Error case when external library depends on listed library

[bvssvni]

An external library that depends on a listed library will be assigned order 0. This leads to wrong update order. It is easy to fix, by adding the library to the extract list. Opened this issue to figure out whether something should be done to prevent this.

[bvssvni]

One idea is to extract information from crates.io to detect "holes" in the extract list.

• If there are any holes, it will only cause problems if it is affected by updates.
• If a hole can be detected, then it might be desirable to recommend adding the missing piece to the extract list.
• If it can be verified that there are no holes, then this knowledge can be used for some operations.

[bvssvni]

The dependency info could be used for comparing the ecosystem against crates.io. This information is used to detect updates, so errors caused by holes is because the dependency information has holes. The recommended action to add to extract list makes only sense if the extract list is used to generate the dependency info.

When the dependency info does not list a library at top level, it could be a hole, but it usually is not.

!listed_at_top_level, ?!hole.

A library listed at top level can not be a hole.

listed_at_top_level, !hole.

If a library does not have any dependencies, then it is not a hole.

no_dependencies, !hole.

Adding a package to the dependency information might introduce holes, but usually it does not:

add_package, ?!introduce_holes.

Removing a package from the dependency information does not introduce holes.

remove_package, !introduce_holes.

A package can only introduce holes with less depth than itself. If there is no other library with less depth then it can not introduce holes.

no_library_with_less_depth_order, !introduce_holes.

A package where all dependencies are listed does not introduce holes.

all_dependencies_listed, !introduce_holes.