oso icon indicating copy to clipboard operation
oso copied to clipboard

Published 20 hours ago verified publisher icon opensource-observer

Automatically populate npm package artifacts

Open ryscheng opened this issue 2 years ago • 3 comments

Possible solution:

  • If there's a GitHub repo, look for package.json (to establish the link)
  • Query the npm registry for the package name and manifest (To check the package exists)
  • Check if the manifest also includes a reference back to the same repo (To check if this is a fork)

What do we do if the package manifest does not have a github repo? As a first best-effort attempt, possibly just ignore it for now. Comment if you have other ideas!

ryscheng avatar Oct 04 '23 18:10 ryscheng

Might be nice to write this as a utility function + a database migration so that we can get the npm packages into the data files.

ryscheng avatar Oct 05 '23 21:10 ryscheng

@ryscheng does this have an owner?

ccerv1 avatar Oct 26 '23 20:10 ccerv1

I just realized this should be possible with the deps.dev/ecosyste.ms data. They already do the parsing of the package definitions. We just need to do a query to do the reverse lookup from repo URL to package(s) of any package manager.

ravenac95 avatar Oct 27 '23 05:10 ravenac95