Christian Duerr

> Closing this issue since any future work will happen on the API side. > I don't think this is actually a CLI-specific issue. It sounds like the status of...

> But for some reason we don't get that with phylum package -t npm pyyaml 5.3.1. So either there is something special about that particular package or there is some...

I just want to point out that the `dirs` crate uses XDG and `%APPDATA%` automatically on Windows iirc. The only problem is that it also uses the macOS `Library` paths...

There seems to be two issues here: One is that you're trying to verify the signature of the binary itself, while only our release artifacts (the zip files) are signed....

Our table formatting code also isn't exactly complicated. I'd imagine we could probably roll our own relying mostly on `unicode-width` as the only necessary dependency.

https://github.com/phylum-dev/cli/pull/1202 as a solution was discarded, since even checking for `!is_directory` still causes syscalls to lookup metadata for every lockfile, even if it doesn't cause failure for the GitHub App....

While this makes sense in theory, I wonder how relevant it would be in practice? If you send so much stuff without certificates that you even set it in your...

I feel like that would just completely circumvent the whole purpose of sandboxing it in the first place?

I don't think we currently have any exception specific to Go, so `$GOPATH` wouldn't be read even if it's set.

It seems like this might need changes to the API? The thresholds are not optional, but always set. So there's no way from the CLI to know if a threshold...