Nine of the package handlers can already remove versions from a package's metadata before serving it. Today they only do this for cooldown (hiding versions that were published too recently).
The same hook is needed for hiding versions with known vulnerabilities and for namespace blocking. Rather than each feature adding its own check, replace the direct proxy.Cooldown.IsAllowed(...) calls with a single proxy.Filter.IsAllowed(ecosystem, purl, version, publishedAt) that cooldown sits behind today and other checks can be added to later.
This is a refactor with no behaviour change on its own.
Nine of the package handlers can already remove versions from a package's metadata before serving it. Today they only do this for cooldown (hiding versions that were published too recently).
The same hook is needed for hiding versions with known vulnerabilities and for namespace blocking. Rather than each feature adding its own check, replace the direct
proxy.Cooldown.IsAllowed(...)calls with a singleproxy.Filter.IsAllowed(ecosystem, purl, version, publishedAt)that cooldown sits behind today and other checks can be added to later.This is a refactor with no behaviour change on its own.