Is there any way to filter a list of all Nixpkgs attributes that are ever called when I rebuild my system? I’m not just talking about the content of
environment.systemPackages, but all packages that produce outputs in the system closure.
At first glance
vulnix --system achieves such a thing for reported CVEs present in the system closure, but they seem to scan only the resulting output, where
meta attributes are not available any more, as they are not stored in the drv files.
I want this to take over unmaintained packages that are used to build my systems.