►
From YouTube: Package Maintenance Team meeting - May 13 2019
Description
A
B
D
A
A
C
That
now
we
did
not
discuss
this
just
yet.
Okay,
so
basically
NPM
recently
showed
the
dock
where
they
listed,
the
top
1,000
most
downloaded
packages.
I
took
that
first
I
downloaded
all
the
documents,
as
they're
called
basically
a
summary
of
the
package.
Information
from
NPM
and
I
downloaded
all
the
peoples
of
all
these
factors
where
the
pupils
were
available.
I
think
there
were
two
or
three
that
were
not
and
then
I
scanned
that
data
I
found
almost
900
Travis
yeah.
C
So
that's
that's
90
percent
of
them,
like
it
just
tests
on
Travis
in
some
of
those
I,
probably
didn't,
find
Travis
camel
because
they're
mono
widows
or
they
might
be
tested
of
their
circle
sky
or
whatever
else
they
do
we're
not
testing
at
all,
but
ninety
percent
test
in
Travis.
So
it's
a
good
set
of
data
and
then
I
strive
to
take
all
these
travesty
on
old
files
and
extract
the
node
versions.
Out
of
them
a
lot
of
them
just
used
the
default
versions.
C
C
Basically,
when
a
new
stable
comes
out,
they
will
stop
testing
latest
obvious,
so
I
think
there's
the
the
very
very
first
action
point
there
is
that
there
needs
to
is
an
effort
to
ask
people
testing
all
the
LTS
versions
and
as
well
as
the
stable
right,
which
requires
maintenance.
So
then
there's
the
roll-on
discussion
about
parts
and
whether
the
mods
are
often
or
they
just
don't,
scan
and
open
doors
and
and
and
what
what
what
goes
out
of
this
yeah
I
guess.
That's
that's
the
same.
Yeah.
A
I
think
that's
definitely
interesting
so
like
because
one
of
the
things
we
have
is
we
have
a
PR
which
is
like
testing
guidance
right,
so
I
think
the
very
first
thing
would
be
to
to
add
to
that
something
that
says
you
know
we
recommend
that
you
test
on
the
latest
LTS
a--'s
and
the
latest
current.
If
that's,
what
we
think
makes
sense
right,
yeah,
absolutely
so
so
I
mean
I
think
if
we
did
that
and
then
I
think
you're
right.
A
The
next
thing
is
to
like
publicize
that
saying
you
know
week:
you
did
this
work
to
analyze
the
top
thousand,
here's
what
we
found
and
it's
like
whoa
wait
a
second.
What
this
means
is
blah
blah
blah
and
you
know
I
think
we
can
publish
a
blog,
get
it
sent
under.
No,
you
know
no
medium,
basically
to
say,
and
what
we
really
think
you
should
be
doing
is
this.
A
We
might
want
to
get
some
feedback
along
the
way
from
like
the
TSC
and
anybody
else
we
can
think
in
terms
of
who
would
you
know
possibly
come
up
with
reasons
why
what
we're
recommending
doesn't
make
sense,
but
I
think
that's
definitely
a
good
idea,
because
the
11
I,
certainly
when
I
looked
at
the
list,
it
was
like
well
why
11
and
the
latest
makes
sense,
but
you're
right
like
right
now.
Yes,.
C
F
C
A
A
A
C
Not
just
that,
can
we
need
package
authors
to
start
basically
testing
and
in
there
not
much
just
I
mean
there's
the
default.
Of
course,
if
the.
If,
if
Travis
change
the
default,
then
then,
then
that's
great
a
lot
of
people
have
explicitly
listed
latest
or
stable
in
their
version
lists,
but
not
necessary
listed
the
latest.
Oh
yes,
so
there's
some
some
some
some
data
analysis
to
be
done
there,
but.
C
C
C
A
C
C
A
But
it
would
be
I
mean
I,
think
we
should
reach
out
to
Travis
to
see
if
it's
possible
to
get
one,
which
would
be
the
all
the
act
ability
as
either
either
by
changing.
