(Contact) Roadmap and ideas to explore and experiment #489
Description
Contact replaces authors.
Goal: pull, clean up, and check the security of a package’s contacts (authors / maintainers).
Today
Only supports the scanner: highlights contacts, nothing more.
Ideas for next steps
- Add npm SDK + pacote support (see (Contact) extract packument and manifest (pacote) #488).
- Merge or drop duplicate contacts for the same person (names / emails / URLs often vary).
- Flag contacts whose email domain is no longer valid (see refactor(contact)!: extract expired email domains #487).
- Run it through the CLI, tweak the API and output as needed.
- Is updating Contact interface to include warnings is a good idea? (since we don't have much rn anyways..)
- Fetch additionals metadata about maintainers on GitHub?
Note
In the past we tried using a whois server to assert domain expiration delay but it was a failure because of rate limiting