►
From YouTube: Module Ecosystem and Package Maintenance
Description
OpenJS Foundation Collaborator Summit, Berlin, 2019
More details: https://github.com/nodejs/summit/issues/148
A
Those
key
parts
we're
going
to
have
a
prop,
so
this
is
why
we've
come
into
existence,
we're
just
starting
off
layer
writing
trying
to
write
set
of
rules
about
best
practices.
How
do
we
in
a
good
way
offer
our
help
to
a
package
developer
that
are
made?
One
helper
may
not
even
want
to
give
up
ownership.
It
may
want
to
keep
ownership,
maybe
a
little
to
stress
to
what's
going
on
so
in
the
open
source
world.
Let's
go
to
our
repo,
we're
we're
documenting
what
we're
doing
here,
we're
a
reasonably
large
team.
A
B
So
these
are
some
of
our
goals.
We
obviously
want
to
connect
and
get
a
feedback
from
some
of
the
package
maintainers
out
there
once
we
figure
out
kind
of
like
what
we're
doing
we're
going
to
discuss
what
that
work
looks
like
build.
Maybe
some
tools
to
the
community
has
some
ideas
and
then
we're
going
to
need
to
evangelize
what
we're
doing
to
everybody.
B
So
people
that
might
be
interested
in
this
work,
obviously
us
hi
some,
you
know
the
node
collaborators
package,
maintainers
and
project
collaborators,
we're
some
ideas
of
who
we
thought
might
be
super
interested
in
this,
and
this
is
like
a
basic
agenda
of
some
topics
that
we
can
talk
about.
Of
course,
we
can
delve
into
whatever
people
find
might
be
useful
as
well.
C
B
D
F
A
E
How
many
people
think
that,
looking
at
a
support,
that's
provided
information
about
this
rating,
something
you
would
use
a
similar
way?
Okay,
so
that's
good
feedback
like
we
were
thinking
that
you
might
avoid
any
more
information
and
some
of
the
tools
to
help
ala
dated
eleven
users
make
additional
choices.
I
guess.
E
So
still
uses
the
SPX
spinner
for
this
with
the
intention
be
a
standard
format
for
the
identifier,
so
they
introduce
their
own
as
part
of
what
we've
documented.
We've
talked
you
into
the
initial
set.
You
know,
here's
the
initial,
you
know
three-letter
acronyms
what
they
mean
and
the
idea
would
be
pronounced.
E
D
E
C
So
this
is
very
similar
to
something
I've
been
personally
thinking
about
for
a
while,
which
is
that
late
software
licenses
offer.
This
really
amazing
signal
that
you
can
just
see
MIT
or
a
patchy,
and
it
tells
you
a
lot
of
what
you
need
to
know
about
like
the
legality
of
it,
but
not
a
lot
of
them.
It
is
not
a
lot
about
the
support
contract
and
when
we
think
of
an
open-source
today,
there's
the
OSI
defin
the
source
and
that's
just
about
the
license.
C
One
would
be
that
it
doesn't
have
from
immediately
looking
at
a
repo
unless
github
built
on
top
of
this
metadata,
the
same
signal
that
a
license
and
one
of
the
things
that
I
I've
been
using
the
term
social
source
as
an
idea
of
like
what
this
could
be
like
in
the
same
way
that
we
have
a
license.
Could
there
be
a
file
or
three
letters
that
you
put
in
like
how?
E
C
Is
like
these
series
of
acronyms
that
kind
of
tell
you
everything
you
need
to
know
the
other
small
concern
that
I
would
have
with
the
package
JSON-
and
this
is
like
you've-
probably
should
just
ignore
me,
but
is
we
parse
the
package
JSON
endo
every
single
time?
You
require
our
module,
at
least
in
the
scope
of
a
module
as
part
of
our
resolution,
opera
and
so
I'm,
not
hugely
in
favor
of
throwing
and
lots
more
metadata
into
every
single
package,
JSON
alter
of
the
tree
now.
C
A
E
I
Issues
of
the
previous
is
what
I
think
is
what
happens
when
people
start
to.
