cobya
commented
1 month ago @felickz I'm not too familiar with this, but I briefly looked over the spec and it seems like parsing the file to generate a flat list of dependencies would be fairly straightforward, but there isn't a good mechanism included for generating a dependency graph (which packages brought in which dependencies).
If you have any additional context here such as how frequently this is used in Python builds, I would appreciate it.
Today component detection is not able to detect any packages in the
Pipfile/Pipefile.lockmanifests.