can direct your sponsorship budget toward solving real sustainability challenges in your supply chain.
Want to be notified when this launches?
Open an issue to share your use case