►
From YouTube: 2020-08-12-Package Maintenance Team meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
so
we're
live
for
the
node.js
package,
maintenance
team
meeting
for
august
12
2021
we'll
follow
our
standard
agenda,
which
was
in
the
issue
which
was
number
476
in
the
repo.
Before
we
get
started.
Does
anybody
have
any
announcements
they'd
like
to
share.
A
A
B
B
I'm
just
checking
real
quick
to
see
if
there's
anything
I
missed,
nope
hasn't
been
really
any
movement
on
that
same
thing,
no,
no
particular
updates
on
it
that
I'm
aware
of
just
we're
trying
to
decide.
If
we
were
going
to
name,
we
were
going
to
rename
the
create
if
pkgs
would
be
renamed
from
create
pkg
pkgs
create
if
we're
going
to
rename
it
from
create
to
create
package.
But
again
nothing's
happened.
So,
okay.
A
The
I
think
darcy
I
had
pinged
you,
I
don't
know
if
you
saw
it
just
wondering
like
because
you're
the
one
who
has
published
rights
for
the
create
right.
C
C
A
A
B
Yeah,
you
could
add
me
we're
probably
not
ready
for
a
publish
anytime
soon,
but
I
think
west
probably
just
forgot
that
he
had
rights
or
something
so
he
just
had
wes
has
been
really
busy
lately.
So.
C
Yeah
we
both
have
being,
unfortunately,.
A
B
A
Yep
sounds
good.
The
next
one
suggested
list
of
modules
to
help
get
support
into.
I
don't
think,
there's
any
updates
on
that
one.
Unless
somebody
else
has.
B
Oh,
I
added
this.
Actually,
this
was
it's
just
something
specifically
that
I
think
we
should
revisit.
I
wanted
to
bring
it
up
in
that
we
have
documentation
and
stuff
like
that.
So
you
know
obviously
part
of
the
group
for
anyone
watching
part
of
it.
The
idea
is
to
have
guidance
and
documentation
for
package
maintainers.
We
have
some
of
this
stuff
written.
B
B
Basically
there's
stuff,
that's
written
that
we
just
need
to
decide
if
we're
going
to
promote
it
up
to
like
an
actual
from
like
a
proposal
into
like
actual
documentation
or
guidance
or
whatever.
So
it's
an
issue
that
I
found
a
while
ago
when
I
was
going
through
last
week,
I
was
going
through
stale
issues
and
stuff,
and
I
was
like
oh
hey.
We
haven't
talked
about
this
in
a
while,
so
maybe
we
should.
A
Yeah
and
that's
certainly
a
good
good
point-
I
don't
know
if
on
any
of
those,
these
there's
any
reason
why
we
wouldn't
promote
them.
D
You
know,
are
they
good
enough
or
are
they
just
a
bunch
of
to-do's
or
so
it
would
require
someone
just
at
least
doing
like
one
read-through
and
maybe
presenting
like
the
seams
enough
or,
if
not,
then
maybe
just
giving
it
a
once-over
and
then
presenting
it.
B
Yeah,
I
think
some
of
it
is
maybe
just
like
it's
incomplete
or
whatever,
but
but
yeah
we
have.
We
have
some
of
this.
That
issue
that
I
linked
is,
I
think,
more
of
a
tracking,
it's
a
tracking
issue,
and
so
it's
just
a
good
place
to
keep
keep
eyes
on
because
it
links
out
to
other
issues
where
it's
like.
Oh,
we
already
have
some
of
this
stuff
going
et
cetera.
So
I'm
looking
right
now
at
one.
That's
the
publishing
guidelines,
draft.
E
A
B
I
think
I
I
personally,
I
think
that
this
stuff
is,
it's
pretty
it's.
I
think
it's
important
stuff
as
I've
been
involved.
As
I've
been
you
know,
in
whenever
I
interact
with
other
projects
or
groups
and
whatnot,
I
always
try
to
make
notes
of
things
that
people
are
asking
questions
about,
and
a
lot
of
it
is
things
that
we
either
have
things
in
progress
for,
or
would
be
really
good
to
capture
into
articles
or
best
practices.
I
have
a
question
about
something
that
I
would
like
I.
