[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NPM importer - tarballs - SWH - commit ids

From: swedebugia
Subject: NPM importer - tarballs - SWH - commit ids
Date: Wed, 28 Nov 2018 12:26:13 +0100


I looked closer at the json output from npmregistry and found that they host tarballs and give the url for every version in the json response.
("tarball" . "url").

All the npm packages I ever looked at (100 or so of the biggest and dependencies of those) was hosted on Github.

I have a few questions regarding the wealth of information available from this registry

1) Does anyone know if these tarballs are reproducible? ie do they change over time?

2) Can we use the gpg signature for something?

3) SWH gives us tarballs according to commit ids. If we use npm-tarballs we can store the commit in the json response (or look it up with the github api) as a property:
`((commit . hash)))

Any thoughts?

Cheers Swedebugia

reply via email to

[Prev in Thread] Current Thread [Next in Thread]