npm-trends icon indicating copy to clipboard operation
npm-trends copied to clipboard

Published 20 hours ago verified publisher icon uidotdev

Updated date is not correct for some packages.

Open klieber opened this issue 4 years ago • 7 comments

I've noticed some packages are not showing the correct updated date. For instance, the ncp package shows it was last updated on "Mar 16, 2020". However, the last commit to their Github repository was "Feb 22, 2015" and the last release was published on that date as well. I verified this also in NPM.

https://github.com/AvianFlu/ncp/commits/master https://github.com/AvianFlu/ncp/releases https://www.npmjs.com/package/ncp

This is just one example. I've noticed this on a few packages in the last couple of weeks but didn't keep track of them. I can update this issue with more examples as I come across them.

klieber avatar Mar 27 '20 17:03 klieber

Another example: cpx

npmtrends shows it as updated on 12/29/2019 but really it was last updated on 9/4/2016

klieber avatar Mar 27 '20 19:03 klieber

After doing a little more digging on this I think I see what is causing the issue. I thought maybe the data was coming from the wrong repository so I did a search for other repositories named "cpx" in github. The first one to come up was the correct repository but I was surprised to see github reporting that is was last updated on 12/29/2019:

https://github.com/search?q=cpx

image

Then I went into the repository and I see the last issue to be opened was on 12/29/2019:

https://github.com/mysticatea/cpx/issues

image

Similarly the ncp packages last pull request to be opened was on March 16, 2020.

https://github.com/AvianFlu/ncp/pulls

image

So, maybe the date that npmtrends is using isn't the right one. That date seems to just reflect the last time any activity happened within Github but really I would think npmtrends would want to be reporting just whenever the last commit happened.

klieber avatar Mar 27 '20 19:03 klieber

Nice detective work! 🕵️‍♂️That does look like what's happening. We're using an attribute called pushed_at which I thought was the date of the most recent commit, but it might include PR's in that.

This SO comment seems to indicate someone else noticed that as well https://stackoverflow.com/questions/15918588/github-api-v3-what-is-the-difference-between-pushed-at-and-updated-at#comment88211717_15922637

I agree with you that the goal of "updated at" in the list should be to show when the latest work was done on the repository. I'm not sure if counting PR's that come from a fork in that makes sense or not.

johnmpotter avatar Mar 27 '20 20:03 johnmpotter

I wonder if you should be using the dates from github at all. Really, even the last commit isn't super important right? It's really the last time a release was published that tells us if the package is active. If there was a commit two weeks ago but a new release hasn't been published in 2 years I would still consider that package to be not be very active.

If that is the case then it looks like you can get the date the package was last published from api.npms.io like this:

$ curl -s "https://api.npms.io/v2/package/cpx" | json collected.metadata.date
2016-09-04T21:58:33.377Z

$ curl -s "https://api.npms.io/v2/package/ncp" | json collected.metadata.date
2015-02-22T20:55:26.456Z

klieber avatar Mar 27 '20 22:03 klieber

I agree with @klieber that the most helpful metric is "date of the most recent published package to npm". This is the strongest signal that a package is still alive and maintained.

I think the next strongest signal is "date of latest commit to any branch of the Github repository". In my mind, issues and pull requests don't mean much. Also, trying to use any particular branch (like master) may not be useful in repositories that choose to use a unique git workflow (or potentially don't have a master branch).

The only other signal I could think of for activity is "date of latest closed issue". This is a really bad signal, though, since so many repositories auto-close issues. Also, IIRC, Github encourages the closing of all issues on abandoned projects, which could further muddy the waters here.

I don't have any technical insight into how viable these signals are to use. I wanted to give my two cents as an active user of npmtrends. I have also been impacted/confused/misled by the "updated" column being inaccurate.

scowalt avatar Apr 22 '20 02:04 scowalt

I would cast my vote for last commit -- since following a package link takes me to github

Basically, I'd like to see the most recent date match with whatever date is most prominent at the link destination

It would be fun to have the date show the last npm release, but the link doesn't take me to npm

ajoslin103 avatar May 23 '20 15:05 ajoslin103

Any news on this? This tripped me up as well. We had a very outdated dependency and used npmtrends to find a replacement that had a lot of use and was up to date. But after having switched, we realized the replacement was in fact basically just as outdated as the replaced... 🤦‍♂️

Definitely if possible, switch "Updated" to show date of most recent commit.

But additionally, how about adding a new column "Published" (or something like that) with the date of most recent publish on npm? And that date could be made clickable and point to the npm page?

Personally, it tends to confuse me a bit that the package link goes to GitHub rather than npm...

Svish avatar Oct 26 '20 17:10 Svish