Open felickz opened 1 month ago
@felickz I'm not too familiar with this, but I briefly looked over the spec and it seems like parsing the file to generate a flat list of dependencies would be fairly straightforward, but there isn't a good mechanism included for generating a dependency graph (which packages brought in which dependencies).
If you have any additional context here such as how frequently this is used in Python builds, I would appreciate it.
Today component detection is not able to detect any packages in the
Pipfile
/Pipefile.lock
manifests.