@kdobolyi, can you please comment the HTML files? Please provide at least a description comment at the top of the file that explains the overall purpose and structure. If you are able and have time to do at least some inline commenting, that would be helpful too.

@kdobolyi, can you please add tags on the homepage? At least add:

• PyPI
• Security
• Malware
• Python
• SAST
• Static analysis
• Audit

Or something along these lines.

To avoid legal risk and user confusion, carefully explain the severity score methodology and caveat usage. This could either be a tool-tip that expands when a user hovers their mouse over the severity score column name text or it could could be that the user clicks the security score column name which is a hyperlink to a page with a thorough description. I prefer the latter.

Create a filtering mechanism so that by default the warnings associated with test files are filtered out.

Bob G. requested a capability to store snapshots (or "cards") as a user navigated through the app. This would help a user store relevant screens for further review without constantly clicking through the app to get to what he or she wanted.

Potentially include a visualization

@kdobolyi, can you please add a thorough README? Sections should include:

• Brief description of project
• Explanation of how to use it
• Feature roadmap
• Contact information for our group (use [email protected])
• Links to relevant work, including past IQT Labs blog posts
• Anything else you think would be useful

To help an AuraBorealis user understand to which package version the scan results pertain, add a means within the GUI to understand the package version for each package name displayed.

Please pin versions.

Kill this line, please.

elasticsearch.exceptions.ConnectionError: ConnectionError((<urllib3.connection.HTTPConnection object at 0x133ded4c0>, 'Connection to vpc-auradata2-2b3s6lmtpt2wcb6ytkjd2y5yau.us-east-1.es.amazonaws.com timed out. (connect timeout=10)')) caused by: ConnectTimeoutError((<urllib3.connection.HTTPConnection object at 0x133ded4c0>, 'Connection to vpc-auradata2-2b3s6lmtpt2wcb6ytkjd2y5yau.us-east-1.es.amazonaws.com timed out. (connect timeout=10)'))

Do are there different chunks of code that do autocomplete; each chunk does their own version. It would be better if there was one and only one chunk of code that did autocomplete and it was reused throughout the code base.

@kdobolyi, can you please add an "About" description on the homepage? Perhaps "a visual interface for understanding Python Package Index security audit data"?

Use one of the logo's here: https://github.com/SourceCode-AI/aura/tree/dev/files/logo

As requested by Bob G, add a recommender capability to provide similar packages to a user. There is a lot to be determined about such a feature, but this could certainly be explored in a follow-on (post June 2021) project.

@kdobolyi, can you please add a screenshot or two to the README for those readers that are visually inclined?