Audit dependencies for single-maintainer libs

GSA / notifications-api

The API powering Notify.gov

Other

10 stars 2 forks source link

Audit dependencies for single-maintainer libs #30

Open jimmoffet opened 2 years ago

jimmoffet commented 2 years ago

Especially ones that are simple wrappers on more popular libs, i.e. FlaskRedis

terrazoon commented 3 months ago

API

beautifulsoup4 cachetools certifi charset-normalizer click-datetime click-didyoumean click-plugins click-repl deprecated flask-migrate iso8601 oscrypto poetry-dotenv-plugin psycopg2-binary pyjwt phonenumbers pytz regex smartypants mistune idna pycparser six

terrazoon commented 3 months ago

The list above are single-maintainer dependencies just from API, and not including dev dependencies. Obviously we can't remove the risk of single-maintainer dependencies. Putting it back into the backlog for further thinking.