Adopt retire.js functionality?

[cr]

When I tried patching out node dependencies of retire.js it turned out that node calls are sprinkled all over the code, making it a nightmarish job to maintain. So I concluded that I would only use their js-specific database (they have a separate one for npm) and write my own file walker and extractor/comparator on top of it.

Yesterday with pauljt the idea came up: why not move this functionality to scanjs? The database in question is https://github.com/bekk/retire.js/blob/master/repository/jsrepository.json and we only need to make sure that the license foo checks out for re-using it. Perhaps even cooperate with the retire.js author on this?

I think it would be a crucial feature to have, and scanjs looks more and more like the perfect place for it.

[mozfreddyb]

This is highly interesting! While I'm not heavily against trying to get this into ScanJS, I'd suggest we find out if this should live in retirejs.

After taking a quick look into their repo it seems they also have a chrome and a firefox extension, so there might be a way to have these things separated.

@eoftedal: Is there something we can contribute back to you guys to make both our lives easier? What specific component do you recommend should we build upon?

[eoftedal]

@cr I humbly disagree about the node sprinkling part :-) The Chrome and Firefox are reusing a lot of the code without requiring node modules.

@mozfreddyb I would be happy to see other free and open source tools using parts of retire (code or repo). My hope is though that people want to contribute back, especially to the repo. So if you come across bugs, bug reports, release notes etc., a pull request or notification about them would be appreciated.