(no title)

  I scanned all 58 official AWS Terraform modules. Here's what I found.

  terraform-aws-modules is the gold standard. 30k+ GitHub stars on the VPC module alone. Used by thousands of teams in production.

  I pointed MonPhare at the entire org:

    monphare scan --github terraform-aws-modules

    45 seconds later: 58 repos scanned, 2,315 files parsed, 3 errors, 692 warnings.


  Even the best-maintained modules in the ecosystem have constraint hygiene gaps -- missing pins, no upper bounds, unbounded providers that welcome breaking changes on any terraform init.

  Now imagine your own infrastructure. Dozens of repos, hundreds of modules, multiple teams pushing changes. Who's checking that a provider upgrade won't break prod on Monday morning?

  That's what MonPhare does.

  One command to audit version constraints across your entire Terraform/OpenTofu state:

  - Scan a local directory, a remote repo, or an entire GitHub/GitLab/Azure DevOps/Bitbucket org
  - Detect missing constraints, unbounded versions, wildcard pins, deprecated modules, and cross-repo conflicts
  - Generate dependency graphs in DOT, Mermaid, or JSON -- see exactly what depends on what
  - Output as formatted CLI tables, machine-readable JSON, or self-contained HTML reports
  - Drop --strict into your CI pipeline -- warnings become blocking errors, nothing slips through
  - Define policies in monphare.yaml -- deprecation lists, required upper bounds, exclusion patterns -- and enforce them across every
  repo

  Written in Rust. Parallel scanning. Shallow clones with local caching. An entire GitHub org in under a minute.

  Open source: https://github.com/tanguc/monphare