Technical roadmap

[fraxken]

Hello 👋

I'm creating this issue to discuss with the team (@NodeSecure/core and @NodeSecure/contributor) what steps we should take to implement the database project.

The way I personnaly see it:

1. Proxy npm registry (API compliance with stream of new entries).
2. Attach new API to run side analysis (with Scanner, JS-X-Ray and Vulnera).
3. Iterate on new metrics using data collected in 1 and 2.

Step 1 already involves a lot of work and we have to discuss the database to pick (I personally think MongoDB is good choice).

The API would be written with Fastify.js framework and TypeScript as language. Then we need to define a pipeline to inject packuments and manifest (and how often we want to hit npm registry).

WDYT ?

[tony-go]

Hey @fraxken 👋

Thanks for taking the plunge.

Proxy npm registry (API compliance with stream of new entries).
Attach new API to run side analysis (with Scanner, JS-X-Ray and Vulnera).
Iterate on new metrics using data collected in 1 and 2.

Regarding the points above, I'm a bit confused. Maybe could you formulate them with this template (el Famoso): "As a XXX I can do XXX "?

(I personally think MongoDB is good choice).

If we know that the structure is able to change a lot, yeah it could ^^

The DB choice brings another topic to the table: how could we finance it?