i’m less interested in operating on packages and more interested in using the package manifest metadata model that SwiftPM uses. i’m currently parsing JSON metadata dumps and doing all the graph traversal and dependency resolution logic myself, but naturally this has proven to be unreliable and highly fragile.
i’m also interested in integrating with SPM’s package identity system.