Feature request: Check of README should be part of package maturity test

Question

Feature request: Check of README should be part of package maturity test

spotlesscoder opened this issue 5 years ago · 5 comments

README is just one aspect of package maturity.

When README is missing, the package maturity check step should be marked with a warning sign.
This way, we save one line of output which saves the user valuable time.


npq install jq
  ✔ Checking package maturity
  ✔ Identifying package author...
  ✔ Checking package download popularity
  ✔ Checking availability of a README
  ✖ Identifying package repository...
  ✔ Checking package for pre/post install scripts
  ✖ Checking for known vulnerabilities
Detected possible issues with the following packages:
  [jq]
    - the repository associated with the package (git://github.com/logicalparadox/jq.git) does not exist or is unreachable at the moment.
  [*]
    - Unable to query for known vulnerabilities. Install snyk and authenticate or provide a SNYK_TOKEN env variable (https://snyk.io)

? Would you like to continue installing package(s)? (y/N)

Answer 1 · 2020-01-17T19:44:45.000Z

A couple of interesting observations:

Seems like run-time of npq is probably an issue you are experiencing?
We could indeed probably fold-up some of the checks into general categories and then fail on specific checks. If that's the case, what else would you roll-up as general categories?

Answer 2 · 2020-01-17T19:48:05.000Z

The time it takes npq to run is not the problem. The problem is having to spend additional time for reading each line of the output. With my suggestion, we would save at least one line of output

Download popularity could also be considered to be an aspect of package maturity

Answer 3 · 2020-01-17T19:50:47.000Z

Run-time: it shouldn't really require another "line" additional time in terms of network I/O since we do (should) cache the packument from the npm registry between those line checks.

Very much agree on categorization. How about this:

Package maturity will have:
1.1. README
1.2. Download counts
1.3. Days since released
Security
2.1. Vulnerabilities
2.2. install script hooks

Where would package repository go? I think maturity as well?

Answer 4 · 2020-01-17T20:09:42.000Z

I'm not sure whether I worded it properly.
What I mean is that with each line, the user needs to spend additional time reading through the text with his own eyes.

I agree on your categorization. Repository could be part of maturity test.

Answer 5 · 2020-01-27T21:03:37.000Z

Sounds good.