I have a npm module I published in 2016, which to my knowledge has not worked since about 2018 (due to my failure to correctly use package-lock.json— in my defense, introduced in 2017). At some point in the last few years npm started getting very worried about supply chain attacks, so they started trying to get everyone to enable 2FA on their npm account, so frequently they send me emails asking for my phone number, and that's very reasonable, but also I think it's reasonable for me to not care

@mcc I sometimes worry about my abandoned software being out there. Then I realize that if anyone has ever forked it ever, then it’s out there anyway. There is nothing to be done! 🤷‍♂️

@brandon I do feel bad my code bitrotted, but again, package-lock.json! Kinda needed that feature if bitrot was going to be effectively prevented! :(

Follow

@mcc @brandon Whenever I encounter a rotted package I fork + fix + pr upstream. The nice part of open source is you can fix whatever bugs you find in your dependencies yourself. Even if it's a bit of work it's all literally free. 🤷

@mauve @brandon In this case I think that will not happen as the package itself targets the Nim Javascript target, which by 2017 was already being moved away from in favor of Emscripten/Wasm.

@mauve @brandon So just all around, about as dead as a piece of software could possibly get.

@mauve @mcc I maintain my own forks of almost all of the libraries I use, because they lack small but important features that I need. I really appreciate the access to the source code! However, I have had very bad luck getting PRs merged. I have gone to strenuous lengths at times with laser-like focus and extreme commitment to get PRs merged, with no increase in success rate. However, the success rate is much higher there than trying to get a bug fixed by filing a bug report!

@brandon @mcc Big mood. I think of PRs as more of a courtesy and am fine with them dangling. If it lands it lands, if not I have my fork and a dozen other code things to worry about. :P

My last couple went pretty smooth though which was nice. Probs cause they were in the hot path of use cases.

@mauve @mcc That's a really interesting perspective! I actually feel the same way. I have no hope of my PRs being merged, but I do it anyway. I feel like it's a service to the universe in appreciation of the miraculous times when someone sends me a PR. So kind of them to notice my software!

Sign in to participate in the conversation
Mauvestodon

Escape ship from centralized social media run by Mauve.