Get all unmaintained Nixpkgs attributes that are part of my NixOS system

Is there any way to filter a list of all Nixpkgs attributes that are ever called when I rebuild my system? I’m not just talking about the content of environment.systemPackages, but all packages that produce outputs in the system closure.

At first glance vulnix --system achieves such a thing for reported CVEs present in the system closure, but they seem to scan only the resulting output, where meta attributes are not available any more, as they are not stored in the drv files.

I want this to take over unmaintained packages that are used to build my systems.


See RFC 0081, @lassulus wants to add this as a builtin feature to nixos-rebuild at some point.

Ah thanks, I read that RFC but forgot about it the meantime.

Looks like there doesn’t exist any implementation for my use case atm.