Todo-list¶
Todo
Implement a best matching strategy, across package managers of different kinds.
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/docs/dump.md, line 87.)
Todo
Add an --installed boolean flag to search to reduce the searched packages to those already installed. (installed itself now accepts a QUERY argument to filter its own listing.)
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/docs/duplicates.md, line 90.)
Todo
Today every extractor is local-only (shell-outs to the
manager’s CLI, plus on-disk reads). When extractors start
reaching for network resources (PyPI’s JSON API, npm’s
registry, crates.io, GitHub’s security advisories) the
--bundled flag will no longer be a fine-grained enough
knob: some users will want enrichment but not network
traffic (offline scans, CI without egress). The natural
split is a future --network/--no-network flag layered
under --bundled to gate the network-touching code paths
specifically, leaving local enrichment always-on for
--bundled.
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/manager.py:docstring of meta_package_manager.manager.PackageManager.package_metadata_batch, line 28.)
Todo
Candidate ecosystems for project-scope discovery. Listed with the
project files that signal each, grouped by whether mpm already
ships a system-scoped manager that could grow a project mode.
Already covered by a manager (npm, yarn, pnpm, pip,
uv, cargo, gem, composer, cpan):
JavaScript:
package.json,package-lock.json,yarn.lock,pnpm-lock.yamlPython:
requirements.txt,pyproject.toml,poetry.lock,uv.lockRust:
Cargo.toml,Cargo.lockRuby:
Gemfile,Gemfile.lockPHP:
composer.json,composer.lockPerl:
cpanfile
No manager yet:
Java:
pom.xml(Maven),build.gradle(Gradle),ivy.xmlGo:
go.mod,go.sum.NET:
*.csproj,packages.config(NuGet)Swift:
Package.swift,Package.resolvedCocoaPods:
Podfile,Podfile.lockC/C++:
conanfile.txt(Conan),vcpkg.json(vcpkg)Conda:
conda-lock.yml
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/manager.py:docstring of meta_package_manager.manager.PackageManager.discover_projects, line 11.)
Todo
Reuse the mapping that is proposed upstream to the package-url Python project.
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/specifier.py:docstring of meta_package_manager.specifier.PURL_MAP, line 16.)
Todo
Use the removed variable to detect removed packages (which are
reported with a (!) flag). See:
https://github.com/caskroom/homebrew-cask/blob/master/doc
/reporting_bugs/uninstall_wrongly_reports_cask_as_not_installed.md
and https://github.com/kdeldycke/meta-package-manager/issues/17 .
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/homebrew.py:docstring of meta_package_manager.managers.homebrew.Homebrew.installed, line 31.)
Todo
Evaluate findpython (the
maintained MIT rewrite of pythonfinder) to replace the discovery
loop here. It would only cover discovery: the eligibility filters
(_running_from_bundled_app(), _pip_install_blocked())
stay mpm’s job, since findpython locates interpreters but does not
judge whether pip install is allowed into one.
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/pip.py:docstring of meta_package_manager.managers.pip.Pip.search_all_cli, line 17.)
Todo
Drop the fallback, which mimics Pip.outdated(), once pipx
1.16.0 is old enough to be required outright.
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/pipx.py:docstring of meta_package_manager.managers.pipx.Pipx.outdated, line 53.)
Todo
Automatically uninstall the package if the technology is different:
PS C:\Users\kev> winget upgrade --id Microsoft.Edge
A newer version was found, but the install technology is different from the current version installed. Please uninstall the package and install the newer version.
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/winget.py:docstring of meta_package_manager.managers.winget.WinGet.upgrade_one_cli, line 15.)
Todo
Contribute generic autodetection method to Click Extra?
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/sbom/base.py:docstring of meta_package_manager.sbom.base.SBOM.autodetect_export_format, line 4.)
Todo
Contribute generic autodetection method to Click Extra?
(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/sbom/base.py:docstring of meta_package_manager.sbom.base.SBOM.autodetect_export_format, line 4.)