Consider using builtin importlib.metadata

anthonyharrison / sbom4python

A tool to generate a SBOM (Software Bill of Materials) for an installed Python module

Apache License 2.0

25 stars 6 forks source link

Consider using builtin importlib.metadata #17

Open EvaSDK opened 1 month ago

EvaSDK commented 1 month ago

Using pip show to collect package metadata only returns a select few metadata of a package. Using importlib.metadata would allow accessing to all of them, such as Download-URL, Project-URL, and Maintainer. See https://packaging.python.org/en/latest/specifications/core-metadata/. This should make the code slightly faster and more reliable.

anthonyharrison commented 4 weeks ago

Thanks for the suggestion.