-
-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: adding security badge #330
Conversation
- don't load vulnerability info in homepage search results - only load for npm packages - minor style and naming changes
Hi @bmvermeer, thanks for the PR. I made a few changes:
A few more issues that I found and that should be addressed:
|
@MartinKolarik I can make a change to the backend that prevents this too many requests error. |
Even then I'm not sure we want to fire 10 (currently 20 because of preflight) requests on every keystroke. Maybe if there was at least 1 second debounce and the endpoint also used non-zero |
|
@MartinKolarik I will take a look tomorrow on the server-side to check the grunt page and the max-age thing. |
Ok, for now, it doesn't make that big of a difference, but if we were to include it on the homepage, it would need to be changed. 10 extra requests are too many. |
@MartinKolarik I deployed a new backend that fixed the mismatch you pointed out with grunt. |
@bmvermeer can we also do something about the max-age thing? |
Now live at https://www.jsdelivr.com/package/npm/lodash |
Great!, I see that in the current version the badge will not be shown if the package has 0 vulns. |
We discussed with @jimaek and agreed to show a badge with a checkmark in that case, check now. |
#143
Creating a badge based on a call to a reactive endpoint to feed the number of vulns a package has and link to a page that has more information on it