Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate npm package ownership #2459

Open
ccerv1 opened this issue Nov 10, 2024 · 1 comment
Open

Validate npm package ownership #2459

ccerv1 opened this issue Nov 10, 2024 · 1 comment
Assignees
Labels
c:data Gathering data (e.g. indexing)

Comments

@ccerv1
Copy link
Member

ccerv1 commented Nov 10, 2024

What is it?

Using Rust as an example, but this is also the case for NPM...

The SBOM data tells us the name of the Rust package. Now we need to ping the Crates API to look up the GitHub repo that maintains the package. We need to write the Crates collector and then an intermediate model for linking packages to repos. Finally, we should have another model that sees if these artifacts have already been claimed by a project in OSS Directory (and if not we can have a list of popular packages that are unclaimed)

@github-project-automation github-project-automation bot moved this to Backlog in OSO Nov 10, 2024
@ccerv1 ccerv1 added the c:data Gathering data (e.g. indexing) label Nov 10, 2024
@ryscheng-mobile ryscheng-mobile changed the title Identify the Github repo that owns a package Validate npm package ownership Nov 11, 2024
@ryscheng-mobile
Copy link
Contributor

Rescoping this down to npm.

Please use separate issues for each line of work.
The rust one was filed a couple weeks ago
#2381

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c:data Gathering data (e.g. indexing)
Projects
Status: Backlog
Development

No branches or pull requests

3 participants