The collection of dependencies could be done with a mix of parsing manifests and lockfiles (See scancode-toolkit for this) or issuing the build commands that can create this data otherwise. See https://github.com/nexB/dependency-inspector/issues/2 for some ideas.
It would be awesome to be able to trace which files and dependencies are either:
This would be an excellent input to further usage downstream such as:
The collection of used files could be done with strace and https://github.com/nexB/tracecode-toolkit-strace
The collection of dependencies could be done with a mix of parsing manifests and lockfiles (See scancode-toolkit for this) or issuing the build commands that can create this data otherwise. See https://github.com/nexB/dependency-inspector/issues/2 for some ideas.