The use case for this question is when one must submit a FOSS review ticket to your IT organization. One essential field is the URL that Pkg uses to download the package. The organization then downloads the source code and scans it for malware, licenses, etc.
It’s possible to search the internet manually to get all this info, but it would be handy if there was a way to ask Pkg what it is. I don’t see anything in the Pkg documentation for this. Is there a workaround available today and is this on the roadmap for the Pkg developers?