You
know
that
else
has
to
be
that
or
some
new,
like
all
LTS
or
something
like
that.
I
think
that
would
be
usable
and
so
I've
created
these
three
things
so
reagent
to
Travis
to
get
the
options
to
get
option.
That
includes
option.
A
That
includes
includes
LTS
releases
and
current
update
our
testing
guidance,
to
say
to
recommend
testing
against
that
we
should
write
a
blog
post
like
I.
Think
if
you
wrote
a
blog
post
that
explained
the
data
that
you
captured,
what
we
saw
and
then
you
know
it
could
be
then
a
call
to
action
from
this
group
to
say:
hey
we're
recommending
you
test
all
these.
You
know
this
is
what
Megan
Destin.
A
C
A
B
B
A
B
Thing
I
just
typed
it
onto
the
slack
channel
that
we
mentioned
greenkeeper
greenkeeper.
We
should
put
a
stake
in
the
second
coin.
They
are
one
of
the
sponsors
OJ's
con
tu
that
they
were
so
local
burning
face
me.
Actually
we
should
contact
them
and
ask
them
if
they
want
to
come
to
collaborate
as
commerce.
We
can
talk
to
them.
That's
a
good
idea.
Do
you
want
to
do
that?
I
shall
do
that
yeah
I
just
wanted.
A
Think
that
makes
total
sense
to
me
to
say:
hey,
you
know
there
yeah
I
think
it
makes
sense
like
you
know,
obviously
not
if
they
show
up
with
a
hundred
people,
but
I.
Don't
think
that's
gonna
happen
right,
like
what
are
two
people
would
ask
you
and
I
think
I
just
added
into
the
list
they
her.
One
of
the
things
we
should
investigate
is
whether
a
green
keeper
and
red
or
and
renovate
could
generate
the
arse
to
the
test,
add
to
testing
and
so
yeah
they
showed
up.
A
A
B
E
A
Eva
Howe,
it
said
all
had
your
sessions.
Bed
sheets
and
agenda
suggested
something
like
an
hour
as
long
as
that's
what
everybody
else
was
using
cuz
yeah,
I
I
definitely
submitted,
went
to
the
tool
I
submitted
at
the
end,
just
like
it's
not
there
and
somebody
else,
I'm
pretty
sure
I'd
mentioned
that
too.
So
that's
why
I
opened
the
issue
because
I
don't
think
the
agenda.
I
haven't
seen
an
agenda
yet
first
we
can
confirm
against,
but
we
should
be
on
a.
A
Okay,
so
while
you
were
in
the
tunnel
I
just
if
we
flip
back
to
the
I
added
a
couple
more
things
to
our
to
dues
so
like
investigate,
if
greenkeeper
and
renovate
could
generate
TRS
to
add
testing
against
recommended
versions
and
Glenn
mentioned
that
they
are
actually
local
in
Berlin,
so
he's
gonna
reach
out
and
see.
If
maybe
we
can
get
them
to
come
to
the
summit,
talk
to
the
men
and
then.
B
A
A
A
C
Suppose
if
we
start
with
a
blog
post
and
that'sthat's
pretty
high
visibility,
I
think
we
can
track
how
many
updates
and
how
much
done,
because
I
think
that
it
was
a.
It
was
news
to
me
as
well,
but
you
know
this,
it
wasn't
news
per
se,
but
it
was
surprising
that
so
many
people
do
that,
and
it
might
be
a
misconception
that
on
where
how
what
how
try
to
set
up
words
so
much
it'll
be
a
matter
of
publicizing
that
regarding
the
blog,
who
can't
do
that
and
how
do
we
attack
this
so.
A
I
think,
if
you
just
write
up
a
blog,
we
can
then
send
an
email
to
the
communication
staff
at
the
like.
But
what
I
suggest
is
open
an
issue.
If
you
want
to
take
the
first
crack
at
the
blog
that
says:
here's
what
it
is
we
can
give
you
some
comments
or
tweaks.
