Look for .xml files with <!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) ... elements and detect any package import statements (e.g. Python import, R library, or Node.js require) in any elements matching:

• code[specific-use=cell] > named-content > alternatives > code
• fig[fig-type=repro-fig] > alternatives > code

Hah, literally 20 minutes after writing this down discovered this is very similar to what @nuest is doing in https://github.com/jupyter/repo2docker/pull/457/files#diff-6e857ca58d9ac7b40e175db43c40c5d0R287 to detect which Stencila execution contexts to install in repo2docker (although he how out that you only need to look for code specific-use="source")

Good find - and your DOCTYPE check is not a bad idea, just to make sure! In our search we simply look for a manifest.xml file and then take the name of the JATS file from it.