B
A
B
Yeah,
I
think
this
one
is
a
good
one
to
keep
on
recover
recurring
on
our
agenda
too,
just
so
that
if
we
have
time
we
can
even
maybe
look
at
one
of
them
or
have
a
discussion
around
it.
So
I
think
it's
a
fruitful
one
to
get
reminded
about
periodically
so
yeah.
I
agreed.
D
I'm
curious
about
because
I
think
one
advantage
you
know
like
like
if
everybody
just
got
one
then
could
basically
just
all
knock
them
all
out
in
like
a
couple
of
weeks
or
something,
but
then
it
would
also
hopefully
remove
the
inertia
for
as
you
do
things
through
the
pkgs
and
kind
of
all
those
exploratory
projects
and
tools.
Hopefully,
some
of
that
added,
anecdotal,
generalized
anecdotal
experience
can
just
be
like
a
quick.
D
You
know
patch
paragraph
to
existing
stuff
and
then
it's
you
know
hopefully
helps
support
the
you
know
the
ongoing
lessons
learned
and
then
I'm
assuming
you
know
that
trend
happens.
D
Is
there
any
like?
I
guess,
maybe
more
for
you
mike
michael,
which
one
you
prefer.
But
like
is
this
content
that
could
get
like
cross-linked
or
cross-promoted
the
node.js
website?
Is
there
any
sort
of
or
is
it
just
kind
of
everybody
just
throws
up
some
tweets
and
be
like
hey,
there's
docs
here
you
know
if
you're
a
package
maintainer,
I
guess
right.
Can
we
circulate
this
information
short
of
just
the
the
repository?
If
that's,
if
that's
a
within
the
scope
of
a
group
like
this
or
I
don't
know,.
A
Certainly,
if
we
you
know
having,
I
think
the
idea
was
like:
let's
do
it
here.
First,
once
we
have
a
good
set,
which
we
probably
have
enough
then
figure
out.
Does
it
make
sense
to
be
publishing
it
in
other
places
like
the
website,
and
you
know,
I
think
if
we
wanted,
like
a
top-level
page
that
referenced
this
or
you
know,
I
think
it's
it's
up
to
us
to
figure
out
what
we
think
will
add
the
most
value
and
then
you
know
we
can
push
for
that.
D
Are
there
any
public
analytics
for
the
node.js
website?
Do
we
know
like?
Do
we
see
that
you
know
x,
amount
of
hits
goes
to
like
a
getting
started
like
a
lot
of
people
hit
the
home
page
and
go
to
getting
started.
We're
like
well
there's
a
lot
of
potentially
new
users.
I
imagine
just
about
everybody
that
does
node.js
development
is
going
through
that.
So
it's
like
just
the
funnel.
D
A
C
A
A
The
data
going
yeah,
we
basically
said
like
we
got
it
working
so
that
we
collect
the
data.
If
somebody
wants
to
work
on
a
nice
visualization
grate,
but
you
can
go
through
and
it's
you
know
so,
for
example,
once
a
quarter,
I
do
go
through
and
grab
a
number
and
I
think
it
was
like
184
million
last
quarter.
A
C
A
That's
that's
where
yeah
I
know
I
I
just.
I
use
that
when
people
when
I'm
saying
like
look
at
how
much
usage
there
is
that's
one
of
the
things
that
I
post,
but
that's
good.
One
thing
I
have
thought
would
be
good
and
you
know
just
haven't
had
time
to
think
or
do
anything
about
it.
Is
there
be
nice
to
have
a
marketing
deck
and
that's
the
kind
of
place
where
that
would
easily
fit
into
right.
C
D
C
A
C
What's
generating
this
some
sort
of
like
cloud
gcp
like
cloud
function
or
something
is
generated,
yeah.
A
F
Yeah,
hey,
I
work
with
ash,
it's
a
cloud
cloud
engine.
It
was
going
to
be
a
function,
but
we
can
get
that
working.
So
it's
using
cloud
engine
just
deploying
a
small
docker
image
and
I
believe
he
purposely
massaged
the
format
to
fit
the
charts
that
were
already
there.
F
Yeah
yeah,
so
that
that
format
can
stay
like
static,
but
I
think
when
we're
looking
at
we're
kind
of
like,
is
this
really
the
best
format
for
being
able
to
produce
graphs
easily,
but
as
it
is
now,
the
action
is
just
running
on
a
timer
once
every
five
minutes
or
something
and
pushes
the
file
and
then
collates
it
daily.
