Find alternatives for a package with Trusty
Developers frequently encounter the need to seek alternative packages to those they're familiar with, either due to security concerns, compatibility issues, changing dependencies, or the search for enhanced performance and functionality. Trusty uses generative AI to provide a list of related packages and their scores, to help developers find and assess alternative dependencies.
The Need for Alternative Packages
Locating a suitable alternative can sometimes be driven by:
- Security concerns or vulnerabilities.
- Compatibility or dependency challenges.
- Searching for better performance or features.
- Seeking more actively maintained packages.
- Evolving project requirements.
Navigating to Trusty's Alternative Finder
- Visit the Trusty website and navigate to the search bar.
- Type the package name of interest (e.g., "next" for npm).
- From the listed options, select the package that best fits your search.
- Once on the package's page, you'll be presented with a comprehensive overview, including the Trusty Score – a reliable indicator of a package's trustworthiness.
Exploring Alternative Packages
Scroll down to the bottom of the page, where you'll find the 'Alternative Packages' section. Here, you'll see a list of similar packages along with their respective Trusty Scores. This score is crucial as it offers an overall assessment of a package's risk based on repo and author activity.
Keeping it real:
-
Proactive Analysis: For packages not previously sought on Trusty, you might experience a brief delay before alternatives appear. This momentary pause is due to Trusty's real-time assessment, ensuring the presentation of precise and reliable alternatives.
-
Feedback Mechanism: If a suggested alternative doesn't align with your needs or seems off the mark, don't hesitate to submit a ticket and share your thoughts via the Provide Feedback link on the package page. We greatly appreciate user feedback and are consistently fine-tuning our system to heighten the relevance and accuracy of our recommendations.
-
LLM Disclaimer: Please be aware that Trusty utilizes Large Language Models (LLMs) in the process of identifying potential alternative packages. While LLMs are powerful, they might occasionally produce unintended or unexpected results, sometimes known as "hallucinations." Trusty gates hallucinations by passing all LLM package recommendations through the trusty PCA model. This way package alternatives recommended by the large language model verified as existing and assessed for risks and activity such as typosquatting. This helps negates against LLM poison attacks.
Always double-check the suggested packages and ensure they truly cater to your specific requirements before integrating them into your projects.