Automated scanning of dependency tree for blocklisted maintainers

[achrinza]

At the time of writing, all deprecation of @achrinza/node-ipc were due to transient dependencies managed by @/riaevangelist. This is due to the difficulty of checking each dependency manually for their maintainers.

This issue is to track finding/creating a solution which can scan the dependency tree, retrieve their maintainers from the registry, and compare it to a blocklist.

[achrinza]

We may have a potential solution, though it is missing a critical feature (Filtering by transient dependencies).

I've opened an issue: https://github.com/prantlf/find-npm-by-author/issues/1

Another problem is that, for library authors, it cannot cater for every permutation of the dependency tree. This pretty much pushes back to the same issue of https://github.com/loopbackio/security/issues/19.

[RIAEvangelist]

This seems like a poor decision.