So
nothing
should
change
underneath
you
at
the
moment.
C
So
if
I
want
to,
I
could
just
essentially
scrape
those
json
files
for
let's
say
a
month,
historical
timeline
and
then
calculate
myself.
If
I
wanted
to
yep.
F
B
A
B
A
So
yeah,
I
think,
if
I
remember
like
cloudfire,
had
a
way
to
push
the
data
that
we
needed
to
like
the
access
log
data
to
gcp,
and
since
it
was
a
large
amount
of
data,
we
didn't
want
to
them
to
push
it
somewhere
else.
So
we
generated
the
summaries
there
and
then
published
them
in
in
the
way
that
we
could
most
easily
make
them
accessible.
A
In
terms
of
people
interested
in
downloads,
I
also
did
some
estimate
estimation
in
terms
of
like,
if
you
go
to
docker,
it
basically
just
shows
you
1
billion
plus,
but
there
is.
There
is
a
way
to
hit
a
url
that
gives
you
a
number
for
the
day.
A
So
if
you
actually
take
the
number
at
the
beginning
of
the
quarter
and
number
at
the
end
of
the
quarter,
you
can
calculate
the
number
and
it's
big
as
well.
Like
my,
I
had
to
estimate
it
because
I
only
had
like
I
only
had
19
days
of
data,
but
for
the
last
quarter
for
q2
it
was
270
million
polls
of
the
standard,
docker
images.
A
So
you
can
add
that
to
the
184
million
downloads,
from
the
the
thing
and
then
there's
other
there's
other
ones
like.
I
also
looked
at
the
ubi,
the
red
hat,
ubi
ones
and
there's
like
a
half
million
of
those.
So
you
end
up
with
a
you
know-
maybe
500
million
downloads
through
some
mechanism
that
we
can
track.
D
What's
the
website
hosting
architecture,
is
it
a
server
side
rendered
or
statically
assumed
statically
generated
right?
I
guess
let's
just
care
well,
the
nodejs
stats
are
gonna.
I
guess
I
was
just
curious
if
there
was
any
way
to
understand
how
users
are
using
the
website
in
terms
of
what
kind
of
contact
might
be
useful
to.
A
Probably
well,
I
suspect
the
answer
is
yes,
it's
lots
of
data.
You
know
the
way
we
get
the
download
data
now
is
by
processing
cloud
fare
logs,
so
we
process
the
ones
for
the
downloads.
We
don't
do
it
for
any
other
particular
site,
but
like
that
data
would
potentially
be
able
to
from
that
data,
you
would
potentially
be
able
to
pull
out.
You
know
what
other
pages
are
being
used,
but
it
would
take
a
it
took
us
a
reasonable
amount
of
work
to
get
this
bit
working.
So
it
would
be
not
a
trivial
thing.
C
A
C
D
Yeah
not
necessarily
well,
I
was
thinking
like
if
you
were
to
host
it
on
netflix,
you
get
server
stats,
then
you
wouldn't
have
to
yeah
analytics,
not
necessarily
with
google,
specifically
but
depending
on
who's
hosting
the
site.
You
might
be
able
to
get
server
logs
yeah.
I
I
assume
that
people
are
probably
sensitive
about
what
kind
of
third-party
scripts
would
get
added
to
site
like.
F
D
A
A
A
F
A
A
You
know
the
question
was
like
you
know:
there's
there's
a
whole
bunch
of
pages
on
the
website.
It
would
be
interesting
to
know
which
pages
are
getting
lots
of
traffic
and
stuff
like
that.
So
it
seems
like
we're
basically
extracting
that
data,
but
just
for
the
downloads.
F
F
Yeah,
so
I
know
ash's
script
is
very
heavily
like
traversing
through
the
urls
and
that
we
touch
like
pulling
out
the
architecture
pulling
out
from
the
platform,
and
so
it's
very
specific,
but
on
the
whole
once
you've
got
access
to
the
logs.
I
think
it's
just
a
case
of
searching
for
particular
endpoints,
so
the
logic
couldn't
be
reused,
as
is,
but
it
should
be
quite
simple
because
it'd
just
be
like
a
blind
or
grapple
or
something.
