It seems like a conceptionally simple problem to grade a repo given the vast number of metrics available. Especially considering the advanced code analysis tools available today. I want a top-level analysis of some sort, based on: usage by other software (if applicable,) activity, issue frequency and resolution, derivatives (forks, etc.,) number of participants, code maturity, code testing, release frequency, license structure and many other parameters.
There is an opportunity here for a third party to do this well.
topspin|1 year ago
There is an opportunity here for a third party to do this well.
ozim|1 year ago
Ones that care enough already have their internal tools and processes for security and checking/reviewing libraries.
Ones that don’t care well won’t spend money on it.
So any 3rd party would have to do all with own resources and not getting paid.