[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NPM importer - tarballs - SWH - commit ids
From: |
swedebugia |
Subject: |
NPM importer - tarballs - SWH - commit ids |
Date: |
Wed, 28 Nov 2018 12:26:13 +0100 |
Hi
I looked closer at the json output from npmregistry and found that they
host tarballs and give the url for every version in the json response.
("tarball" . "url").
All the npm packages I ever looked at (100 or so of the biggest and
dependencies of those) was hosted on Github.
I have a few questions regarding the wealth of information available
from this registry
1) Does anyone know if these tarballs are reproducible? ie do they
change over time?
2) Can we use the gpg signature for something?
3) SWH gives us tarballs according to commit ids. If we use npm-tarballs
we can store the commit in the json response (or look it up with the
github api) as a property:
(properties
`((commit . hash)))
Any thoughts?
--
Cheers Swedebugia
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- NPM importer - tarballs - SWH - commit ids,
swedebugia <=