11

Is there an automated way to determine or find the end of life (EOL)/end of support (EOS) notices for libraries?

The specific context behind this:

Our software uses about 50+ libraries as well as a few platforms. What I can't seem to find is an automated solution that tells you whether a particular library has reached end of support.

The current solution I came across is Black Duck. My understanding (after using Code Center only) is that Black Duck is more concerned about OSS governance and does not include proprietary software. Black Duck does inform the user about security updates and license conflicts, but from what I can see it does not inform the user of EOL/EOS.

Our current workaround at the moment is to do the following:

  • Have a list of all the libraries that we use (we do this with Artifactory)
  • Periodically check the library website for any notices
  • Then maintain this in some form (currently a wiki page, which is a nightmare)

For terminology purposes:

A library either a jar or npm module

Shiraaz.M
  • 3,073
  • 2
  • 24
  • 40
  • 4
    If you find a way I would be interested as we provide software and would use this provide such an announcement. – Peter Lawrey Mar 04 '16 at 13:15
  • https://search.maven.org/classic/#api to find latest version, but not EOL – user669789 Jan 21 '21 at 16:36
  • 1
    I'm assuming for something like this to work (or exist) there would also need to be some sort of common/standard way of communicating EOL or new versions. At the moment it seems random for some libraries, its either on a blog, RSS feed, mentioned on ReadMe.md's or logged as issues in whatever bug tracker they use. – Navigatron Dec 09 '21 at 14:03

1 Answers1

1

Yes, there are automated solutions that can help determine the EOL/EOS notices for libraries. However, it might depend on the type of library you are using, whether it is open source or proprietary.

For open source libraries, you can use services like the npm registry, PyPI (Python Package Index), or RubyGems to track updates and see when a library has reached its end of life or end of support. Additionally, some library maintainers may publish EOL/EOS notices on their own websites, or in their release notes.

For proprietary libraries, you can check with the vendor or the library's documentation for information on its end of life or end of support. You could also reach out to the vendor's customer support for any updates on the library's status.

In summary, there is no single solution for tracking EOL/EOS notices for all libraries, but using a combination of sources such as the library's official website, release notes, and vendor support can help you keep track of the status of the libraries you use.

Siyabend Özdemir
  • 45
  • 7