Sergey "Shnatsel" Davidoff

Thank you! Is there any example code I could use as a starting point for integrating `guppy`? Say, could you point me to how cargo-workspace-hack uses it? I'm particularly interested...

I [checked](https://rust-lang.zulipchat.com/#narrow/channel/246057-t-cargo/topic/inspecting.20Cargo.20resolver.20version/near/495157543) with the Cargo team, and obtaining the resolver version without Cargo directly exposing it seems to be practical! I am now convinced that using guppy is feasible. I'd...

`cargo auditable` and `cargo cyclonedx` have different use cases and make different trade-offs. They're not in competition with each other, and I think you should pick the one that works...

Or you could use both tools. This will let you list as many non-binary artifacts as you like in CycloneDX yet keep the binaries-self describing and make their SBOMs impossible...

Regarding the underlying implementation, I would prefer to rely on information exposed by Cargo rather than compatible reimplementations in the long term. Cargo has a project goal for the first...

I've started working on a standalone crate to get the Cargo resolver version: https://github.com/Shnatsel/resolverver

`resolverver` crate MVP is now usable end-to-end. It's still missing documentation, and could use more testing on real-world data. I'm not sure how to arrange said testing - there doesn't...

It's already basically done, so I don't think it will require much maintenance. So sure, I'm up for it. I can simply import it into cargo-auditable workspace and publish it...

Alright, I added docs to `resolverver`, moved the crate into this workspace, and reserved the name on crates.io. @sunshowers are you still interested in contributing a PR to migrate `cargo...

No worries, it isn't urgent. I'm glad this work is no longer blocked by any technical limitations at least.