Possibly missing source packages?

Using this Sample.csproj.txt file (renamed to /Sample.csproj) :

<?xml version="1.0" encoding="utf-8"?>
<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFrameworks>net5.0</TargetFrameworks>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Castle.Core" Version="5.1.1" />
    <PackageReference Update="Microsoft.Extensions.Configuration.Binder" Version="7.0.0" />    
  </ItemGroup>
</Project>

I run the inspector and I get this output:

sample.json.txt

there are no "sources_packages"
the homepage_url listed here is often the source repo URL:
- 'pkg:nuget/Microsoft.NETCore.Platforms@3.1.0', 'https://github.com/dotnet/corefx': no source repo, but the homepage_url is a repo and this the same in all API endpoints and its nuspec for this version (this may be different for other versions) ... and even if we had a source repo, there would be an issue as to figure which part of the sources are used in https://github.com/dotnet/corefx/releases/tag/v3.1.0 (which is further more archived)
- 'pkg:nuget/System.Security.Principal.Windows@4.7.0', 'https://github.com/dotnet/corefx', same as above
- 'pkg:nuget/System.Security.AccessControl@4.7.0', 'https://github.com/dotnet/corefx', same as above
- 'pkg:nuget/Microsoft.Win32.Registry@4.7.0', 'https://github.com/dotnet/corefx', same as above
- 'pkg:nuget/System.Diagnostics.EventLog@4.7.0', 'https://github.com/dotnet/corefx', same as above
- 'pkg:nuget/Castle.Core@5.1.1', 'http://www.castleproject.org/': here none of the API endpoint seem to have anything but https://www.nuget.org/packages/Castle.Core lists a source repo as does the nuspec at https://api.nuget.org/v3-flatcontainer/castle.core/5.1.1/castle.core.nuspec but this is empty in the catalog entry https://api.nuget.org/v3/catalog0/data/2022.12.30.09.24.25/castle.core.5.1.1.json

So this is a bit messy and there is no easy way to get something clean

aboutcode-org / nuget-inspector

Possibly missing source packages? #20