It's still a many to many problem in both cases. Option 1: Adding feature to npm... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

scott_karana on Nov 16, 2017 | parent | context | favorite | on: Security alerts on GitHub

It's still a many to many problem in both cases.

Option 1: Adding feature to npm/composer/gem/pip ad infinitum

Option 2: add per-language parser support to the alerting tool instead.

Option 2 doesn't necessitate a new (information-duplicating, still potentially error prone) standard, and can likely leverage available, tested libraries ;-)

matt_kantor on Nov 17, 2017 [–]

On the other hand, option #1 requires neither effort nor consent from GitHub to onboard new languages/dependency managers.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact