mcombuechen
commented
1 year ago Some thoughts on this
Change repo structure
Rename lib directory to pkg. This is opinionated and based on https://github.com/golang-standards/project-layout#pkg, just a suggestion.
Change API to handle primitives
As an example, ecosystems.GetPackageData currently receives a packageurl.PackageURL, which immediately forces consumers to add the packageurl lib to their projects. A string as input would probably be more convenient.
Return errors
Errors are currently mostly being swallowed, making it hard for consumers to understand when and why something unforeseen happened, and to react accordingly. An example would be the EnrichSBOM functions, which currently have no effect if an API call fails; but they also don’t notify of such failure.
While Parlay can be used as a CLI tool, it should also be possible to use it as a library. This isn't formalised at all yet however, or documented. This could be used in tools that build SBOMs to automatically enrich them at creation.