-
-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Notify users of deprecated/outdated package #579
Comments
Definitely not this. No recent activity does not mean deprecated or that it won't work anymore. Nor can you can be sure that just because a shard is old it's abandoned, even without the owner explicitly saying so.
Unlike NPM there is no central repository for shards so the approach of adding something into The argument against this is that it would only handle the case of willingly deprecating, such as The other argument against it is would it really bring that much value? The readme of |
I wanted to state that lot of people are not aware of state of open source package. At first, they can check the package, see it's development and add it as dependency. As far as I can see, these are mostly packages that still have crystal version specified 0.36 and below OR packages that have version from 1.x.x to 2.x.x . EDIT: Maybe ability of addind |
IMO it's the responsibility of the application owner to be aware of the dependencies of their application, including their maintenance status and latest version. Crystal isn't NPM in that installing a shard isn't going to also require thousands of other random dependencies. So I don't think it's that big of a deal to just be aware/stay up to date with the shards you're using. By using a shard, you somewhat accept the risk that it could be abandoned or a future upgrade may have breaking changes that need to be dealt with. However, if the application/shard follow semver, as shards suggests, is pinning its dependencies, and not blindly updating, there isn't anything wrong with not upgrading past an older release of a shard, bar security patches or bug fixes you need. Outdated doesn't necessarily mean "no longer working", especially if it supports Crystal
In this case, if you try to install a shard whose
But whats the problem with shards that have it set between
https://crystal-lang.org/api/Deprecated.html already exists. But don't think it currently works for modules/classes? At least the quick test I did didn't produce any warnings. |
@Blacksmoke16 Maybe you and your team can take as idea and discuss |
It should work with classes 🤔 (docs are explicitly stating that too) |
True. But the ecosystem should help out with that. It's annoying if developers have to check all their dependencies manually whether they're still maintained. Unfortunately, the mechanism of shards makes it practically impossible to alter the metadata of a shard's release after it's been released. All information is included in the released commit. Changing that would require retagging, which is not recommended. So basically the only process I could see to mark a release as deprecated would be to make a new release. That would not affect older releases, though. So it's maybe not that useful. However, this entire process has some requirements, especially on the shard author's cooperation. They need to realize their shard is outdated and be willing and able to communicate that. There are more than enough cases where this will not play out, leaving shards practically abandoned but without any clear indication about it. To cater for this, there needs to be a different mechanism that doesn't depend on the ability to edit the shard source. Metrics such as age, commit frequency, responsiveness on the issue tracker etc. can also helpful to determine the health of a dependency. But I don't think they can be useful for an automated, hard categorization. They're soft indicators. No activity doesn't necessarily mean a shard is abandoned. I think https://www.ruby-toolbox.com handles this in a nice way: Metrics are automatically calculated and associated with a red, yellow, green score. If a gem has lots of red metrics, it's definitely a sign to be careful about it. |
@[Deprecated("Deprecation of MODULE")]
module Document
@[Deprecated("Deprecation of CLASS")]
class Image
@[Deprecated("Deprecation of METHOD")]
def url
puts "http://dummy.io/image.png"
end
@[Deprecated("Deprecation of INITIALIZE")]
def initialize
@w = 1000
@h = 1000
end
end
end I'm only able to get Warnings on |
|
NPM has support for Deprecating packages. Users are notified when their dependencies are outdated when using
npm install
.It would be also nice to see this when using
shards install
. Not sure how this would be implemented, but something like:shard.yml
to state it's deprecatedFor example, I see this repository https://github.com/kostya/myhtml is built on latest crystal, but the last commit was 2 years ago and it's dependencies are not maintained anymore.
The text was updated successfully, but these errors were encountered: