client: update documentation
The documentation is updated to add relevant links and fix typos.
The TODO is moved to https://go.dev/issue/53224.
Change-Id: I2e68312ca4a2ea39a9108d5b43544ac955b902d3
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/410174
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/client/client.go b/client/client.go
index c27556a..facdbd8 100644
--- a/client/client.go
+++ b/client/client.go
@@ -5,31 +5,27 @@
// Package client provides an interface for accessing vulnerability
// databases, via either HTTP or local filesystem access.
//
+// The protocol is described at https://go.dev/security/vulndb/#protocol.
+//
// The expected database layout is the same for both HTTP and local
-// databases. The database index is located at the root of the
+// databases. The database index is located at the root of the
// database, and contains a list of all of the vulnerable modules
// documented in the databse and the time the most recent vulnerability
-// was added. The index file is called indx.json, and has the
+// was added. The index file is called index.json, and has the
// following format:
//
// map[string]time.Time (DBIndex)
//
// Each vulnerable module is represented by an individual JSON file
// which contains all of the vulnerabilities in that module. The path
-// for each module file is simply the import path of the module,
-// i.e. vulnerabilities in golang.org/x/crypto are contained in the
-// golang.org/x/crypto.json file. The per-module JSON files have
-// the following format:
-//
-// []osv.Entry
+// for each module file is simply the import path of the module.
+// For example, vulnerabilities in golang.org/x/crypto are contained in the
+// golang.org/x/crypto.json file. The per-module JSON files contain a slice of
+// https://pkg.go.dev/golang.org/x/vuln/osv#Entry.
//
// A single client.Client can be used to access multiple vulnerability
-// databases. When looking up vulnerable module each database is
+// databases. When looking up vulnerable modules, each database is
// consulted, and results are merged together.
-//
-// TODO: allow filtering private module, possibly at a database level?
-// (e.g. I may want to use multiple databases, but only lookup a specific
-// module in a subset of them)
package client
import (