You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Publishing a new version of a package can be see as a way to display that the community around the project is live and that security issue (or performance optimization) are taken into account. In the Node.js ecosystem, targeting a patch update for security / performance can make sense - without overwhelming users relying on the library.
Expectation
Define a max duration for which not having an update raise an alert
Automatically watch all repositories for latest release and trigger a message (slack / email / other)
Implementation
Discuss about the max time (and if we want to do that)
Implement an action per repo (or one action checking all repo regularly - no need to PR that in all repository)
Status
Part: Technical
Draft
We should define a threshold (6 months or a year) to raise warning if a packaged was not updated in this amount of time
Keeping a large amount of libraries up to date and publishing new versions is hard but is also one way to display a live and healthy ecosystem. By enforcing that all packages need to be updated and published at least once in a defined amount of time we can lower the global risk while displaying the need to update to our user base.
The text was updated successfully, but these errors were encountered:
Motivation
Publishing a new version of a package can be see as a way to display that the community around the project is live and that security issue (or performance optimization) are taken into account. In the Node.js ecosystem, targeting a patch update for security / performance can make sense - without overwhelming users relying on the library.
Expectation
Define a max duration for which not having an update raise an alert
Automatically watch all repositories for latest release and trigger a message (slack / email / other)
Implementation
Discuss about the max time (and if we want to do that)
Implement an action per repo (or one action checking all repo regularly - no need to PR that in all repository)
Status
Part: Technical
Draft
The text was updated successfully, but these errors were encountered: