pub-dev icon indicating copy to clipboard operation
pub-dev copied to clipboard
verified publisher icon dart-lang

Help users discover forked packages

Open munificent opened this issue 4 years ago • 5 comments

The null safety migration has highlighted that, as in any ecosystem, there are many packages that are no longer maintained. I don't generally think that's a problem because forking exists as a mechanism to let the ecosystem to route around inactive packages.

However, forks can be difficult to discover. I dimly recall that GitHub started showing forks in its UI many years ago in large part for this reason. Have we considered trying to surface this in pub.dev for packages that have been forked? That may help users pivot to more recent forks of packages that have gone dormant.

cc @eseidelGoogle

munificent avatar Apr 20 '21 19:04 munificent

I think this would be very useful too!

Discoverability on pub of alternative versions of a package is definitely not great at the moment.

One thing I would suggest is to not tie this to GitHub forks of the original package, as I've found that GitHub actually makes things annoying when maintaining an active "fork" repo as it does things like automatically make new PRs point at the original repo rather than the forked one. And of course while GitHub is overwhelmingly popular now, some people may want to host package forks elsewhere.

maks avatar Apr 21 '21 22:04 maks

Another reason to not tie this to GitHub: search is disabled on forked repositories, and once the codebase diverges a bit, it just makes no sense to keep the forked status, it is easier to just detach from the original repository.

isoos avatar Apr 22 '21 12:04 isoos

Do we need to validate that something is actually a fork of something else? If not, don't we risk folks just create new packages, and claim it's a fork of some other highly popular package?

mit-mit avatar Apr 22 '21 13:04 mit-mit

Do we need to validate that something is actually a fork of something else?

I think that when a fork happens, the original code changes (otherwise there is no reason to fork), and the new owner may need to gain trust from scratch. Even if we verify that the code is similar, we cannot vouch for the new owner.

If the original author has a strong opinion on it, they may indicate it in a newly published readme or in the replacedBy field, or, as happened in one of my packages, they can transfer ownership by adding a new uploader. I think these are strong signals, but they can't be gathered in an automated way.

isoos avatar Apr 22 '21 14:04 isoos

@jonasfj suggests adding a field in the pubspec like:

fork: <package>

And then make a search expression fork:foo, and on the package page have a link in the side-bar leading to that search.

image

sigurdm avatar Nov 14 '24 09:11 sigurdm