aboutcode-org / nuget-inspector

Inspect and resolve .NET and NuGet package dependencies like dotnet and nuget do. Fetch manifests data. Runs on Linux, Windows and macOS as a standalone application.
https://github.com/nexB/nuget-inspector
4 stars 4 forks source link

Possibly missing source packages? #20

Open pombredanne opened 1 year ago

pombredanne commented 1 year ago

Using this Sample.csproj.txt file (renamed to /Sample.csproj) :

<?xml version="1.0" encoding="utf-8"?>
<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFrameworks>net5.0</TargetFrameworks>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Castle.Core" Version="5.1.1" />
    <PackageReference Update="Microsoft.Extensions.Configuration.Binder" Version="7.0.0" />    
  </ItemGroup>
</Project>

I run the inspector and I get this output:

sample.json.txt

  1. there are no "sources_packages"
  2. the homepage_url listed here is often the source repo URL:

So this is a bit messy and there is no easy way to get something clean

pombredanne commented 1 year ago

Things are messy and incomplete at best as provided by the NuGet API!

There could be something extra we could do when this is available in the .nuspec at the cost of an extra (expensive) API call and/or we could come with heuristics when the homepage/project URL is @ Github