See RFC 87
We could look at automating these checks as part of our build process. Licences could be checked against an approved list, and it may even be possible to automate SourceRank checks against the Libraries.io API, though this may be slow. There may also be existing CI tools that we could use that will perform these functions for us.
We could also create a list of packages we've reviewed in detail (including version and date checked), to minimize the repeated work in doing these checks.
We could also decide that this isn't worth the effort, but we should make decision about this.
See RFC 87
We could look at automating these checks as part of our build process. Licences could be checked against an approved list, and it may even be possible to automate SourceRank checks against the Libraries.io API, though this may be slow. There may also be existing CI tools that we could use that will perform these functions for us.
We could also create a list of packages we've reviewed in detail (including version and date checked), to minimize the repeated work in doing these checks.
We could also decide that this isn't worth the effort, but we should make decision about this.