search

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Creative Commons Attribution 4.0 International
1.75k stars 336 forks source link

Support for ecosystem CTAN #756

Open MartinScharrer opened 2 years ago

MartinScharrer commented 2 years ago

Hello,

a good number of LaTeX packages which are on the CTAN (https://ctan.org/) registry are hosted on GitHub including the LaTeX3 Project and LaTeX2e itself. It would be good if dependencies could also be tracked on GitHub. While used for typesetting, LaTeX (though the underlying TeX) is a full tuning complete programming language with a large open source community providing many packages extending (La)TeX for several decades.

Similar to the requirements.txt of Python, there can be a DEPENDS.txt file for LaTeX packages describing the required dependencies. The file simply lists the packages (without version) and allows a prefix 'hard', 'soft' or 'package'. Soft dependencies are for conditional features, e.g. only enabled through package options.
The format is defined at https://tug.org/texlive/pkgcontrib.html#deps.

An example can be found at: https://github.com/MartinScharrer/adjustbox/blob/main/DEPENDS.txt e.g. adjustbox depends hard on collectbox as well as soft on ifoddpage and storebox

KateCatlin commented 1 year ago

Thank you for suggesting this! I'll keep this issue open for others to comment/emoji if also interested.