Package Usage

[mattmassicotte]

Recently, I was giving some thought to how people choose packages. GitHub stars are really valuable here, and sure they are a signal. But, what would be really cool is if I could see what products are using a given package. I think this could be really useful both to authors, to help get an idea of who's using there stuff. But, it could be also a really great way to help make a decision on which package to choose.

One easy way is to see what other packages depend on a given one. This is information you've already got from the manifests, thought as far as I know it is not surfaced in the UI.

A more ambitious approach could be some kind of app index. Maybe tied to a .well-known file to provide a means of trust?

What do you think?

[daveverwer]

This is a really interesting idea, but we only have a fraction of the picture in the dependency data we can access, and the results would be heavily skewed towards packages that are useful to other packages over packages that are useful in apps.

That data might be useful as a signal towards package quality, but I'd be cautious about weighting it heavily.

I'd love to know a little more about what you mean by an app index. Can you elaborate?

[mattmassicotte]

Ok yes, these are good points.

Please keep in mind, I haven't thought deeply about this yet. I was thinking something along the lines of what you do for packages. A database of apps -> packages. Could be almost as simple as the JSON structure you use for accepting new packages now. I suggested the .well-known thing to add trust on top of the user-supplied content. Though it might take quite a bit of effort from the developers to go that far.

[daveverwer]

Ah interesting, so maybe a script people could add to a build phase that reports anonymous dependency information to an API we host.

It'd be fascinating data, even better than number of downloads (which we can't get either) as it would reflect packages being removed as well as being added. I think we'd need to be far more well established before this would work, though.

[finestructure]

Ah interesting, so maybe a script people could add to a build phase that reports anonymous dependency information to an API we host.

Or a build plugin that's preconfigured to report everything up. I think that'd be a simplest way to set this up. But even so I guess it'd need some sort of incentive to do it. I wonder if there's some sort of benefit that could be derived for the reporter to make this attractive.