Pub-dev: [Feature request] Add more info to JSON metadata of packages

Created on 18 May 2019  路  7Comments  路  Source: dart-lang/pub-dev

We can get metadata about a package using the following URL:
https://pub.dev/packages/.json

This is very handy for external services like https://shields.io. But currently, the data returned is very basic: we can't known what SDK constraint the package uses, what is its license, its dependencies.

It would be cool if additional fields would be added to the JSON metadata.

duplicate

All 7 comments

@cedx: we are going to facelift our APIs in the not far future (including promises about future compatibility and support). What kind of metadata are you interested in?

The service already honors the spec outlined here:
https://github.com/dart-lang/pub/blob/master/doc/repository-spec-v2.md

Please access the API through https://pub.dartlang.org as advised in said document. This is the end-points used by the pub CLI client, these API end-points are very unlikely to go away anytime soon. As breaking them would break all the installed clients :)


I'll close this as a duplicate of #2142

@isoos Basically, I wanted to have access programmatically to the pubspec.yaml file of a package, and the same info as displayed on the package page: especially the used license.

Thanks @jonasfj, this is a very good start for what I want (i.e. access to the pubspec.yaml file). The only thing that miss is the license info. Do you plan to add it to the API?

@cedx, I doubt we'll add LICENSE info... but you can stream down the tarball containing the package and extract the LICENSE(.*)? file.

I just need the SPDX identifier of the license. Pub (at least the website) seems to already have this info, because it's displayed on the package page.

But you're right: we have alternative ways to get this info. Another exmaple : packages which code is hosted on GitHub, we can use the GitHub API to get the SPDX identifier.

Thanks for taking time to respond to me.

Yeah, I think the SPDX identifier is out of scope for now...

It might be nice to have through API in some future...that way we could build tooling for analyzing what licenses you are using in your app.. possibly even generate attribution pages for license compliance :)

that way we could build tooling for analyzing what licenses you are using in your app

It can be part of the normal package analysis too, e.g. you depend on 5 packages, but 1 of them has an incompatible license.

Was this page helpful?
0 / 5 - 0 ratings