You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The current search results cant be swamped by historic stars on repositories making it difficult to find current packages with confidence
Describe the solution you'd like
Add tasks to pull in pypi stats and any other missing data points (to be determined)
The text was updated successfully, but these errors were encountered:
(this should probably be in a new ticket but since it's related to pypi, I am adding it here at least to start)
I heard someone mention an interesting data point about how many dependencies your package depends on as being some measure of potential threat risks.
In theory, we could use https://pypi.org/pypi/django/json and the requires_dist key to count how many dependencies the average package has.
"requires_dist":["asgiref<4,>=3.7.0","sqlparse>=0.3.1","tzdata; sys_platform == \"win32\"","argon2-cffi>=19.1.0; extra == \"argon2\"","bcrypt; extra == \"bcrypt\""],
Side note: This would very quickly spiral into counting the requires_dist of every package's packages for the threat risk, but I think it could still be useful with one level. (maybe two levels down the road if most of the packages are already cached)
Is your feature request related to a problem? Please describe.
The current search results cant be swamped by historic stars on repositories making it difficult to find current packages with confidence
Describe the solution you'd like
Add tasks to pull in pypi stats and any other missing data points (to be determined)
The text was updated successfully, but these errors were encountered: