Paul Wankadia
https://github.com/asaskevich/govalidator/blob/a9d515a09cc289c60d55064edec5ef189859f172/validator.go#L708 Currently, `IsHash()` parses, compiles and matches a regular expression each time, which is highly inefficient in terms of CPU and RAM. Instead, it should check the length of `str`...
**Is your feature request related to a problem? Please describe.** Bazel [recommends](https://blog.bazel.build/2023/02/15/github-archive-checksum.html) publishing source code archives as release assets – and Bazel Central Registry [verifies](https://github.com/bazelbuild/bazel-central-registry/blob/main/tools/verify_stable_archives.py) stability by checking for `…/releases/download/…`...
RE2 offers a couple of lesser known features for [matching multiple regular expressions](https://abseil.io/fast/21#bonus-matching-multiple-regular-expressions). Given that [`internal/README.md`](https://github.com/ua-parser/uap-cpp/blob/master/internal/README.md) describes a "snippet index", which sounds remarkably like [`FilteredRE2`](https://github.com/google/re2/blob/main/re2/filtered_re2.h), you might want to consider...
https://github.com/ossf/scorecard/blob/b577d79c96b76e6d3f17dd46003ac336b8ee4885/docs/checks.md?plain=1#L607-L613 In light of CVE-2024-3094, could the `Signed-Releases` remediation steps **_not_** encourage manual manipulation of the source code archives? :P FWIW, I filed [this](https://github.com/slsa-framework/slsa-github-generator/issues/2951) feature request for SLSA folks five...