The way the current system works is that the API returns all packages that have been scanned (it quite literally just dumps the results of the SQLAlchemy result) within the given constraints in the request. This then means that the consumer (the bot, in this case) has to filter through the response for the packages it wants to display (in this case, the bot will filter through packages with a score greater than or equal to 5).

It has been expressed numerous times that what constitutes as "malicious" should be in a centralized location (such as this API). There are a few ways of going about doing this, I'd like to get ideas on the table in this issue. A basic solution we could start off with is a field in constants.py that we can tweak (though worth nothing we would have to redeploy to tweak this). The API response would then return a list of packages scanned, and a list of malicious packages.

We can also discuss having the API itself dispatch a webhook to the appropriate channels instead of having the bot poll the API every 60 seconds. I'm leaning more towards this approach.