Then
we
can
just
send
an
email
to
the
foundation's
public,
eight
or
promotion
staff
to
say,
hey,
here's,
a
blog,
we'd
like
to
go
out
and
I'm
I
think
I'll.
Take
it
from
there
and.
C
H
J
H
K
A
K
A
A
F
J
D
D
K
A
Okay
and
then
I
think
I
think
it
makes
sense
to
get
those
done,
and
then
we
can
look
at
an
opt-in
process
and,
like
Dominic's,
was
saying,
if
we
see
like
after
having
blogged
that
people
start
moving
over
or
maybe
we
need
to
do
something
or
nods.
If
we
find
out
that
you
know,
greenkeeper
can
help,
we
might
not
need
to.
You
know
just
engage
volunteers,
otherwise
we
can
do
that
so
we'll
leave
that
one
in
the
backlog,
if
that
makes
sense
to
people.
A
D
A
G
B
So
you
click
linen
a
kisser
I
read
this,
and
this
was
I
made
some
comments
on
this
today.
So
I
think
I
also
had
quite
a
lot
to
say
on
this
subject
and
I.
Don't
think
it
was
all
reflected
so
I
I
went
to
someone's
yeah
I
went
kind
of
summarize
because
I
I,
don't
think
we've
reached
sort
of
consensus
on
this
planet
or
two
schools
of
thought.
B
One
is
I,
want
everything
and
if
there's
not
a
lot
of
middle
ground
and
then
is
the
other
side
like
the
package
focus,
IDs
I,
don't
want
everything
and
there
isn't
much
middle
ground.
Then
I
see
both
sides.
I've
added.
You
know
as
valid
reasons
for
both
sides,
but
I
I
think
we
do
quickly
need
Chris,
RJ
Harvey.
He
basically
said
you
know
you
made
some
valid
points
about
what,
if
there
is
what,
if
there's
no
github
repo,
that
would
never
happen
when
we
didn't
maintain
things.
Should
the
test
be
in
there?
B
How
much
should
be
in?
He
basically
wants
the
source
and
the
distance
and
to
sort
of
then
there's
the
package
phobia
side
of
thing
and
I
looked
at
the
comments
from
was
it
stifle
West
he?
Basically
they
don't
think
that
is
the
way
and
I
think
we
actually
probably
need
like
a
two-minute
quick
discussion
on
that
right.
C
G
G
Think
in
one
for
me,
when
I
see
a
package
that
I
don't
see
a
kid
hub,
do
I
out
that
I
can
go
back
to
ki,
hubba
I
actually
become
automatically
suspect
of
the
package.
I
would
actually
look
into
the
package
really
relook
into
it
to
make
sure
that
to
see
what's
going
on
and
for
me
I
any
package
that
does
not
have
a
github,
URL
or
a
github
that
does
not
exist.
I
would
go
above
and
beyond
to
make
sure
that
I
don't
use
that
package.
K
So,
even
though
I
have
a
very
strong
opinion
as
to
what
files
should
and
shouldn't
be
published,
as
I've
expressed
on
the
issue,
I
do
think
that
regardless
I
feel
like
as
a
group
who
hopefully
represents
many
constituencies
across
the
ecosystem,
we
do
actually
have
a
responsibility
to
make
recommendations,
but
they
don't
have
to
be
a
single
recommendation
and
we
can
make
like.
We
can
recommend
multiple
paths
that
are
in
conflict
with
each
other
but
say
sort
of
like.
K
If
here
are
the
options,
if
you
go
down
this
path,
try
and
follow
this
set
of
guidelines.
If
you
go
down
this
path,
here
is
a
different
set
of
guidelines
so
for
the
people
who
want
to
publish
the
smallest
package
possible
I
think
that
there
are
guidelines
we
can
give
them
that
kind
of
give
them
the
least
bad
way
to
do
that
in
the
from
the
perspective
of
detractors,
like
myself
or
the
best
way
to
do
that
from
the
present
perspective
of
supporters
and
vice
versa.
