hoarders is not "cute"
eastridge opened this issue ยท 39 comments
While this may seem like a cute joke, having every npm flagged as being depended on by hoarders is not cute, it is in fact spam. Please consider ceasing the publication of this package as you are inserting garbage into the development ecosystem.
lol
While I was tempted to reply with an image macro, I think a more serious response is in order here.
Having hoarders show up as a reverse dependency in npmjs.org analyses was an unintended side effect, and not really the "point" of this library at all. I could explain the joke, but then it wouldn't really be funny.
In addition, Isaac himself has told me that he doesn't mind. You might even say he thinks it's "cute". You see, when I learned that hoarders was being reverse-depped to every package on npm, I did consider that it might constitute some level of spam/abuse. But then, after talking to some people, I came to the conclusion that it's okay. At least, for now.
I'm going to close this issue because I don't plan on unpublishing hoarders anytime soon, but that doesn't mean your opinion hasn't been heard.
@jesusabdullah sorry to sound like I have a stick up my ass, I'm usually one for pranks. This particular prank did actually cause me to spend time (albiet only a few minutes) investigating the following though:
- Had my package been hacked and had a dependency added (no, it was being depended on, oops)
- Was someone trying to make a statement that I was hoarding a package name? Nope.
So in essence your unintended consequence does have real world implications on others. Regardless of what Isaac thinks, it did confuse me and you're likely to confuse people in the future. I'm tempted to publish a few packages to prove a point on how easy it is to spam the system here...
- Had my package been hacked and had a dependency added (no, it was being depended on, oops)
I mean, you'll have that "problem" anyway as people decide to use your packages. That's really not the fault of hoarders.
- Was someone trying to make a statement that I was hoarding a package name? Nope.
I can see this, but it doesn't take a lot of investigative journalism here to find that's not the case. So I don't really find this all that compelling either. That, and I don't really care if people think my modules are any good, y'know? I wrote them for me.
That said, I am aware of the "noise" that hoarders adds to npm as a whole, and I've had a number of conversations today about the correct course of action. I'm still weighing my options here.
Node is fun, because screwing around is taken seriously.
There are a bunch of modules that are quite silly (like caps-lock-script),
hoarders is one of the greatest of the silly modules.
Why is this a "silly" module? I use it even when I only need Request.
An aside, we are using this intermittently when stress testing things, +1.
Can we please get rid of this package? @jesusabdullah: I would point out that each of your replies to @beastridge issues involve some modicum of work on his part, as the owner of a module that shows a 'hoarders' dependency. Sure, this work is usually trivial, but it's non-zero. And every single module owner is likely to have some-hoarder related question at some point. For example, the impetus for this comment is an email I'm sending to people that depend on the 'uuid' module. Do I need to include hoarders in this email or not? I don't know because I don't know what hoarders is used for, or if it's a joke, or what. And... so... I've lost 5-10 minutes of my day to this. :(
I.e. hoarders is a layer of unnecessary complexity that permeates the whole npm ecosystem. To those who [think they have] a legitimate use for this module, I would argue that there are better ways to accomplish your goals.
@broofa this is a non trivial and deeper problem that npm is a free for all and as it grows more weird and confusing shit is going to be on there.
We can temporarily solve the problem for hoarders but the underlying issue isn't going to dissappear.
@broofa this is a non trivial and deeper problem that npm is a free for all and as it grows more weird and confusing shit is going to be on there.
meta-issue
We can temporarily solve the problem for hoarders...
Great! Let's do that.
... but the underlying issue isn't going to dissappear.
I'm fine with that. I'm not suggesting we slay any giants here.
hoarders is important for stress testing npm, etc.
also, it's cute as fuck.
hoarders is important for stress testing npm, etc.
Can you elaborate?
Given that hoarders has at least 200X more dependencies than would reasonably appear in even a "LARGE" real-world package, I'll argue that the only thing hoarders tests is whether or not NPM can accomodate hoarders; I.e. it's neither useful nor important.
Every time I browse a package on npmjs.org I feel taunted by hoarders. I see it sitting there. Smugly. Slyly. It follows me everywhere, quietly taunting me. All the while it grows ever stronger gathering packages. Slowly. Surely. Relentlessly.
