Project Ideas DependentCode A Mostly Universal Package Dependency Resolver

DependentCode: a mostly universal Package dependency resolver

The goal of this project is to create a tool for a universal package dependency resolution that should leverage the detected packages and package dependencies from ScanCode as Package URLs and provide a good enough way to resolve the dependencies "transitive closure" for many system and application package formats.

ScanCode can parse and collect first-level direct dependencies from package managers. It can also collect resolved dependencies from lock files.

DependentCode would provide dependency resolution to get all other transitive dependencies either:

• in a generic way, using its own resolution engine and strategies (possibly using a SAT solver)
• or using each package management tool, either reusing the resolvers from ORT or crafting new resolvers

This is a green field project.

• Level

  • Advanced

• Tech

  • Python, C/C++, Rust, SAT

• URLS

  • https://github.com/package-url
  • https://fosdem.org/2018/schedule/event/purl/
  • https://github.com/heremaps/oss-review-toolkit
  • https://gist.github.com/pombredanne/d3585617882f91d9316be5ce5eddf190

• Mentors

  • @pombredanne https://github.com/pombredanne