Vulnerabilities API about security-wg HOT 7 CLOSED

This functionality is currently offered by several providers, and what we discussed in person at NINA to not have an API to query the dataset, but just providing the dataset to be downloaded, or something similar. If someone wants an API, they should build their own.

I am neutral to this, as I will not have any bandwidth to contribute to the development of this service.

from security-wg.

I'm in the same position of @mcollina, no time to implement this, but after we have some data stored, if someone wanted to do this, I can't think of any objects right now (though I don't think we want to get in the business of competing with the APIs behind any of the providers of security tools, we would want to be careful about that).

from security-wg.

This isn't a priority right now, but we'll leave open for the future if someone wants to pick it up (after we have the data managed and available).

from security-wg.

If no one is planning on working on this, perhaps we can close? It can always be repopened if someone does want to step up and make the case for this and implement it. Any objections, @joshgav ?

from security-wg.

I'm just going to close, but @joshgav (or anybody) feel free to reopen if you want to keep it alive.

from security-wg.

So this was closed, but with npm acquiring nsp I'm not 100% sure which is the source of truth nowadays, @vdeturckheim told me it's https://github.com/nodejs/security-wg/tree/master/vuln/npm, but it isn't always super practical to fetch from GitHub, keep it up to date and have an API. I guess if there isn't an official one, I could make my own, would that be something you'd be interested in?

from security-wg.

@Haroenv we discussed in some other issue to see if we could have an auto-published npm package containing issues (#115). I reopenned this issue I closed by mistake.

from security-wg.