search

RichardLitt / dependency-cite

Cite all of your software dependencies you use in your research
MIT License
4 stars 0 forks source link

Language parity #1

Open RichardLitt opened 1 year ago

RichardLitt commented 1 year ago

This should work for more than Python. Ideally, it would also work for JavaScript, Golang, Rust, and R.

andrew commented 1 year ago

Happy to help you use @ecosyste-ms to add support for all the languages.

If the paper you are parsing has a Dockerfile, you could even go as far as building the docker image and running https://github.com/anchore/syft on it to get system dependencies from the OS in the Dockerfile.

RichardLitt commented 1 year ago

Thank you! I tried to get @ecosyste-ms to work last night, but I couldn't figure out the API, and one of the endpoints kept hanging.

There's no parsed paper at the moment; this is just trying to get all of the dependencies possible for the software I am using. Do you have a tool that could be run locally that does that?

RichardLitt commented 1 year ago

One thing I may not have been clear enough about: This tool is meant to be used by authors during the writing process of their papers. It is not a post-publication tool.

andrew commented 1 year ago

syft works well for running locally, example command I use: syft packages . -o github-json which gives you something like: 

{
  "version": 0,
  "job": {},
  "detector": {
    "name": "syft",
    "url": "https://github.com/anchore/syft",
    "version": "0.92.0"
  },
  "manifests": {
    ".github/workflows/ci.yml": {
      "name": ".github/workflows/ci.yml",
      "file": {
        "source_location": ".github/workflows/ci.yml"
      },
      "resolved": {
        "pkg:github/actions/checkout@v4": {
          "package_url": "pkg:github/actions/checkout@v4",
          "relationship": "direct",
          "scope": "runtime"
        },
        "pkg:github/actions/setup-node@v3.8.1": {
          "package_url": "pkg:github/actions/setup-node@v3.8.1",
          "relationship": "direct",
          "scope": "runtime"
        },
        "pkg:github/ruby/setup-ruby@v1": {
          "package_url": "pkg:github/ruby/setup-ruby@v1",
          "relationship": "direct",
          "scope": "runtime"
        }
      }
    },
    "Gemfile.lock": {
      "name": "Gemfile.lock",
      "file": {
        "source_location": "Gemfile.lock"
      },
      "resolved": {
        "pkg:gem/actioncable@7.0.8": {
          "package_url": "pkg:gem/actioncable@7.0.8",
          "relationship": "direct",
          "scope": "runtime"
        },
        "pkg:gem/actionmailbox@7.0.8": {
          "package_url": "pkg:gem/actionmailbox@7.0.8",
          "relationship": "direct",
          "scope": "runtime"
        }
      }
    }
  }
}

You can then look up each package using it's "purl" (package url), pkg:gem/actioncable@7.0.8 on the packages service: https://packages.ecosyste.ms/api/v1/packages/lookup?purl=pkg:gem/actioncable@7.0.8

RichardLitt commented 1 year ago

Cool. That's from https://github.com/anchore/syft?

How can I best integrate this with ecosyste.ms? Happy to jump on a call if that's easier, too.

andrew commented 1 year ago

I can do a call tomorrow or thursday this week, or tuesday, wednesday or thursday next week

andrew commented 1 year ago

my email is andrew@ecosyste.ms btw