Authors appear to be able to 'mislead' the scorecard by providing a generic 'git' url in the package.json such as;
"bugs": {
"url": "https://github.com/paul-reed/node-red-contrib-mynode"
},
Instead of the 'bug's' url - https://github.com/paul-reed/node-red-contrib-mynode/issues
But then disabling issues in the git rep settings, so bugs cannot be reported, but gains a point in the scorecard...
I assume that there is access to the url in the package.json, if so, couldn't a regex determine if the url was suffixed with /issues (or the equivalent gitlab etc suffix).
Taking it a step further, maybe a further check could determine in the url actually existed.
Example - https://github.com/Supergiovane/node-red-contrib-tts-ultimate
Authors appear to be able to 'mislead' the scorecard by providing a generic 'git' url in the package.json such as;
"bugs": {
"url": "https://github.com/paul-reed/node-red-contrib-mynode"
},
Instead of the 'bug's' url -
https://github.com/paul-reed/node-red-contrib-mynode/issuesBut then disabling issues in the git rep settings, so bugs cannot be reported, but gains a point in the scorecard...
I assume that there is access to the url in the package.json, if so, couldn't a regex determine if the url was suffixed with
/issues(or the equivalent gitlab etc suffix).Taking it a step further, maybe a further check could determine in the url actually existed.
Example - https://github.com/Supergiovane/node-red-contrib-tts-ultimate