Todo-list

Todo

Implement a best matching strategy, across package managers of different kinds.

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/docs/dump.md, line 87.)

Todo

Add an --installed boolean flag to search to reduce the searched packages to those already installed. (installed itself now accepts a QUERY argument to filter its own listing.)

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/docs/duplicates.md, line 90.)

Todo

Today every extractor is local-only (shell-outs to the manager’s CLI, plus on-disk reads). When extractors start reaching for network resources (PyPI’s JSON API, npm’s registry, crates.io, GitHub’s security advisories) the --bundled flag will no longer be a fine-grained enough knob: some users will want enrichment but not network traffic (offline scans, CI without egress). The natural split is a future --network/--no-network flag layered under --bundled to gate the network-touching code paths specifically, leaving local enrichment always-on for --bundled.

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/manager.py:docstring of meta_package_manager.manager.PackageManager.package_metadata_batch, line 28.)

Todo

Candidate ecosystems for project-scope discovery. Listed with the project files that signal each, grouped by whether mpm already ships a system-scoped manager that could grow a project mode.

Already covered by a manager (npm, yarn, pnpm, pip, uv, cargo, gem, composer, cpan):

  • JavaScript: package.json, package-lock.json, yarn.lock, pnpm-lock.yaml

  • Python: requirements.txt, pyproject.toml, poetry.lock, uv.lock

  • Rust: Cargo.toml, Cargo.lock

  • Ruby: Gemfile, Gemfile.lock

  • PHP: composer.json, composer.lock

  • Perl: cpanfile

No manager yet:

  • Java: pom.xml (Maven), build.gradle (Gradle), ivy.xml

  • Go: go.mod, go.sum

  • .NET: *.csproj, packages.config (NuGet)

  • Swift: Package.swift, Package.resolved

  • CocoaPods: Podfile, Podfile.lock

  • C/C++: conanfile.txt (Conan), vcpkg.json (vcpkg)

  • Conda: conda-lock.yml

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/manager.py:docstring of meta_package_manager.manager.PackageManager.discover_projects, line 11.)

Todo

Reuse the mapping that is proposed upstream to the package-url Python project.

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/specifier.py:docstring of meta_package_manager.specifier.PURL_MAP, line 16.)

Todo

Use the removed variable to detect removed packages (which are reported with a (!) flag). See: https://github.com/caskroom/homebrew-cask/blob/master/doc /reporting_bugs/uninstall_wrongly_reports_cask_as_not_installed.md and https://github.com/kdeldycke/meta-package-manager/issues/17 .

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/homebrew.py:docstring of meta_package_manager.managers.homebrew.Homebrew.installed, line 31.)

Todo

Evaluate findpython (the maintained MIT rewrite of pythonfinder) to replace the discovery loop here. It would only cover discovery: the eligibility filters (_running_from_bundled_app(), _pip_install_blocked()) stay mpm’s job, since findpython locates interpreters but does not judge whether pip install is allowed into one.

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/pip.py:docstring of meta_package_manager.managers.pip.Pip.search_all_cli, line 17.)

Todo

Drop the fallback, which mimics Pip.outdated(), once pipx 1.16.0 is old enough to be required outright.

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/pipx.py:docstring of meta_package_manager.managers.pipx.Pipx.outdated, line 53.)

Todo

Automatically uninstall the package if the technology is different:

PS C:\Users\kev> winget upgrade --id Microsoft.Edge
A newer version was found, but the install technology is different from the current version installed. Please uninstall the package and install the newer version.

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/managers/winget.py:docstring of meta_package_manager.managers.winget.WinGet.upgrade_one_cli, line 15.)

Todo

Contribute generic autodetection method to Click Extra?

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/sbom/base.py:docstring of meta_package_manager.sbom.base.SBOM.autodetect_export_format, line 4.)

Todo

Contribute generic autodetection method to Click Extra?

(The original entry is located in /home/runner/work/meta-package-manager/meta-package-manager/meta_package_manager/sbom/base.py:docstring of meta_package_manager.sbom.base.SBOM.autodetect_export_format, line 4.)