Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial governance suggestion #1
base: main
Are you sure you want to change the base?
Initial governance suggestion #1
Changes from 6 commits
46bf9c0
690ecc7
4c30103
8902808
5c35c96
1cd6f65
51dc45a
000e2bc
1fcb836
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ESLint TSC first as they are the ultimate caretakers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already have these alineas in the doc, so maybe we should remove it or move it to a more general place?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can mention be made here, or in a stub
CONTRIBUTING.md
document, that breaking changes should be reviewed by team members, if that is indeed the case? That seems to be a reasonable policy. I think it would be good to also explicitly mention that other merges can be handled by a collaborator who is different from the person submitting the PR.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes a lot of sense 👍
I would also like it if we would do some general guidance decisions on things like new engine ranges, so that contributors can reference that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The org is responsible for more than just plugins
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would maybe want a third level here:
And a project can move up and down – from primary, to auxiliary to archived and the other way around – and its clear to everyone what the status of the project is and that makes the threshold for accepting new projects lower.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the wording used here is a bit vague and could use some clarification. For instance, what does "kept up to date" mean?
Here's what I'd suggest:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like that suggestion! The wording is much clearer than my suggestion 🙏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see this 3M/wk example figure comes from the RFC where the majority of the mentioned projects have this level. I'm not aware of how much consideration it's had already, at RFC time, or now in being carried forward to this criterion - hence this comment.
It sounds like quite a high bar at first look, although for context ESLint itself gets 38M (so the 3M is 8%) and the React plugin gets 18M (47%). Other stats that would be more difficult to acquire would be count or % of all plugins on npm (or https://github.com/dustinspecker/awesome-eslint) that would meet this criteria.
Any further thoughts on the figure?
As far as I know, NPM download counts and GitHub stars are the only metrics available.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A better number / criteria would indeed be good
Eg. @aladdin-add proposed adding
eslint-plugin-markdown
and that has 500k weekly, but I guess that was proposed more as an offspring from ESLint core.Other possible numbers are accessible through eg. ecosyste.ms, such as number of "dependent packages" and "dependant repositories", which for eg.
eslint-plugin-markdown
is ±4k and ≈150kAt times also interesting to know which version it is that the downloads are from, eg that plugin has most of its downloads happen on the 3.x version and not yet on the latest 4.x version, which if it would be an abandoned aged project would indicate that its the 3.x version that should be adopted maybe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some ordered searches for some visibility of the curves:
https://www.npmjs.com/search?q=eslint-plugin-&ranking=popularity
https://github.com/search?q=eslint-plugin-&type=repositories&s=stars&o=desc
I think both downloads and metrics are pretty flawed though. For popular projects I expect the share caused by public mirrors is small. Some companies run NPM mirrors and have hundreds of developers and projects hidden behind a single download count. Others are running hundreds of CI jobs daily without any caching or mirror. And how many people star the projects they use. These aren't problems for us to solve here, but to be mindful of their effect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if we use number of projects that depend on the package? This might give a better idea of "importance" to the community (especially when coupled with downloads).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually have been working on a tool that enables one to list dependents of a module + filter those dependencies on how old the latest release it, minimum downloads and such: https://github.com/voxpelli/list-dependents-cli
(Will be using it for some canary tests, but is similarly useful here)
On the governance text:
Maybe we just remove any hard numbers and defer it to a case by case basis?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think dependents count is an useful input, but perhaps when applied to all users, a secondary one. My intuition is that there are many, many more private than public projects depending on plugins, but of course we don't have information about those.
Taking https://www.npmjs.com/package/eslint-plugin-react for example, and generously assuming that every one of the 17k dependents make 10 downloads every day of the week, that would account for 1M of the 18M weekly downloads. Limited information here so I'm clutching at straws and that might be a flawed validation of my intuition.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just seen the comment about removing hard numbers. I think it would be fine.
For the use case I had today at least, it would have resulted (by the word "widely") in the what I believe to be the correct outcome which is that I wouldn't have submitted my not-very-popular (3-4K/wk) small project.
There is a data gap we've come across here however that I expect is bound to have affected people making decisions (in the NPM ecosystem generally) before us and will continue to in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
eslint-plugin-react has 2 million dependent repositories: https://packages.ecosyste.ms/registries/npmjs.org/packages/eslint-plugin-react
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah I see, dependent repositories rather than packages as I used from npmjs.org, and they have a more comprehensive view of other distribution channels for the packages number too. Presumably still not covering private projects however.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we included the number because "widely used" is another vague term that could be interpreted differently by different people and just wanted to give an indication 🤷♂️
So I would be in favor of just removing the number completely 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would like to open a follow up issue for this list afterwards and move eg. maybe the formatters to
auxiliary
+ ensure that the list of maintainers are up to date and ensure that access to the repositories are synced up with that.