You
know
realize
that
they
don't
feel
like
they
want
maintained
at
magnet
anymore,
because
at
that
point,
if
this
data
is
in
the
package.json,
he
would
effectively
require
them
to
push
felt
a
new
release
with
a
new
version
in
order
to
push
out
a
pack
of
JSON
data,
and
this
may
eat
too
much
of
an
ask
for
someone
who's
effectively.
Giving
up
on
maintaining
about.
E
Well,
it
will
adopt
to
the
point
where
you
do
this
one
PR
to
change
that
if
you're
a
no,
if
you're
a
mental
owner-
and
you
just
don't
want
to
have
anybody
bug
you
anymore,
I'm,
hoping
eventually
it's
worthwhile
for
you
to
do
that-
one
little
thing,
because
it
may
cut
down
on
like
whether
you
get
issues
where
the
people
are
complaining
banging
on
your
door.
You
can
say
no
look.
I
said
it's
unsupported,
you
know
it's
it.
E
Part
of
it
is
like
if
there's
a
mismatch
of
expectations
or
the
users
think
this
is
a
highly
well
maintained
module.
On
the
other
hand,
somebody
the
owner,
thinks
this
is
just
a
hobby
that
I
do
on
the
side.
You
have
no
support
communicating
that
if
you
close
the
gap,
then
both
people
should
be
a
little
bit
happier,
because
you
can
point
to
this
and
say
well
look.
E
E
J
G
It's
not
an
argument
if
you're
placing
the
support
with
a
URL
to
the
place
where
the
supports
to
find
I
kind
of
yeah
it's
when
this
important
can
change
when
the
code
doesn't
change.
In
fact,
that's
really.
It's
particularly
likely
when
you
you
published.
It
is
not
so
much
it's
too
much
work,
but
the
reality
is
that,
like
all
of
the
versions
lost
support
at
the
same
time,
not
just
the
latest
version.
E
K
Isn't
maybe
sort
of
Jason
like
might
yes
yeah,
but
you
know
III
I,
think
that
saying
we
should
put
things
in
package
Jason
like
I.
Am
the
person
a
person?
Thank
you,
probably
associative.
Whatever
I
would
say
it's
become
standard
to
do
that
right!
That's
what
never!
What
doesn't
reduce
stuff
and
I
think
it's
it's
ignoring
this,
the
state
of
the
world.
Did
you
ask
to
not
do
that?
Like
that's?
K
How
thing
are
expected
and
I
think
like
if
you
wanted
to
do
that,
we'd
have
to
go
and
like
define
package
Jason
as
a
spec
and
saying
anything
else
in
this.
Is
invalid
it'll
throw
which
we're
not
going
to
do,
and
so
I
do
think
it's
a
little
bit
of
like
it's
a
little
bit
going
around
the
rest
of
the
world.
We
don't
do
this
system
and
I
think
that
you
know
this
is
something
that
people
can
very
easily
build
in
their
purchase.
K
I
Non-Traditional,
though,
is
not
really
the
only
place
that
has
kind
of
specific
metadata,
the
NPM
repository
or
any
dozens
of
deprecation
notices,
butchery
and
I
think
he's
got
a
couple.
Deter
the
distance
now
I
get
salad
like
we're
installing
that's
one
of
the
packages,
specific
version
independent
metadata.
That
might
not
be
an
inappropriate
thanks
for
this
sort
of
exhibition
as
well,
but
that
might
require
sort
of
defining.
What
does
an
Indian
package
repository?
Look
like.
C
One
more
time
it's
challenge
might
be
slippery.
So
again,
any
don't
mean
to
stop
relying
heavily
on
package.json
makes
it
an
extremely
JavaScript
specific
solution.
I
think
that
this
movement
that
we're
talking
about
here
is
as
important
as
open-source
is
as
important
as
licenses,
and
we
really
should
be
talking
about
solutions
that
are
language
agnostic
and
yes,
in
the
same
way
that
there's
a
license
field
that
can
refer
to
a
thing
like
CC,
BY,
I
know
whatever
the
artifact
that
that
codifies
this
at
length.
C
L
J
C
That
is
not
the
scope
of
what
your
team
is
trying
to
accomplish.
That
I.
Do
think
that
this
is
very
important.
It's
something
that's
missing
from
the
programming
ecosystem.
