Consider integrating with NPM Security Advisories

ossf / security-reviews

A community collection of security reviews of open source software components.

https://openssf.org

92 stars 26 forks source link

Consider integrating with NPM Security Advisories #25

Closed scovetta closed 2 years ago

scovetta commented 3 years ago

The NPM Security Advisories database is available on GitHub (as structured data) at https://github.com/nodejs/security-advisories. We should consider whether periodically refreshing this content would be a good idea.

dilanbhalla commented 3 years ago

@scovetta If you open this repo at https://github.com/dilanbhalla/security-advisories and click on the "reviews" folder you will see the 461 converted npm security reviews! There were 6 the script wasn't able to parse, so I'll take a look at those separately.

scovetta commented 3 years ago

At the 2/18 WG meeting we agreed to continue the conversation about this at our next WG meeting in early March.

scovetta commented 2 years ago

Closing, stale -- npm advisories are now rolled into GitHub advisories.