NodeSecure Database

[fraxken]

The goal of this project would be a create our own databases that contain packument and manifest from NPM registry.

We could integrate our tools with this database to store data that would be relevant to us:

• From scanner
• From vulnera
• From js-x-ray

We can start this project by using a replicate of NPM

// Import Node.js Dependencies
import fs from "fs";

// Import Third-party Dependencies
import * as httpie from "@myunisoft/httpie";

// CONSTANTS
const kNpmReplicateDB = "https://replicate.npmjs.com/_all_docs?include_docs=true";

httpie.stream("GET", kNpmReplicateDB)(fs.createWriteStream("./npmdb.json"));

Then this database can be used for project like Preview (or for our own research).

[Kawacrepe]

We may want to add information about domains inside our database.

Since whois.iana looks like having a rate limit

[fraxken]

After discussion in the last meeting, we should clarify:

• Why do we need a database project in NodeSecure ?

Actions to take to work on the subject:

• Initiate a Github repository.
• Let the collaborators open issues and discuss on what and where they want to go.
• Work toward minimal delivery goals.

@Rossb0b was interested to be the champion on this project.