It
is
burning
out
tons
of
developers
in
every
single
community,
I
think
it's
something
that
we
could
as
a
foundation
of
Hertz
the
OSI
about
and
be
like.
Hey,
let's
work
on
this
together,
so
I
would
challenge
you
to
perhaps
think
at
a
bigger
scale
of
influence
and
effect,
and
that
the
package.json
may
actually
be
limiting
our
ability
to
to
scale
this
up.
C
I
E
C
Very
possible
that
the
package.json
is
the
incorrect
and
metadata
in
there
and
the
license
pilot
and
the
repo
is
a
different
license
and
I
firmly,
not
a
lawyer
panel
I'm,
pretty
sure
that
the
physical
license
and
the
folder
would
likely
Trump
that
so
I'm
just
I,
don't
know
that
it's
the
source
of
truth
but
yeah.
It
is
what
we
write
a
lot
of
tools,
relying
on
that
being
a
reliable
source.
H
J
I
F
K
K
A
I
E
I,
don't
think
it
necessarily
relates
directly
to
whether
you're
emeritus
or
something
else
it's
it's
more
about
like
if
you
could
be
an
emeritus
project,
but
still
have
active
support
right
like
it's.
It's
not
about
we're.
Adding
features
grinding
this
it's
more
like
if
you,
if
you
report
an
issue.
What
kind
of
response
can
you
looks
about
you
know?
E
Is
there
isn't
going
to
be
like
never
or
on
our
best
effort
or
no
well,
we
we
usually
try
respond
within
seven
days
or
and
and
the
the
target
actually
is
around
what
versions
of
know
you're
supporting.
So
that's
actually
a
little
bit
note
specifics
over
a
little
back
and
say
we
should
absolutely
try
and
generalize,
and
you
know
we
don't
want
to
limit
ourselves.
Arrow
I
think
we
should
put
something
in
place.
We
think
will
work
there
and
then
no
single.
This
is
actually
broader.
Issues
would
like
to
working
example.
E
It's
good
the
targeted
one
is
about
late.
These
are
the
LTS
releases.
We
support
we
target
supporting
all
LTS
releases
or
just
the
latest
LTS
release,
or
almost
no
releases
right
and
that's
still,
an
emeritus
project
could
choose
any
one
of
those
options
right.
It's
about
as
a
consumer,
Blayne
might
I
have
to
change
or
update,
because
the
very
next
release
current
comes
out.
That's
all
these
supports
are
gonna.
Do
that.
E
Engine
I
think
says
specific
versions
of
know
right,
so
maybe
there's
some
overlap
there
enough
code.
This
was
more
like
you
know.
You
could
say
health
and
one
week
that
we
can
look
at
the
things
we
defined
but
like
LTS
was
like
we're
targeting
supporting
all
lines
of
LTS
release,
but
no
one
particular
version
but
like
today
is
a
smart
712.
E
It
means
ten
and
twelve
point,
so
the
timing
may
be
the
thing
that
have
accents
them
and
then
the
backing
one
is
like
for
America's
going
again
I
think
we
still
have
allegation,
which
sort
of
says
like
what
kind
of
backing
is
there
behind
this?
Is
it
like
one
person
in
there,
basically
who
just
doesn't
find,
which
is
the
hockey
one
or
is
there
like
a
business
or
organization
that?
Well
it's
not
like
you
can
choose
one
module
versus
the
other
based
on
that,
but
it's
more
information
like
like.
H
They
just
wanted
to
add
because
what
miles
was
outlining
is
actually
you
know,
I
think
the
picture,
what
hydrants
is
doing
so
when
you
go
in
and
claim
a
package
type
lift
you
can
indicate
in
there
which
releases
are
obsolete,
LTS
maintained
one
lap
and
the
whole
model
is
a
corporate
side.
You
know
me
would
ingest
type
of
stays
that
flows
back
into
the
painting.
The
package
managers
package
containers
and
we
get
the
data
of
what
supported
reports.
All
of
that
right.
So
there
I
believe
they're.
D
K
E
There's
a
reason
for
them
to
be
lowercase,
yeah
I
think
it
sort
of
came
from
in
a
lot
of
cases
if
we
have
short
forms
or
acronyms
those
tend
to
be
capitalized
yeah,
but
it's
nothing
more
than
that.
