opensource-observer / oso

Measuring the impact of open source software
https://opensource.observer
Apache License 2.0
74 stars 16 forks source link

Automatically populate npm package artifacts #1128

Open ryscheng opened 1 year ago

ryscheng commented 1 year ago

Possible solution:

What do we do if the package manifest does not have a github repo? As a first best-effort attempt, possibly just ignore it for now. Comment if you have other ideas!

ryscheng commented 1 year ago

Might be nice to write this as a utility function + a database migration so that we can get the npm packages into the data files.

ccerv1 commented 1 year ago

@ryscheng does this have an owner?

ravenac95 commented 1 year ago

I just realized this should be possible with the deps.dev/ecosyste.ms data. They already do the parsing of the package definitions. We just need to do a query to do the reverse lookup from repo URL to package(s) of any package manager.