Hi. I am wondering if there exists a tool to determine if a given package is installable without pulling any artifact. It has a meaning in different contexts:
- if I want to be able to review all code involved in my computations (by hand or automatically)
- if I want to make sure the application does not build on top of a 3rd party library (for licencing purposes for example)
I have not found anything on that subject…
It could be done, I guess, by browsing the package dependencies recursively until failed or no artifact dependency found.
Does anyone has an advice on how to do that ?