nodesecure / authors Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED (replaced by @nodesecure/contact)
License: MIT License
DEPRECATED (replaced by @nodesecure/contact)
License: MIT License
Author and Maintainer with an expired email domain are exposed to hackers.
See: What are Weak Links in the npm Supply Chain?
How could we identify and prevent this with code ? That's the subject of this issue.
We should implement authors inside:
Our tests must be refacto, we must execute temp.js
to create the nsecure-result.json which will be analyzed by the package.
We want to remove this file and include the step in our tests.
The second improvement consist in what Rossbob told me in another PR
I would have added some tests over rewriting it :
but it may be overkill
Originally posted by @Rossb0b in #12 (review)
It would be interesting to tag specific authors.
For example. if I wanna know how many packages from my dependencies depend on Fraxken. I would be able to do something like
import { extractAndOptimizeUsers } from "@nodesecure/authors";
interface flagAuthor {
name: string,
email: string,
foundIn: string[], // packages names
}
const flagAuthors = [
{ name: 'Fraxken', email: '...' }
]
const { authors, flagAuthors } = extractAndOptimizeUsers({ authors, flagAuthors });
It would be relevant to know if a maintainer is still active on npm. This would probably only be possible if the person has already published a package.
For example, we could consider that someone who has published in the past but nothing within three years would be considered as not active.
Any help or opinions are welcome.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.