ADR, Scope and identify engg tasks for Audit Policies and Filters

[saquibkhan]

ADR/Design Doc ready

Exit Criteria

• ADR/Design Doc ready
• We can partner with security team early on #npm-support channel
• Later we should do formal security review

Stretch

• customer research
• there is scope to collaborate with dependabot team and see if they can adopt this solution, if dependabot can also respect these policies.

cc @MylesBorins

[saquibkhan]

• We can partner with security team early on #npm-support channel
• Later we should do formal security review

Stretch

• customer research

[ljharb]

Is there any reason these drafts can't be publicly shared? That would get you "customer research" for free via public comment.

[saquibkhan]

In my opinion draft can be made publicly available

[lukekarrys]

This comment has been moved to its own RFC: npm/rfcs#685

[lukekarrys]

New RFC has been opened for public discussion including an implementation/design for the feature. Closing this issue and continuing to track in the initiative issue #345