osv-detector
osv-detector copied to clipboard
Rename this library? (and if so, alternative names wanted!)
Originally I called this osv-detector
because I felt "auditor" and "scanner" were a bit overloaded, and I was considering if this was to be published as a package somewhere, osv-detector
would be less likely to have already been taken.
However, I'm now thinking if it would be better to call it something else for a few reasons:
- ~I'm thinking about additional checks we could be doing, like #75~ (I don't think this is probably worth it)
- Go packages/binaries are not restricted to unique names, and
osv-detector
might not be as easy to find as say "security-auditor" -
osv-detector
is sort of wrong, as this tool isn't for "detecting OSVs"...
But the real blocker for me is what to actually call it instead - I'd prefer to not use "lockfile" (e.g lockfile-auditor
) because that'd put us back in the same place if we start auditing more than them (but then maybe it's fine?)