Coming
I'm,
just
curious,
the
back
as
it
like
stood
out
to
me
for
my
attend
my
experience
right
I,
don't
know
what
do
they
do
for
licenses.
K
D
D
F
F
F
L
L
D
D
First,
we
have
identified
some
violence
packages
that
help
us
to
happen.
Let's
say
so:
we
can
try
the
tools
that
we
or
also
roll
and
process
and
then
bring
all
these
knows
how
to
the
Internet
community
in
order
to
and
like
without
training
biased,
let's
say,
but
for
sure
we
have
to
the
first
step.
We
need
to
go
with
little
steps.
Let's
say
they
want.
Packages
is
the
first,
they
find
the
list
of
all
the
packages
and
we
don't
know
how
many,
for
example,
but
without
prioritize
our
friends,
because
we
want
to
be
agnostic.
E
So
there's
two
parts:
one:
we
want
to
figure
out
how
to
let
people
and
companies
care
help
maintainer.
So
if
there's
businesses
who
really
depend
on
a
whole
bunch
of
modules,
it's
a
risk
to
their
business
if
those
modules
are
having
problems,
keeping
up
the
date
being
maintained,
and
so
ideally
you
know
some
of
the
things
we've
talked
about.
It's
like
tools
which
not
us
look.
E
You
know
we
got
quite
a
number
of
people
who
sort
of
join
the
team
saying
how
could
I
help
and
we're
trying
to
build
like
a
smaller
backlog
list.
That
says,
if
you're
interested
in
helping
here
are
some
things
that
package
maintainers.
You
know,
and
that's
where
the
previous
one
stuck,
we
can't
do
that
for
all
model
but
critical
models.
Here's
some
places
where
you
can
get
involved
and
help
as
useful,
because
a
lot
of
time
I,
don't
know
how
to
start
right.
E
H
H
E
L
E
Exactly
like
they're,
they
think
that
is
important
for
the
ecosystem.
The
success
note,
they're,
interested
and
and
we
can
help
build
a
concrete
list,
but
then
other
people
as
opposed
to
late.
If
you
just
say,
hey
everybody
come
and
join
my
project,
it's
it
may
become
the
dots
hatchet
harder
and
we're
hoping
by
having
someone
organized
group
kind
of
think.
You
read
the
way,
those
things
work
we
can
make
out
actually
that
under
the
pact,
it's
a
hard
problem,
but
that's
kind
of
the
goal.
I.
J
E
They're,
so
into
the
criteria
there,
whether
it's
by
a
company
you
know
I,
would
stress
that
really
needs
to
be
tightening.
Watch
Jesus
is
being
a
vectors.
The
company
gets
a
model
out
there.
They
just
like
they
don't
want
support
it
anymore.
They
basically
rely
on
our
community.
That's
the
over
free
support
for
something
too
big,
but
other
they're
still
looking
abandoned
front.
So.
H
E
Don't
expect
them
to
be
the
ecosystem,
this
you
know,
I,
keep
it
going.
The
other
other
thing
that
we
need
to
watch
here
is
when
didn't
open
source
market
become
a
company
supported
model
right.
So
when
an
interview
of
an
individual
is
working
on
something
and
they
get
hired
by
a
company
right
and
I
company
thing,
it
is.
E
A
A
Lot
of
the
work
we're
doing
here
now,
perhaps
most
exciting,
a
special
work
of
writing
code,
but
a
mystery
divider
framework.
All
of
these
equals
operator
V.
Then
we
won't
have
to
do
this.
We
know
eventually
we're
going
to
be
right.
The
ecosystem,
it's
getting
very
large
and
we're
seeing
some
people
getting
region
points
in
their
life
as
I
said
we're
actually
can't
do
things.
They
thought
they
could
do
when
they
but
it'll
be
younger.
They
have
some
different
objectives
and
these
are
now
critical
for
not
just
for
individuals.
M
So
one
of
the
first
candidate
is
a
package
that
I'm
arrogant,
manga,
which
is
mqt,
say
yes,
this
is
long
long
ago,
I.
Never
this
between
two
thousand
twelve
thousand
thirteen
did
a
lot
of
nice
talk.
