Skip to content

rfd: Introduce a Validation Library #455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

rfd: Introduce a Validation Library #455

wants to merge 1 commit into from

Conversation

alilleybrinker
Copy link

@alilleybrinker alilleybrinker commented Sep 12, 2025
edited
Loading

This RFD describes the need to create a JavaScript library for validating CVE Records.

Rendered

@alilleybrinker
rfd: Introduce a Validation Library
f30eac7 
This RFD describes the need to create a JavaScript library for
validating CVE Records.

Signed-off-by: Andrew Lilley Brinker <[email protected]>
@zmiele
Copy link

zmiele commented Sep 15, 2025

The versioning of this library would, for clarity and simplicity, be matched to the versioning of the CVE Record Format. Whenever new versions of the Record Format are published, a new release of the validation library with a matching version number would also be published.

One small concern that comes to mind here is that this will require the inverse to be true as well. If there is an issue with the library, we'll be required to bump the version of the schema in order to provide fixes in the validation library. Is that something we're comfortable with? If so, we'll need to keep that in mind when defining the versioning rules for the schema in #418.

@alilleybrinker
Copy link
Author

@zmiele hm, that's a fair point. In general, I think that such a binding still makes sense. The schema and the validation library become, in effect, a single product with a single version. Fixes to address bugs would be a patch release for both, whether the error is in the schema or in the library.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alilleybrinker @zmiele