data source from nist?

[godsarmy]

I notice recent change to replace the data source site with "https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest/download/" because official nist site has decoed the old JSON 1.1 Feeds CVE data.

I complete understand the purpose of change but wouldn't it be better to use JSON 2.0 Feeds as official data source, IMO?

https://nvd.nist.gov/vuln/data-feeds

After all, https://github.com/fkie-cad/nvd-json-data-feeds is a community reconstruction of the deprecated JSON NVD Data Feeds.
Vulnix is a security related tool. I believe that it would be more plausible for it to use data source from nist site directly.

[henrirosten]

@godsarmy:
Thanks, I agree. Perhaps there could also be an option to fall-back to the alternative data feed if NIST fails.
I hope I could find time to do this the next few weeks. Meanwhile, I would welcome PRs.