Closed sheerun closed 4 years ago
I've just added these tickets to help understand the size of the issue and possibly be used to update the registry.
I do not believe #113 is relevant. we can't control wether or not a repo has a bower.json
The only concern I have is following case:
bower install
, and malicious xxx package is installed, instead just erroring that package got removed from GitHub..
I think the best idea is to create web interface for listing stale packages, and let registry editors remove them manually. I think we don't want any automation because we can easily delete half of registry by mistake.
Followup of: #69, #72