Automatically populate npm package artifacts

opensource-observer / oso

Measuring the impact of open source software

https://opensource.observer

Apache License 2.0

62 stars 14 forks source link

Automatically populate npm package artifacts #1128

Open ryscheng opened 10 months ago

ryscheng commented 10 months ago

Possible solution:

If there's a GitHub repo, look for package.json (to establish the link)
Query the npm registry for the package name and manifest (To check the package exists)
Check if the manifest also includes a reference back to the same repo (To check if this is a fork)

What do we do if the package manifest does not have a github repo? As a first best-effort attempt, possibly just ignore it for now. Comment if you have other ideas!

ryscheng commented 10 months ago

Might be nice to write this as a utility function + a database migration so that we can get the npm packages into the data files.

ccerv1 commented 9 months ago

@ryscheng does this have an owner?

ravenac95 commented 9 months ago

I just realized this should be possible with the deps.dev/ecosyste.ms data. They already do the parsing of the package definitions. We just need to do a query to do the reverse lookup from repo URL to package(s) of any package manager.