To identify bugs in dependencies? I’m not sure that exists.
While implemented, they should write unit tests and those can be tested using Mutation Testing.
To identify bugs in dependencies? I’m not sure that exists.
Exactly this
While implemented, they should write unit tests and those can be tested using Mutation Testing.
Mutation testing is great and your dependencies should be using it to “test their tests” but there’s no way as a dependency consumer to know or control that. Even worse when you add in transient dependencies.
I think the problem is security vulnerabilities are tracked in centralized sources but bugs/issues are a part of whatever repository/issue tracking software each dependency uses.
It feels like this would be killer, whoever implements this.