Max Fisher
Max Fisher
Refactors duplicate logic from `cmd/{worker,analysis}/main.go`, with slight behaviour changes: 1. The analysis version panicked if both a local package and an explicit version were specified on the command line. According...
Currently, `run_analysis.sh` does not take an argument to specify the desired package version. This should be added.
Currently this code can parse JS files or strings and print out statistics regarding string literal lengths and entropies, and identifier (function/variable/class names) lengths and entropies
cmd/worker is used in docker-compose and production, while cmd/analyze is used for the one-shot local analysis. However, they both share the same container and contain duplicated code. This could use...
When dependabot updates a dependency version in a github action `,yml` files, it only changes the commit hash. This means that the version number in the inline comment becomes stale....
We should have a CONTRIBUTING.md file that describes how to set things up for new contributors to the project. Example: https://github.com/ossf/criticality_score/blob/main/CONTRIBUTING.md
We should have a Makefile that automates common dev tasks such as 1. building images 2. running unit tests 3. ensuring that the platform / environment is appropriately set up...
Most of the time, developers install and run packages as non-root users. Currently, commands inside the analysis container run as root which is easy to set up but not as...
As our data format matures over time, having the schema version as part of the data makes it a lot easier to determine what to do when you're trying to...
Hi, I am just wondering if there is a way to disable this kind of transformation during obfuscation. In other words, I would like to keep all member expressions like...