search

NodeSecure / database

NodeSecure Security Database
MIT License
1 stars 1 forks source link

Technical roadmap #2

Open fraxken opened 2 years ago

fraxken commented 2 years ago

Hello 👋

I'm creating this issue to discuss with the team (@NodeSecure/core and @NodeSecure/contributor) what steps we should take to implement the database project.

The way I personnaly see it:

  1. Proxy npm registry (API compliance with stream of new entries).
  2. Attach new API to run side analysis (with Scanner, JS-X-Ray and Vulnera).
  3. Iterate on new metrics using data collected in 1 and 2.

Step 1 already involves a lot of work and we have to discuss the database to pick (I personally think MongoDB is good choice).

The API would be written with Fastify.js framework and TypeScript as language. Then we need to define a pipeline to inject packuments and manifest (and how often we want to hit npm registry).

WDYT ?

tony-go commented 2 years ago

Hey @fraxken 👋

Thanks for taking the plunge.

Proxy npm registry (API compliance with stream of new entries). Attach new API to run side analysis (with Scanner, JS-X-Ray and Vulnera). Iterate on new metrics using data collected in 1 and 2.

Regarding the points above, I'm a bit confused. Maybe could you formulate them with this template (el Famoso): "As a XXX I can do XXX "?

(I personally think MongoDB is good choice).

If we know that the structure is able to change a lot, yeah it could ^^

The DB choice brings another topic to the table: how could we finance it?