Feature: malware report

[AugustinMauroy]

There are no button obious way to report a package on JSR. We must have that.

Also we need a page/api that list packages marked as malware so user have ability to know if there had installed malicious package.

[lucacasonato]

There is no button, we do document how to report a package: https://jsr.io/docs/usage-policy#reporting-violations.

We could add a Report package button that is just a mailto: link somewhere on the package page though.

[AugustinMauroy]

In my opinion, it's easier to have a modal that opens with a choice of what's causing the problem. And a free text field.
At least we know which user made the report. And a nice modal allows the user to stay in the same place without complicating life.

[crowlKats]

@AugustinMauroy we would like to move messaging to something more like what you are describing, but other things (like increasing scope limits etc) are currently all done via mail, so this should stick to that until we rework messaging/tickets handling

[AugustinMauroy]

Also the fact of having a modal but a structure and all the relationships are the same. I totally understand, what if we did the modal but it generated an email in the back. Knowing that we have the user's email via SSO.

1. the user enters his report
2. An email is sent to the moderation address
3. A moderator replies to the user's email address.

If not, a simple mailto is easier. maybe open pr with that but keep this issue open