scancode.io icon indicating copy to clipboard operation
scancode.io copied to clipboard

Published 20 hours ago verified publisher icon aboutcode-org

Restructure `inspect_packages` pipeline

Open AyanSinhaMahapatra opened this issue 3 months ago • 0 comments

There are two conflicting use cases that needs to be addressed:

  1. Running a fast package scan to only get package information from manifests and lockfiles
  2. Running a more detailed package scan with package assembly and resolving dependencies (but still faster as this is a package-only scan without license/copyrights)

2 was needed for https://github.com/aboutcode-org/scancode.io/pull/1244 and is what we have now with package assembly and resolving dependencies through the StaticResolver group, but note that we have the same functionality with the ResolveDependencies pipeline, so it be better perhaps to:

  • Have the inspect_packages pipeline only do 1.
  • Have the resolve_dependencies pipeline do 2.

AyanSinhaMahapatra avatar Oct 29 '24 09:10 AyanSinhaMahapatra