Totally.
On Nov 30, 2012 1:51 PM, "Ryan Eastridge" notifications@github.com wrote:
Every time I browse a package on npmjs.org I feel taunted by hoarders. I
see it sitting there. Smugly. Slyly. It follows me everywhere, quietly
taunting me. All the while it grows ever stronger gathering packages.
Slowly. Surely. Relentlessly.โ
Reply to this email directly or view it on GitHubhttps://github.com//issues/2#issuecomment-10899508.
I think what confuses people the most is the name of the module as it's not descriptive enough. Maybe a more generic name like npm-bot or npm-index or whatever should be fine. Of course it won't be funny anymore but will reach a wider audience.
@simov makes a very good point.
hoarders is too witty, clever a name.
I'm +1 on renaming to npm-bot or all-npm or something.
Of course, we can't delete hoarders because that will break apps that are depending on it already.
Of course, we can't delete hoarders because that will break apps that are depending on it already.
lol.
This is a good point to remind people that they should understand more of how the platform they are using.
Sometimes I got pissed off by what others think fun, like those punctuations (aww...). But I think this joke is good enough, take it easy people.
I guess @jesusabdullah could even ask Isaacs to put some description about this somewhere in npmjs.org, just for the serious guys. ;)
Or, I could update the description in the package.json to say, "THAT'S THE JOKE"
you silly serious sams :D
Even if it was intended as an internal joke, it affects people that don't get it or care.
5 min discovering what it is * devs using npm = a lot of wasted time for nothing.
I think it should be removed. It's just plain spam and has nothing to do on npm.
AFAIK early linux communities had a lot of things like this, did they blame it? They just think it's fun.
And I (and many others) just embrace how the open source world worked out this way, why would people blame errors that they can actually learn something from?
The more I use npm the more I think it doesn't really matter if some one think the modules are joke or not. Not everyone publish them to become famous. It's just an easy way to reuse and distribute useful parts of your program into different projects.
if this goes off npm - it would be a sad story
hoarders isn't a joke, its art! if i had enough money i would pay someone for maintaining this package :)
I implemented a blacklist for people that don't want to be depended on by hoarders:
https://github.com/jesusabdullah/hoarders/blob/master/build.js#L12-L22
Broofa's modules should be blacklisted already. If you would also like to opt out, send a pull request.
Reopening this for greater visibility to those which have not been blacklisted yet.
You can even make it in separate blacklist.json and require it in your code. Will lose the comments though.
I mean, I could but all the important configuration is in the build.json anyway.
I see my bad
I think the best way to implement this feature would be to publish a separate blacklist module that hoarders also depends on.
Yeah might be just an index.json :D
Another issue with hoarders (though it is a funny idea) is that it artificially inflates download numbers. I was elated when I discovered that downloads for mongo-helper had tripled, but was dismayed when pretty much all of them were "stress testing" or what-have-you. I'd like to know when people are actually using my package. The blacklist's a good idea (and I'll add myself to it) but here's some food for thought.
That said, it does increase visibility to packages, but by an amount that you'd need an electron microscope to find.
The "downloads" count is actually a count of cache misses. Each time someone installs a module the npm client checks whether the cached version is current, and doesn't download the package.
This means that a module that is installed often, but updated only occasionally, could have more cache misses (and thus a higher "downloads" count) than a module that is updated often but has less actual users.
So, "downloads" is a rather difficult metric to interpret, and doesn't relate directly to the number of actual users...
is that it artificially inflates download numbers.
Does it? You have to actually install hoarders in order for that download to show up.
Don't let the haters get you down, man: hoarders is hilarious. And educational!
Does it? You have to actually install hoarders in order for that download to show up.
We all know how many people have gone through the pain of doing THAT.
Haters gonna hate, when people say "bad experience is good", they never listen.
"Hoarders" is kind of like the Hello Dolly Wordpress plugin. And to quote that plugin's description:
This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong.
Also, I have just one package on npm, and it's nice to be ever so slightly less lonely in that hoarders is the only dependent package yet. It "symbolizes my hope and enthusiasm" and makes me feel a little less crappy. :)