K
If
your
pot,
if
you
want
to
publish
code,
you
know
as
much
as
possible
with
your
package,
then
it
can
be
the
least
bad
way
to
do
it
from
the
people
who
are
concerned
about
package
size
and
the
best
way
to
do
it
from
the
people
who
are
concerned
about
offsite
access
and
all
right.
So
I
think
that
the
that
there
is
still
because
there's
infinite
possible
ways
to
do
things.
It's
still
useful
to
create
a
few
different
like
paved
roads,
even
if
they
leave
to
different
places.
I
know.
I
K
So,
with
with
tank
of
what
their
plan
is
is
is
essentially,
you
will
be
able
to
publish
terabytes
of
packages
if
you
want,
but
tank
will
only
download,
on-demand
the
files
that
you
use
so
and
then
there
will
be
an
option
you
can
use
to
say
yes,
I
really
do
want
you
to
like
spew,
all
of
it
onto
my
hard
drive,
which
I
would
I
would
use,
but
not
everyone
would
and
and
I
think
that
that's
a
great
balance
and
I
think
the
package
meant.
You
know
the
CLI
is
the
the
tool
to
solve
that.
K
Not
individual
authors
or
our
group,
so
I
like
it
once
that
that
type
of
optimization
comes
into
play,
I
feel
like
nobody
will
care
about
package
size
anymore,
because
no
one
will
ever
accept
the
people
who
don't
care.
No
one
will
ever
actually
interact
with
that.
The
full
contents
of
the
package
ever
again
anything
dynamically
download
it
when
you
run
I
believe
they.
The
current
intention
is
to
try
to
guess
in
advance
using
static
analysis
and
then
they
dynamically
download,
as
you
run
the
first
time
yeah.
K
K
A
I
long,
your
lines
of
different
recommendations-
you
know
one
thing
I
could
see
is:
is
there
a
way
that
you
know
if
you're
gonna
include
tests
and
all
these
extra
files?
If
everybody
did
that
in
a
consistent
way,
then
people
who
didn't
want
those
files
could
more
easily
remove
them
like
we
could
write
a
tool
that
says:
okay,
walk
all
the
node
modules
and
delete
everything
called
tests.
Absolutely.
K
F
K
This
is
non
production
files.
Some
way
to
do
that
and
then
you
could
essentially
NPM
would
would
make
to
tarballs
on
as
part
of
NPM
pack
and
then
p.m.
publish
and
when
you
install
you
could
choose
which
ones
to
install
and
that
you
know
it
would
kind
of
work
in
the
same
way,
it's
more
elicit
then
the
tank
approach,
let
me
know
which
witches
has
ups
and
down
side.
You
know
pros
and
cons,
but
like
I,
think
that
that
would
yeah
go
ahead.
Are.
F
K
Existing
proposals,
or
no
no
there's
I,
mean
people
have
thrown
out
ideas,
but
until
unless
NPM
is
willing
to
you
know,
potentially
double
the
tarball
storage
size
for
the
entire
registry,
like
they,
you
know,
as
well
as
as
defining
this
new
standard
and
then
evangelizing
its
use
and
so
on.
Like
teams
were
really
the
one
who
would
have
to
do
that?
My.
A
F
F
K
Really
think
that
it
does
isn't
it's
not
actually
gonna
help
much
unless
both
NPM,
publish
and
NPM
install
for
whatever
tool
is
the
most
popular
in
whatever
registry
is
the
most
popular
which
at
the
moment,
continues
to
be
regular
NPM
and
unless
those
things
are
fully
participating
in
that
that
convention.
So
if
we
want
to
design
something
and
then
pitch
it,
gen
p.m.
that'd
be
great,
but
also
due
to
personnel
issues
that
this
may
not
be
the
best
time
to
ask
them
to
do
extra
work
right.
But.
A
K
K
A
K
I
mean
we
can
do
that
I
think
the
challenge
is,
if
there's
so
many
disparate
conventions
in
the
ecosystem,
then
even
documenting.
