- We need to be able to index nodeJS packages in containers
- We need to identify a reliable open-source DB of NodeJS vulnerabilities (OSV looks promising).
It's worth discussing if the Updater side is needed initially for the ACS adoption or just the Matcher and Package/RepoScanner implementations.