packagist
packagist copied to clipboard
composer
By default hide in search results packages without stable version to encourage proper versioning
I see that the biggest problem with composer/packagist community is that people are creating useful packages and sharing them with others but never releasing a stable versions. That problem is making hard to maintain easily a stable composer.json that has dependencies on such packages - because obviously those packages are very useful and it's nice to use them and not reinvent the wheel or maintain a fork of that kind "dev-master" only packages.
I believe that hiding by default "dev-master" only packages both in search results and in details view plus notifying other developers that:
This package dosen't contain any stable version, may not be production ready and may cause you problems with maintaining "composer.json" of your project.
Should encourage everybody that shares their code on packagist to proper version their code. So that if their code is not maybe completely ready, but it's stable enough, it may deserve some stable tag or even alpha for example. This will also help beginners to better understand what package they should choose to avoid problems in the future.
I hope you will like this idea.
I agree we could add a warning on the package page, but I don't think hiding stuff from the search is a good idea.
Just add checkbox "show unstable packages" should do the job. It's not about hiding it, it's just about preventing people of installing them and encouraging developers to build stable versions instead of working forever in "dev-master".
IMO, hiding them from the search would be the best way to encourage NIH as people would not be able to find them easily. And they would not be able to ask the owners to tag it as stable if they don't know it exist
I think that would affect more package authors. If their package is not visible by default that would make them create a stable versions to be able to appear in default packages list. If they don't care about that, people should NOT be able to see those authors packages - because there is no sense in using a package that can break any time.
But then people will tag a 0.0.1-alpha to be in the search results and then never tag again. We need to educate people to manage their packages properly, not train them to game the system.
Same difference. People will tag a 0.0.1 to make packagist happy and never tag again.
At least it will not break your project on composer update and will allow to avoid crazy "minimum-stability: dev-armageddon" in your composer.
@Turneliusz whats the difference between "minimum-stability: dev-armageddon" and packages with tag 0.0.1? IMO its same dangerous.
php composer.phar update - that is the difference, try it with "minimum-stability: dev" and feel the pain. I think that any tag in the package is more helpful than "dev-master". Even 0.0.1 tag is better, you can expect that package is "stable enough" (package author would have to be an idiot to create tags randomly) but seeing 0.0.1 you will know that package is in early state of development before fully-featured 1.0. Anyway, stable tag dosen't mean that package dosen't have any errors. Maintaining a project full of dev-master packages is horrible.
@Turneliusz If you require a stable tag to be visible on Packagist, you loose the expectation of being "stable enough" as authors will create a tag randomly to appear in the list. Don't forget that authors are humans.
Stable tag will not be a requirement, it will just make browsing easier, help developers and encourage package authors. Anyway packages would be hidden just by default with possibility to quickly show those that are unstable if a developer would want to pick one to a project.
I don't see much problems with that approach. Developers wants to pick stable packages and going through many pages of results just to notice that most of the packages are not stable or not maintained is pain.
Help people to choose proper package, hide those that shouldn't be picked by default. The community will be more and more mature every month. Most of the packages will become stable over time and that feature will allow to not to clutter results space by not ready for production packages. Maybe my idea of encouraging package developers is too utopian but anyway - that feature is extremely helpful. Simple as that.
So maybe search results should show after package name stable version number or information that the package is unstable yet?
Yes, for sure. I additionally would like to hide unstable by default because there is almost no reason to choose dev packages. Clicking "show unstable" should be second step when you cannot find anything else. You are doing that 2 steps search anyway: first you are searching for stable packages with good community, then if you can't find anything you are looking into less popular ones with just dev versions.
@Turneliusz as I said, I think showing a warning on packages without stable release is good (on the package page and perhaps in listings too). Still don't agree hiding results is gonna lead to anything productive.
Hi. Today I tried to find the main package myak/framework through packagist search and confused with results: https://packagist.org/search/?tags=framework because they don't contain the package. The myak/framework package contains the 'framework' tag. I am unable to find it by other tags also. Is it related with this issue?
I see that the biggest problem with composer/packagist community is that people are creating useful packages and sharing them with others but never releasing a stable versions.
It is not biggest problem. Stable/dev is just names, dev package can be more stable than "stable". It is responsibility of authors to deploy quality packages. Just use CI.
I agree unstable package should not be hidden by default.
Just add checkbox "show unstable packages" should do the job.
@Seldaek What about the reverse? Show all packages and add a "hide unstable packages" button?
I still stand by my opinion at https://github.com/composer/packagist/issues/300#issuecomment-15586356
I understand, but my proposal would not change the default behavior (show all packages).
It just adds a filter for users who want to.
Buttons and switches everywhere adds complexity to the UI, and code to maintain. Everything has a cost. IMO the benefit is not worth the cost in this case.