That
is
a
massive
amount
of
work
and
even-
and
it
has
to
be
documented
in
order
to
come
up
with
either
comp
but
like
deciding
on
the
common
waste
to
do
it
or
coming
up
with
a
configurable
configurable
way
to
represent
all
of
those
patterns.
We
have
to
know
what
they
are
in
order
to
design
a
schema
that
can
handle
them,
so
we
can
do
it
at
Syme.
So
it's
just
you
know
meat.
K
K
K
K
And
I
will
probably
eventually
want
to
have
things
like.
Does
your
package
have
a
build
process?
If
not,
here
is
the
general
way.
You
know
some
guidelines
to
follow.
If
so,
here's
some
modified
guidelines
to
follow
it.
You
know
more
of
a
like
flow
chart.
Wizard
approach
as
opposed
to
a
this,
is
the
one
true
way
approach,
even
though
everyone
will
have
their
own
idea,
which
one
which
of
those
paths
are
the
one
true
way
like
right.
F
K
A
K
G
G
These
are
the
the
tools
or
the
things
ways
you
can
specify
it
in
your
package
after
you
should
publish
your
package
without
some
of
these
extraneous
files
and
and
the
documentation
document
kind
of
basically
pretty
much
laid
out,
and
on
the
topic
of,
should
we
publish
all
this
sauce
extra
tart
and
test
I.
Think
for
me
personally,
when
I
am
looking
at
package
and
when
I
need
to
investigate
something
when
I
need
a
verified.
G
This
package,
I'm
on
there
I'm
I,
would
like
to
have
both
I
would
like
to
be
able
to
have
a
single
source
where
I
go.
I
I
get
there
and
her
package
with
all
everything
that
original
actual
document
test
and
everything.
But,
on
the
other
hand,
when
I'm
running
my
app
in
the
production,
I
would
like
to
have
the
minimum
required
Co.
G
Only
so
I
mean
to
Jordan's
point,
I
I
mean
I
would
really
like
to
be
able
to
easily
get
to
everything
when
I
need
them,
but
I
also
would
like
to
be
able
to
run
everything
with
the
minimum
required
files
and
with
tank
and
or
everything,
that's
under
discussion.
You
know
to
proposal
to
NPM
to
be
able
published
like
multiple
with
turbos
and
this
thing
or
both
thing
and
those
proposed
are
things
they
are
fairly
far
out.
So
maybe
we
should
just
separate
these
hours
as
different
topic
on
like
how.
K
Agree
with
you,
I
think
we
just
it's
gonna,
be
tricky
to
word
it
such
that
it
doesn't
upset
folks
on
either
end
of
the
spectrum,
because
any
like,
like
talking
about
files
versus
an
NPM,
ignore,
like
the
I
think
we
can
certainly
have
that
discussion.
Distinct
from
the
more
philosophical
discussion
of
how
much
stuff
do
you
publish,
but
the
downsides
and
upsides
of
files
versus
NPM
ignore
very
based
on
what
which
can't
be
written
so
yeah.
G
I
try
to
make
that
as
neutral
as
possible
when
I
kind
of
list
as
a
kind
of
enumerate,
though
those
two
methods
in
the
dark
like
absolutely
no.
No
factually
so
you
know
if
you,
if
you
go
with
files,
these
are
the
things
you
should
watch
out
for,
if
you
go
with
empty
I,
make
note
these
are
things
should
be?
You
should
be
aware
of.
I
K
A
If
you
want
to
publish
everything
and
what
you
should
be
doing
today,
if
you
want
to
publish
the
minimal
thing
because
seems
like
that,
would
capture
the
state-of-the-art
and
then
you
could
go
from
there
to
say
well
like
if
you're
publishing,
everything
and
you
use
this
structure
or
something,
then
we
you
can
pull
down
a
subset
or
whatever
first
thing.
What's
what's
the
top
level
description
of
the
thing,
we
would
then
I
think
what.
