The package detection benchmark should be based on real case and not made up data. We should have at least a package for each type, and cases with and without nested package files, deep dependencies and complex licensing.

We would need to have:

• Details of data/repos/files used for benchmarking
• Simple instructions to run the benchmark
• Document the issues we found