search

dfetch-org / dfetch

Dependency fetcher
https://dfetch.rtfd.io/
MIT License
11 stars 4 forks source link

Create recommendation from clib package.json #326

Open spoorcc opened 2 years ago

spoorcc commented 2 years ago

As requested by @sach-edna

clib has a wiki page with clib packages which is basically a package registry: https://github.com/clibs/clib/wiki/Packages.

Each of these packages has a package.json that lists dependencies: See for instance https://github.com/aperezdc/hmac-sha256/blob/master/package.json

DFetch could recognize there is a package.json in the root of a repo, see if there are dependencies and see if the package and their dependencies are listed on the wiki page. From this a recommendation could be made for the child packages.

Note ⚠: package.json is also used by other languages such as javascript npm yarn, unity, vscode-extension

spoorcc commented 1 year ago

This also highly resembles a component in the SBoM format CycloneDx https://cyclonedx.org/docs/1.4/json/#components. And there might be some overlap with Package information in SPDX: https://spdx.github.io/spdx-spec/v2.3/package-information/#711-package-home-page-field.

spoorcc commented 1 year ago

See also #270