Project idea: dependencies information getter

[pawamoy]

To help implementing #4, #5 and pawamoy/copier-uv#37 without spaghetti code, maybe I should create a new project that reads PDM dependencies from both pyproject.toml and pdm.lock and queries various information from PyPI indexes or other online databases to extract as much information as possible about Python packages, and cache it locally (a given package's metadata never changes, supposedly).

Useful information:

• name
• summary
• version
• URLs
• license (SPDX identifier?)
• direct/indirect production dependency?
• direct/indirect development dependency? (not mutually exclusive with production deps)
• dependencies
• parent dependencies if any (maybe hard to keep a clean cache)

A config file should also allow to add items manually, such as Python, PDM, safety and copier-pdm itself.

All these metadata could then be used to generate the credits file, check for dependency confusion, license compatibility issues, and even CVEs using safety/skjold.

[pawamoy]

Ah, this could be implemented as a PDM plugin by the way. Example here: https://github.com/branchvincent/pdm-publish. Discussion here: pdm-project/pdm#578

[pawamoy]

I don't think I need this anymore.