B
It's
probably
also
worth
bringing
up
or
opening
an
issue
at
the
website.
Redesign
working
group
too,
just
to
see
like
hey,
is,
is
this
going
to
be
possible
with
the
new
site
or
whatever
like
what
it?
You
know
asking
about
that
if
the
plan
is
still
for
that
new
site
to
supplant
the
original,
so.
D
B
D
D
So
maybe
that
could
be
a
next
step
once
we
feel
good
that
our
content
is
in
a
good
position.
We
can
maybe
say,
like
hey
website
group,
what's
the
possibility
of
kind
of
cross-promoting
the
work,
maybe
relevant,
working
group
content
in
the
website
like
say
best
practices
for
package
containers,
which
is
maybe
very
directly
related
to
node.js,
so
yeah,
there's
not
transitive.
B
B
But
it's
it's
basically
just
content.
That's
been
donated
from
flavio
copes
who,
if
you
google,
a
lot
of
node
concepts.
His
website
comes
up
first,
he
donated
like
almost
all
of
his
learning
stuff,
and
it's
now
just
a
big
part
of
the
learning
part
part.
But
point
being.
Is
that
like
yeah,
you
could
just
pr
it
in
and
there's
not
that
many
people
that
would
need
to
review
it
before
it
became
an
article
there.
So
I'd
love
to
see
that
happen
cool
all
right.
B
I
had
a
quick
question,
probably
before
we
broke
or
get
out
of
here,
but
I
I'm
not
sure
if
we
have
enough
people
to
get
a
good
answer
on
this,
but
do
we
have
a
consensus
on
or
not
consensus?
B
A
client
is
asking
me
that
a
client
is
worried
about
all
the
depend
about
prs
and
I
know
that's
been
a
topic.
That's
been
talked
about
a
lot
in
the
ecosystem
lately.
Does
anybody
have
any
any
good
tips
or
like
basically
like
you
know?
Is
there
an
article
somewhere?
I
can
point
these
people
to
to
be
like
this
is
what
our
best
thinking
about
how
to
manage.
How
to
not
drown
under
depend
about
prs
so.
D
Yeah,
I'm
finding
the
link,
I
the
shame:
darcy
dropped
but
they're
having
this
conversation
over
on
the
npm
rfc's
weekly
meeting.
Basically
the
as
I'm
sure
most
of
us
have
heard
about
the
the
article
and
twitter
thread
by
dan
abramov
about
npm
audit
as
a
tool
went
somewhat
viral
about
two
three
weeks
ago.
So
tyranny
opened
an
rfc
to
open
the
conversation
about
how
to
funnel
some
of
dan's
critique
observations
and
musings
about
potential
solutions
into
something
actionable.
I'm
just
trying
to
find
it
here.
So
it
does.
D
I'm
also
curious
to
see
if
it
does
also
capture
the
historical
context
and
actually
referencing
the
tweet.
So
if
they're
technical
enough,
you
can
maybe
point
them
because
there's
pretty
depth
conversation
happening
like
the
security
mindset
versus
like
the
you
know,
you
know
the
dev,
the
deadly
angel
on
both
on
each
shoulder
kind
of
thing,
so
to
speak
so
but
yeah,
that's
that's
a
start.
So
if
you're
not
familiar
with
the
article
from
dan
abramov,
I
feel
that's,
maybe
the
more
accessible
entry
point
than
if
they're
technical
or
for
someone
like
yourself.
D
B
About
yeah
I
mean-
and
I
yeah
I
appreciate
it-
basically,
that's
kind
of
what
I
told
them
is
I
was
like
I
was
like
there's
a
lot
of
things
being
talked
about
an
ecosystem
currently
around
this
stuff,
so
I
was
like.
Basically
I
told
him
don't
worry
about
the
fact
that
dependent
bot
is
noisy
like
you're
everyone's
experiencing
this
right.
Now
too,
and
I
was
like
I
I
brought
up
a
bit
about-
I
brought
up
a
bit
about
the
security
concerns
and
it's,
like
you
know,
we're
having
a
conversation
in
the
ecosystem
currently
about.
