10 releases

0.3.2 Nov 23, 2021
0.3.0 Nov 22, 2021
0.2.7 Oct 30, 2021
0.2.5 Apr 23, 2021
0.1.0 Feb 4, 2021

#3 in #vouch

Download history 5/week @ 2023-10-31 9/week @ 2023-11-07 31/week @ 2023-11-14 12/week @ 2023-11-21 22/week @ 2023-11-28 10/week @ 2023-12-12 20/week @ 2023-12-26 1/week @ 2024-01-09 22/week @ 2024-01-16 15/week @ 2024-01-23 20/week @ 2024-01-30 1/week @ 2024-02-06 67/week @ 2024-02-13

106 downloads per month

MIT license




🔍 A multi-ecosystem package code review system. 🔍



Software packages are usually used without review. Who's checked the code? Typically, no one but the author. Vouch is a review system designed to solve this problem.

Vouch evaluates software dependencies using user generated micro-reviews. Even single line reviews become powerful when aggregated!

Getting Started


First, lets setup Vouch. During setup we can optionally specify a git repository URL for publishing reviews.

vouch setup https://github.com/<username>/reviews


Extensions enable Vouch to create reviews for packages from different ecosystems. For example, the Python extension adds support for pypi.org packages. By default, Vouch includes extensions for Python and Javascript. Add an extension using the following command:

vouch extension add py

or via any GitHub repository URL:

vouch extension add https://github.com/vouch-dev/vouch-py

Official Extensions

Name Ecosystem Package Registries
vouch-py Python pypi.org
vouch-js Javascript npmjs.com
vouch-ansible Ansible Galaxy galaxy.ansible.com


(Note: Vouch currently requires VSCode to create reviews.)

Vouch supports multiple ecosystems and is extendable. For now, Python and Javascript support comes built-in. Lets review the NPM Javascript package d3 at version 4.10.0:

vouch review d3 4.10.0


Subscribe to reviews created by other users using the command:

vouch peer add https://github.com/vouch-dev/example-reviews


The sync command pulls new reviews from peers and publishes user generated reviews:

vouch sync


Reviews created using Vouch can be used to evaluate software project dependencies. Vouch extensions can discover ecosystem specific dependency definition files. For example, the Python extension parses Pipfile.lock files.

The check command generates an evaluation report of local project dependencies based on available reviews:

vouch check


~1.5M SLoC