I am only bringing this is up, as it caused a few performance issues last time.
But I have been seeing this all day, up until the last 1 hour?
seems like an automated run - it goes for a few pages
Mmm... maybe not? - it seems to be spread over the last few day(s).
I note that though the @softwaredevelopment nodes purport to have github repos, the links do not work (on some of them at least).
The Scorecard tests don't appear to check for that.
Yeah noted that also! all private repos, yet stated in package.jsonas such.
I don't see anything wrong here. They have published a bunch of nodes to the library. The fact they are closed-source is their choice - we don't require modules to be open-source to be listed on the library.
We did originally look at getting the scorecard to validate the github repo - but it proved a more complex task so we backed off. In this instance, checking it doesn't 404 would be sufficient. It gets harder to answer the question when it doesn't 404 - assessing whether the url points to a git repository (across multiple hosted git providers), and whether that git repo contains the code for the node in question. There are examples of git repos (node-red-nodes for example) that are monorepos that contain multiple nodes... and so on. Plenty of edge cases that could give an incorrect result with the scorecard.