Conference
talks
about
it
and
son
did
a
lot
of
nice
and
gentle
things
Dima.
Then
my
job
I
changed
it.
What
they
was
doing
and
I'm
not
using
as
part
of
my
job
at
all
and
right
now,
I,
just
who
we
just
pushed
a
major
major
version.
Oh
so
things
are
not
super
bad.
M
The
problem
main
problem
is
that
there's
a
hundred
and
thirty
hundred
forty
issues
of
people
asking
for
anything
and
there's
no
absolute
zero
time
to
even
like
start
to
tackle
it.
There
are
several
issues
in
the
repo
itself
that,
for
example,
we
are
tied
to
an
old
version
of
mocha.
Well,
we're
not
tied,
but
we
run
mocha
with
some
legacy
flags
and
essentially
because
the
tests
are
super
flaky.
So
essentially
it's
impossible
to
say
that
something
was
passing
or
not.
So
this
makes
doing
anywhere
very
very
hard.
M
J
G
M
Problem,
well,
you
know
I
need
to
check
that
for
identi
SDK.
This
is
my
shiny
moment
we
chopped
as
well.
This
is
recommended
way
we
shot
in
China
and
there
is
issuing
positive
Chinese.
So
that's
what
you
know:
okay,
like
after
he's,
been
using
a
lot
of
fun
places,
but
Laura
is
part
of
the
dependencies
of
no
drag,
which
is
an
opposition
and
yeah.
That
is
the
situation.
M
M
Yes,
a
man
accosted
an
analysis,
a
text,
analysis
of
all
the
issues
that
have
been
opened,
so
somebody
this
is
amazing
tool
that
even
a
bunch
of
issues
which
tells
you
what
are
the
key
topics
and
one
of
the
key
topic
is
connection
management
and
I
know
perfectly
why
people
get
freaked
out
about
connection
management.
Okay-
and
you
know
there
are
parts
there-
they're
not
works,
but
you
know
fundamental
issues
in
the
level
that
you
know
support
offline
mode.
M
So
if
you
want
for
flag
mode,
then
you
support
recommend,
but
then,
if
you
can
connect,
how
do
you
distinguish
the
fact
that
you
can
per
match
versus
the
vs.
our
services?
Nothing?
Okay,
so
that
is
kind
of
a
fundamental
issue
in
the
library
yeah
I
just
want
to
say
all
of
this
of
all
the
problems.
Okay-
and
this
is
very
typical.
Unfortunately,
Express
is
the
major
thing
that
this
press
team
is
doing.
He
is
doing
super
requests.
They
are
always
asking
for
people
to
attend
with
support
requests.
M
The
vision
is
this
is
what
these
two
modules
have
in
common.
They
are
used
by
people
new
to
that.
So
essentially,
they
came
by
a
lot
of
people
came
by
all
this
judgment
know
anything
about
deserve.
16
I
am
in
case
of
MVT.
Tm
is
trying
to
get
something
up
and
running
with
a
up
I
or
server
already
that
I
know
nothing
about
all
these
technologies,
and
then
this
is
what,
if
these
on
message
thing
that
they
need
to
use
and.
M
E
E
E
Well,
maybe
we
can
come
up
with
a
tool
that
helps
you
do
that
more
easily
or
tools
that
you
know
also
in
terms
of
tooling,
like
you
know,
there's
a
bit
of
work
to
validate
the
sport
on,
but
we
want
tools
to
help
me
generate
those
kinds
of
things
totally.
It's
just
to
say
we
have
lots
of
other
ideas
and
plus
other
things
we'll
be
looking
at
in
the
future
as
well.
I.
A
E
E
And
I'll
throw
in
one
more
thing
before
I
ask
questions:
did
you
know
I?
Think
we've
got
a
lot
of
really
good
feedback
on
the
support
idea
will
incorporate
that
in
our
next
step
was
to
start
like
socializing,
that
more
broadly,
so
you
can
keep
your
eye
on
the
repo
and
jump
in
to
make
sure
we
understood
what
your
feedback
was
and
procreated
it,
but
as
soon
sort
of
one
of
our
main
next
steps
to
find
there
and
figure
out
how
we
make
it
or
make
no
reality.
So
I
think
the
model
I
questioned
years.