B
Is
it
really
a
vulnerability
if
it's
like
a
prototype
pollution
in
like
your
dev
dependency,
where
an
attacker
would
have
to
have
like
local
access,
you
can
do
it
yada
yada.
So
I
bring
it
up,
though,
because
one
I
wanted
to
hear
you
know
just
to
take
the
temperature
of
the
group,
but
also
it's
just
an
idea
of,
like
you
know,
I'd
love
to
be
able
to
capture
whatever
we
decide
or
pull
together
as
like
thinking
on
that
into
like
an
article
or
something
at
some
point.
B
You
know
that's
one
of
the
things
I
like
about.
The
group
is
the
potential
to
have
something
that
I
can
then
point
to
clients
and
other
people
and
be
like
hey
so
far,
as
you
know
like
that,
might
the
client
is
you
know
they
work
with
node
but,
like
the
the
developers
are
primarily
php
devs,
so
they
just
are
just
trying
to
make
sure
that
they're
not
doing
anything
wrong.
So.
A
A
D
Right
so
I
think
the
part
of
the
issue
is
that
you
know
newcomers
don't
know
what
to
do
because
they're
presented
with
a
flood
of
information
anyway.
The
thread
covers
kind
of
all
the
ins
and
outs,
but
I
think
john,
your
point.
What
could
be
interesting
is,
you
know,
probably
outside
the
scope
of
this
group,
but
it
would
be
nice
to
kind
of
see
if
there's
a
way
to
you
know
especially
kind
of
these
sort
of
ecosystem
community
impacts.
D
Maybe
like
a
blog
back
or
I
don't
know
just
something
like
got
it,
we
hear
you,
here's
something
that's
happening.
Sometimes
it's
a
little
tough
for
the
average
developer
to
go
through,
like
100
comments
in
an
issue
of
back
and
forth,
to
know
like
what
the
actual
status.
D
The
author
goes
back,
maybe
updates.
The
original
comment
says
like
here's,
where
it
stands
now,
but
you
know
for
better
or
where
certain
issues
get
more
visibility
than
others,
and
sometimes
just
the
communication
around
the
status
of
that,
I
suppose,
is
good
or
maybe
bringing
closure
to
it
whenever
the
rfc
lands
be
like
cool.
Here's
where
we
stand
and
here's
one
step
we've
taken
and
can
help
keep
the
conversation
going
in
a
positive
way.
That's
not
just
you
know,
debts
throw
stuff
out
into
the
ether.
B
B
I
just
dropped
a
link
into
chat.
It's
just
issue
280
on
the
package,
maintenance,
repo-
you
don't
need
to
look
at
it.
It's
just
an
example
of
this
is
the
last
time
that
it's
from
2019
it's
the
last
time
that
we
were
that
I
could
see
a
reference
in
our
in
this
working
group
where
we
were
talking
about
it.
So
the
point
is
point
is:
is
that
I
know
we've
talked
about
it
or
people
have
talked.
D
It's
good
for
the
historical
context
for
sure,
because
you
know
for
people
that
might
only
get
the
present
information
it
might.
You
know
people
working
kind
of
in
the
background
for
years.
You
know
like
in
issues
like
you
know.
You
know
sometimes
can
come
across
as
like
no
one's
listening
or
no
one's
doing
anything
about
it,
but
part
of
it
is
the
nature
of,
of
course,
is
like
well.
These
beatings
happen
every
week
for
every
two
weeks.
You
know
you
know.
D
If
you
were
a
few
hours
you
know
into
participating,
then
you
know
hopefully
you're
encouraged
to
join
but
yeah
it's.
You
know
some
issues
get
a
little
more
volatile
than
others.
So
sometimes
it's
good
to
keep
the
lines
of
communication
more
open
on
those.
Because
then
you
know
people
start
making
up
their
own
interpretations
of
what's
happening.
D
But
progress
is
being
made,
it's
been
coming
up
regularly,
so
I
think
a
lot
of
people
would
love
to
see
some
some
something
and
at
least
in
a
direction.
Yeah.
A
Okay,
well
thanks
for
everybody's
time,
then,
and
we
will
talk
to
everybody
in
a
couple
weeks-
sorry
for
getting
it
a
little
bit
late
started
off,
but
I
think
we
had
a
good
discussion
anyway.