K
What
you're
asking
for
is
something
we
can
do,
but
I
don't
think
we
should
get
into
the
structure
because,
like
then
we're
gonna
get
into
like,
should
tests
be
co-located
or
not,
which
is
a
whole
different
debate
like
if
you
know
how
to
use
best.
How
do
you
define
then
of
those
structures?
Things
like
that?
K
You
know,
I,
think
that
we
definitely
can
start
by
saying
you
know
either
you
are
interested
in
minimizing
the
size
of
your
published
package
or
you
are
interested
in
maximizing
the
availability
of
you
know
your
package
code
and
making
sure
that
these
commands.
You
know
whatever
that
we
can
state
the
two
positions
and
then
say,
given
these
two
approaches,
here's
the
pros
and
cons
of
files
for
this
NPM
ignore
and
here's
the
one
we
recommend
so.
I
I
We
can
generate
a
percentage
of
and
say
you
know,
I,
don't
know
saying
that
we
need
to
do
this,
but
if
you
know,
if
you
scan
the
code
with
whatever
tool-
and
you
can
tell
that
there
aren't
any
requires,
you
know,
there's
not
like
a
dynamic
import
kind
of
in
the
pre
bundle.
You
know
repo
or
whatever
at
that
stage,
when
they're
deploying.
Maybe
at
that
stage
we
could
have
a
tool
where
we
provide
it
to
developers
here
creating
modules
to
say
it
looks
like
you're,
not
dynamically
importing.
I
I
I
K
K
A
K
F
K
These
files
are
question
marks.
You
know
what
you
know,
what
are
they
and
we
could
help
someone
build
up
those,
those
arrays
and
there's.
You
know,
there's
all
sorts
of
tools
we
could
do
there.
We
could
build
a
pre
published
script.
That
says:
hey
here's,
a
new
file,
you
know,
did
you
really
mean
for
this
to
be
in
production?
Or
did
you
really
mean
for
this?
Not
to
me.
F
K
A
I
know
I
think
documenting
yeah,
so
something
if
we
documented
what
would
go
in
the
package
ice
and
then
you
could
actually
play
with
tools
that
would
strip
all
that
stuff.
You
know,
even
if
you
didn't
save
the
download,
you
know
the
Joel
was
saying
before
when
he's
developing
he'd,
like
everything
production.
If
you
had
a
tool
that
you
could
just
say,
run
this
tool,
it
scripts
all
the
stuff
out
that
you
did,
we
don't
need.
You
know
that
wouldn't
require
a
TM
and
some
tools,
experiment
with
that
and
append
it.
A
G
So
I
was
thinking
that
we
can
start
with
maybe
come
up
with
a
way
for
package
to
specify
these
files
we
collapse,
and
then
you
know
it
would
be.
Nice
MVM
can
allow
publishing
as
different
tasks,
but
then,
even
if
we
don't
have
that,
we
can
like
create
a
tool
that
goes
through
this
and
just
kind
of
clean
up
the
no
modules
after
npm
install
and
even
so
for
me,
even
right
now,
as
I
actually
like,
have
has
very
small,
quick
hack
shell
script.
G
I
myself
that's
a
conical
internal
modules
and
just
delete
or
the
MB
dot
files
and
delete
any
directory,
that's
name
test
and
any
files
that
liked
a
spec
that
serious
or
any
stars
underscore
test
underscore
for
just
so
that,
like
I
quit
something
I
do
quickly
myself,
but
you
know
it
with
happen,
but
without
any
kind
of
guarantee
validation
it.
You
know
you
I
risk
having
AB
that
breaks,
because
I
accidentally
move
somehow
that
is
critical.
A
A
I
A
A
The
list
yeah
no
certainly
check
off,
whatever
you
think
is
already.
Can
you
check
it
off?
Yeah,
yeah,
okay,
yeah!
No
go
ahead
check
off
whatever
you
think
is
already
completed
and
and
I
know
that
we've
got
approval
to
move
that
tool
over
I.
Just
haven't
had
a
chance
to
do
that.
So
we'll
try
and
try
and
get
that
done
in
the
next
couple
weeks
and
I'll.