Using Important Packages and Package Aliases
As of v0.119.0, DMD includes the ability to start capturing Package Aliases and Important Packages.
Package Aliases are a means to provide a canonical name to refer to a given package (for instance go could be used to refer to docker.io/library/golang, go and github.com/golang/go).
Important Packages are a means to provide an organisation-specific view over which packages are important (for some specific reason to you and how you use it).
Package Aliases
In future versions of DMD, there will be a number of pre-computed Package Aliases.
Until then, we can add our own to define common package names and query them more easily.
For instance, Go modules may be known by different module import paths, which include the current major version.
As we can see with oapi-codegen, the package has also migrated between different organisations on GitHub, as well as having two major module import paths, which we can see below:
| platform | organisation | repo | package_name | version | current_version | package_type | package_file_path | dep_types |
|---|---|---|---|---|---|---|---|---|
| github | incident-io | catalog-importer | github.com/oapi-codegen/oapi-codegen/v2 | v2.4.1 | v2.4.1 | golang | go.mod | ["require"] |
| github | incident-io | singer-tap | github.com/deepmap/oapi-codegen | v1.12.4 | v1.12.4 | golang | go.mod | ["require"] |
| gitlab | tanna.dev | dependency-management-data | github.com/oapi-codegen/oapi-codegen/v2 | v2.4.1 | v2.4.1 | golang | tools/go.mod | ["require"] |
To handle these different variants, we can create the following Package Aliases:
INSERT INTO package_aliases (
canonical_name,
package_name,
package_type,
additional_metadata
) VALUES (
'oapi-codegen',
'github.com/deepmap/oapi-codegen',
'golang',
NULL
);
INSERT INTO package_aliases (
canonical_name,
package_name,
package_type,
additional_metadata
) VALUES (
'oapi-codegen',
'github.com/deepmap/oapi-codegen/v2',
'golang',
NULL
);
INSERT INTO package_aliases (
canonical_name,
package_name,
package_type,
additional_metadata
) VALUES (
'oapi-codegen',
'github.com/oapi-codegen/oapi-codegen',
'golang',
NULL
);
INSERT INTO package_aliases (
canonical_name,
package_name,
package_type,
additional_metadata
) VALUES (
'oapi-codegen',
'github.com/oapi-codegen/oapi-codegen/v2',
'golang',
NULL
);
From here, you're now able to query more easily, for instance:
$ dmd --db dmd.db report alias oapi-codegen
Or, more likely, when writing SQL queries:
select
platform,
organisation,
repo,
renovate.package_name,
version,
-- current_version isn't needed with Go modules
package_file_path,
dep_types
from
renovate
inner join package_aliases
on renovate.package_name = package_aliases.package_name
and renovate.package_type = package_aliases.package_type
where
package_aliases.canonical_name = 'oapi-codegen'
Important Packages
As noted in the Important Packages concept overview, Important Packages provide an organisation-specific view on top of the data.
For instance, you may be a company who aims to keep on top of ensuring you're always on top of the version of Go you're using to build + write code against.
For those unfamiliar with Go, there are two distinct versions of Go one uses:
- The version of the Go toolchain (i.e. the
go versionand container versions used) that is used to build the resulting libraries or binaries - The version of the source compatibility (via the
go.mod'sgodirective (docs), which ensures that there is backwards- and forwards-compatibility
Although it is common to focus on upgrading the Go toolchain, it's less straightforward (without tools like DMD) to introspect the source compatibility of the Go modules you're building.
Let's look at the DMD repo - as of 2025-06-28 - to compare what pieces of data we can use to collect this:
| platform | organisation | repo | package_name | version | current_version | package_type | package_file_path | dep_types |
|---|---|---|---|---|---|---|---|---|
| gitlab | tanna.dev | dependency-management-data | golang | 1.24-alpine | 1.24-alpine | docker | .gitlab-ci.yml | ["image"] |
| gitlab | tanna.dev | dependency-management-data | go | 1.21 | 1.24.4 | golang-version | demos/go.mod | ["golang"] |
| gitlab | tanna.dev | dependency-management-data | go | 1.24.0 | 1.24.0 | golang-version | go.mod | ["golang"] |
| gitlab | tanna.dev | dependency-management-data | go | 1.24.4 | 1.24.4 | golang-version | go.mod | ["toolchain"] |
| gitlab | tanna.dev | dependency-management-data | github.com/spdx/tools-golang | v0.5.5 | v0.5.5 | golang | go.mod | ["require"] |
| gitlab | tanna.dev | dependency-management-data | github.com/prometheus/client_golang | v1.20.5 | golang | go.mod | ["indirect"] | |
| gitlab | tanna.dev | dependency-management-data | go | 1.24.0 | 1.24.0 | golang-version | tools/go.mod | ["golang"] |
We can see above that the package_type=golang-version and dep_types=["golang"] indicates the Go directive for the given Go modules.
Before we can capture this as an Important Package, we first need to create a Package Alias:
insert into package_aliases (
canonical_name,
package_name,
package_type,
additional_metadata
) VALUES (
'go-module-source-directive',
'go',
'golang-version',
NULL
);
From here, we can now create an Important Package:
insert into important_packages (
name,
package_alias,
display_name,
additional_metadata
) VALUES (
-- notice that we're duplicating the name here, but we don't have to
'go-module-source-directive',
'go-module-source-directive',
'Go modules source directives',
NULL
);
From here, you're now able to query more easily, for instance:
$ dmd --db dmd.db report important-package go-module-source-directive
(Due to the nature of the data via Renovate, in the above, you would want to ignore the current_version as the version is more important here, as the raw version defined in the go directive)
Alternatively, when writing SQL queries:
select
platform,
organisation,
repo,
renovate.package_name,
version,
-- current_version isn't needed with Go modules
package_file_path,
dep_types
from
renovate
inner join package_aliases
on renovate.package_name = package_aliases.package_name
and renovate.package_type = package_aliases.package_type
inner join important_packages
on package_aliases.canonical_name = important_packages.package_alias
where
important_packages.name = 'go-module-source-directive'
-- additional filtering, as `dep_types` aren't taken into account by `important_packages`
and
dep_types = '["golang"]'