in value.md, one thing that's not really clear to me is, which of these approaches you take:
- numbers within each ecosystem are normalized, such that numbers across ecosystems are comparable. and therefore there is a global project value order across ecosystems.
- numbers across ecosystems are not comparable, therefore there is no global value project order, only orders within each ecosystem.
If it's 2, this raises the question: how do you decide how many projects to consider out each ecosystem, and in which order?
One particular concern I have here, is criticality between npm vs C/C++/rust. It seems that npm based projects are - assuming all else equal -probably not as critical as C/C++/rust projects - because npm code is easier to update, and npm projects (and rust) are typically younger and therefore more deployed in more agile environments compared to C/C++ projects. (perhaps something to consider in risk.md)
in value.md, one thing that's not really clear to me is, which of these approaches you take:
If it's 2, this raises the question: how do you decide how many projects to consider out each ecosystem, and in which order?
One particular concern I have here, is criticality between npm vs C/C++/rust. It seems that npm based projects are - assuming all else equal -probably not as critical as C/C++/rust projects - because npm code is easier to update, and npm projects (and rust) are typically younger and therefore more deployed in more agile environments compared to C/C++ projects. (perhaps something to consider in risk.md)