(Contact) Roadmap and ideas to explore and experiment

[fraxken]

Contact replaces authors.
Goal: pull, clean up, and check the security of a package’s contacts (authors / maintainers).

Today

Only supports the scanner: highlights contacts, nothing more.

Ideas for next steps

• Add npm SDK + pacote support (see #488).
• Merge or drop duplicate contacts for the same person (names / emails / URLs often vary).
• Flag contacts whose email domain is no longer valid (see #487).
• Run it through the CLI, tweak the API and output as needed.
  • Is updating Contact interface to include warnings is a good idea? (since we don't have much rn anyways..)
• Fetch additionals metadata about maintainers on GitHub?

[!NOTE] In the past we tried using a whois server to assert domain expiration delay but it was a failure because of rate limiting