Skip to content

Example corpus wanted: add one minimal before-and-after dependency pair #107

Description

@stacknil

Review target

Add one compact synthetic before/after pair that clarifies an existing risk-model boundary.

Good candidates:

  • an unclassified version change,
  • missing or NOASSERTION license metadata,
  • a suspicious local source path,
  • a component change that should not create a hidden risk bucket.

Expected contribution

Include generated JSON/Markdown expectations, a focused test, and one sentence explaining what the artifact does not prove.

Done when

Example regeneration remains deterministic and the reviewer-route contract passes.

Boundaries

Use synthetic package names and public-safe metadata only. Do not imply vulnerability, malware, exploitability, or package safety.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is neededpythonPull requests that update python code

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions