search

SWE-Group6 / phase2

0 stars 1 forks source link

Implement Package Information Retrieval Endpoint (/package/{id}) #5

Closed celedoniogarcia closed 1 day ago

celedoniogarcia commented 1 month ago

Implementation Steps for Download-Package Feature

  1. Implement a download-package endpoint:

    • Create an endpoint that allows users to download a package by specifying the package name and version (e.g., GET /package/:name/:version).
    • The version can be requested using exact, bounded, or semantic ranges such as tilde (~) and caret (^) versions.

  2. Version resolution:

    • If an exact version is specified, the system will return the corresponding package.
    • If a bounded range or semantic range is used, the system will resolve to the latest matching version within that range.
    • If no version is specified, the system defaults to the latest version.

  3. Check rating before download (optional behavior):

    • Before downloading, the system will check if the package meets minimum rating thresholds (e.g., > 0.5 in each metric) based on the scoring system from Part 1.
    • If the package does not meet the minimum rating, the download will be denied with a message explaining the rating deficit.

  4. Optimize for large registries and avoid denial-of-service risks:

    • Introduce pagination to handle package downloads and resolve requests efficiently, particularly in high-traffic scenarios or with large repositories.
    • Implement rate limiting to prevent denial-of-service attacks and ensure stable operation under heavy load.

  5. Package retrieval:

    • The system will fetch the requested package from storage, stored in compressed .zip format.
    • It will compute and return the total size of the package, including its dependencies (both direct and transitive), allowing the user to evaluate the download's impact before proceeding.

  6. Dependency analysis and size cost calculation:

    • The download endpoint will calculate the total size cost for the package, including its direct and transitive dependencies.
    • Size information will be displayed to the user as part of the download response.

  7. Minimized downloads:

    • If a package has been “de-bloated” during the upload process (e.g., through tree shaking or minification), the download will automatically provide the optimized, minimized package to reduce unnecessary bandwidth usage.

  8. Version verification and integrity checks:

    • After downloading, the system will verify the integrity of the downloaded package by checking checksums or hash values to ensure that the package has not been tampered with.

  9. Handling network load for performance optimization:

    • Implement a caching system for frequently requested packages, particularly popular versions (e.g., lodash).
    • Use load balancing techniques to distribute download traffic across multiple servers.

  10. Error handling:

    • If the requested package or version does not exist, the system will return an appropriate error (e.g., 404 Package Not Found).
    • If any other issue occurs during the download, the system will return relevant error messages to assist in debugging.
nikhildhoka8 commented 1 month ago

Image

nikhildhoka8 commented 1 month ago

use convex