Closed yrobla closed 4 months ago
When consuming goproxy feed, i was expecting to receive just names of valid go modules, but sometimes i am receiving links to final paths or files:
package-feeds | time="2024-02-09T13:43:45Z" level=info msg="Sending package upstream" created_date="2024-02-09 13:43:21.276534 +0000 UTC" feed=goproxy name=github.com/cloudquery/cloudquery/plugins/source/hackernews
package-feeds | time="2024-02-09T13:43:45Z" level=info msg="Sending package upstream" created_date="2024-02-09 13:43:12.289811 +0000 UTC" feed=goproxy name=kubevirt.io/kubevirt/staging/src/kubevirt.io/client-go/examples/listvms
For consistency i was expecting that i will only be receiving valid package names, same as we have for pypi / npm, etc... some parsing and validation could be done on the go feed.
ok these are valid go modules as well, although they are not the main ones. It's legit that they come on the feed
When consuming goproxy feed, i was expecting to receive just names of valid go modules, but sometimes i am receiving links to final paths or files:
package-feeds | time="2024-02-09T13:43:45Z" level=info msg="Sending package upstream" created_date="2024-02-09 13:43:21.276534 +0000 UTC" feed=goproxy name=github.com/cloudquery/cloudquery/plugins/source/hackernews
package-feeds | time="2024-02-09T13:43:45Z" level=info msg="Sending package upstream" created_date="2024-02-09 13:43:12.289811 +0000 UTC" feed=goproxy name=kubevirt.io/kubevirt/staging/src/kubevirt.io/client-go/examples/listvms
For consistency i was expecting that i will only be receiving valid package names, same as we have for pypi / npm, etc... some parsing and validation could be done on the go feed.