After months of development, I am proud to annouce the launch of preview.hex.pm!
It is important to note that this was built on top of all the work that was put into diff.hex.pm. Preview relies on much of the code contributed to that project (thanks, in no small part, to Johanna Larsson.)
Hex Preview is an online tool for viewing the source files of a Hex package. By searching for the package name, and then selecting a version number, you will see all of the files contained in the release.
No, not really. While it is likely the source code of a Github project is the same as the source code in a release, there is absolutely no guarantee that is the case.
It is important to consider any packages you bring into a project need to be vetted for security and quality just as you would vet the project code itself. A malicious actor could very well introduce a security flaw in a Hex release and then put different code on Github. If you are only using Github source to review packages you are making a mistake.
The only way to audit package code before now was to download the package tarball and review it locally. This is still a totally valid method, but I think Hex Preview will be much simpler.
Hex Preview is maintained by the Hex team, hosted on Hex servers, and using releases from the official Hex registry.
Hopefully, users will contribute to the project to make it even better.