Add option to return only current dependent packages
voxpelli opened this issue · 11 comments
Right now the list of "dependent packages" is a list of packages which in any of their historic version has depended on the module.
At least in the case of npm
that's less interesting. The more interesting data is who are currently depending on a package – not who have done so historically.
A package that was highly dependent upon but which the community have moved on from should in my opinion have a small list of dependent modules, not a large list.
For npm
its quite easy: Limit the version of dependents to that matching the latest
tag on npm
. The version number for that tag is already available in latest_release_number
in: https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/installed-check
Opening this issue after speaking about it with @andrew on Mastodon and he suggested opening an issue: https://mastodon.social/@andrewnez/112433091250034050
Me personally would use it for my https://github.com/voxpelli/list-dependents / https://github.com/voxpelli/list-dependents-cli modules
Upvote & Fund
- We're using Polar.sh so you can upvote and help fund this issue.
- We receive the funding once the issue is completed & confirmed by you.
- Thank you in advance for helping prioritize & fund our backlog.
We'll need to cache latest
onto the latest Version
for each package (new boolean column, updated after each time package is synced).
And then tweak the logic of fetching dependent_packages to only consider versions where latest is true: https://github.com/ecosyste-ms/packages/blob/main/app/models/package.rb#L128
Then add a latest
parameter to the dependent packages endpoint: https://github.com/ecosyste-ms/packages/blob/main/app/controllers/api/v1/packages_controller.rb#L106
Deploying a first pass at the code now, it's going to take a few hours to update the latest
field on 100 million version records, I will prioritize the dependents of standard
so you can do some testing.
Thanks! The code change was quick but it's going to take quite a few hours to update the new latest
field on all packages, let me know if there are any other packages you'd like prioritized.
Worked for all modules I needed it to work on, thanks! As far as I'm concerned this issue can be considered fixed :)
(I haven't yet made the repository public where I use these modules of mine, but I will soon)
List from @voxpelli of packages (github repo names provided) that should be listed in https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@voxpelli/eslint-config/dependent_packages?latest=true&per_page=100&page=1 but are not, that are listed in https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@voxpelli/eslint-config/dependent_packages?per_page=100&page=1 to investigate:
- https://github.com/voxpelli/node-fetch-politely (https://www.npmjs.com/package/fetch-politely)
- https://github.com/voxpelli/node-tema (https://www.npmjs.com/package/tema)
- https://github.com/dependency-check-team/dependency-check (https://www.npmjs.com/package/dependency-check)
- https://github.com/voxpelli/node-format-microformat (https://www.npmjs.com/package/format-microformat)
- https://github.com/voxpelli/node-webmention-testpinger (https://www.npmjs.com/package/webmention-testpinger)
- https://github.com/voxpelli/node-jekyll-utils (https://www.npmjs.com/package/jekyll-utils)
- https://github.com/voxpelli/metadataparser-mf2 (https://www.npmjs.com/package/@voxpelli/metadataparser-mf2)
The yikesable/fastify-acl
was included, it was me that was accidentally filtering it client side 🙈
- fetch-politely - newest version is a prerelease, currently "latest" in ecosyste.ms ignores preleases
- tema - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
- dependency-check - newest version is a prerelease, currently "latest" in ecosyste.ms ignores preleases
- format-microformat - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
- webmention-testpinger - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
- jekyll-utils - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
- @voxpelli/metadataparser-mf2 - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
There's a couple there that have prerelease versions published to npm with @voxpelli/eslint-config as a dependency, but ecosyste.ms ignores preleases whn calculating the "latest" version.
There's also a few repos you link to that have @voxpelli/eslint-config as a dependency that have not been published to npm, the packages service only looks at versions published to npm, to get data on those you'll need to fetch dependent repository data from https://repos.ecosyste.ms/ instead