-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Package Staleness and Stability Flags on pub.dev #8373
Comments
We've considered this multiple times over the past 8+ years, but time and again it turns out that it may make sense in some cases, it doesn't make sense as a general rule. Take, for example,
This is the
It is already part of our package analysis checks whether a package can be Do you have any specific package as an example that we are failing our analysis on? |
No, not specifically.
Does this also occur when a new Flutter release is introduced? That’s when problems tend to surface.
True… But I would make exceptions for those cases. There are far more poorly maintained packages than good ones. Developers should be able to submit a request to you, explaining why the constraint should not apply to their package. However, it would still be beneficial for the other packages, especially those without a large user base — the 95% of remaining packages. |
Yes, we re-analyze package every now and then, at latest about once a month (if it was successful last time), and also when a package's dependency is updated, also when we release a new site version that has new analysis elements. In practice we re-analyze the latest version of a package weekly on average.
Maybe, but the release date, release frequency or similar metrics seem to be a poor proxy for that.
In practice, if your dependencies are out of date, it will be shown in your analysis scores, as we have various metrics that will expose bad constraints. See more about it on https://pub.dev/help/scoring And also, please, if you see some package that is wrong in a measurable, analytical way, open an issue about it here or in |
We are discussing a lot of things in this issue. So please do consider splitting into separate issues. Overall, yes, there is a lot of outdated packages, this is a common problem in many ecosystems. That doesn't mean we shouldn't do something about it, just that's it really hard. Disclaimer: I wrote Package retry is a good example:
All these things are good properties for a dependency. IMO, if you're writing an application you an choose to write your own retry logic, it's not that hard. But it's easy to be off by one, boring to write tests and you might have to think to do exponential back-off. My point is: The fact that If
The default should be a that a package, if useful once published, shouldn't need to be patched constantly. And if it breaks we should be able to detect it with With SDKs (both Flutter and the underlying OS SDKs) moving fast, and sometimes breaking things, that can arguably be hard. And it is hard to avoid breaking things, if a breakage unlock additional size reduction, I can see how it's attractive. I wonder though, is this much of a problem for packages that don't rely on Flutter or plugins directly or indirectly? I'm not sure I have an answer. I agree that the option to mark a package Having a way for someone other than the package author to label a package as "discontinued", would be attractive. But I'm not sure who or how. It's is possible that packages which fail We have important packages failing |
I believe this could significantly improve the integrity of many packages. In my opinion, an author should not upload a package if they cannot maintain it. Additionally, it might be a good idea to only accept verified publishers moving forward. Publishers could be required to validate their email and website. While I understand that not every package has a website, I think setting up some limitations could enhance the overall quality of the packages. Sometimes, less is more. To further improve the ecosystem, packages that fully support the Flutter ecosystem—such as Flutter mobile, desktop, and web—could be ranked higher in search engine results. |
Strongly disagree about this one. There may be value in packages that are not maintained, but may be later picked up by others (either by forking or ownership takeover), and keeping them as part of search is an important step for that. Having said that, we should downrank such packages, which, through the points we already do (e.g. a failed pub get will lose a lot of points).
Disagreeing here again: there is a good value in a web-only or a desktop-only package. It may not be for everyone, but that doesn't mean the package is useless. Edit: Years ago we've had an additional ranking in search which was based on the filters, e.g. if you have filtered for web packages, it ranked web-only a slightly bit higher than the rest (assuming that you are interested in web-only packages). It turned out to be not a good ranking rule, and having an equal ranking regardless of the platforms seems to provide better results now.
Users of the site need a valid Google account, we can assume it is validated if they can use that. You can already see if a package has a verified publisher (aka. domain name), and use it to gain more insight. It certainly increases trust, but doesn't necessarily translates to quality immediately. |
Description:
To improve the overall health and quality of packages on pub.dev, I propose the following enhancements to encourage developers to maintain and update their packages regularly:
1. Stale Package Warning:
2. SEO Ranking Impact:
3. Automatic
pub get
Validation:pub get
for each package to ensure it can still be properly installed and resolved.pub get
fails due to errors or dependency conflicts, a warning should be displayed on the package page, such as "This package is currently unstable due to dependency resolution issues."Benefits:
pub get
daily, we can catch issues proactively before users report them, leading to a more stable and reliable ecosystem.Possible Next Steps:
pub get
validation into the package publishing process.The text was updated successfully, but these errors were encountered: