New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Package Manager - For version 0.7 #2499

sinofanger opened this Issue Dec 6, 2014 · 5 comments


None yet
6 participants
Copy link

sinofanger commented Dec 6, 2014
@julianlam I recently remembered your idea where you were thinking of a packages website so that users can review and vote on plugins.

Here are some suggestions to your original plan. These suggestions might seem farfetched for a young project. But in the long run it will be helpful. Once NBB starts getting more plugins and themes, the current way of organization will be very confusing for normal users (non power users) who just want to run a community based on NBB.

  1. The website,, should host all the plugins for NBB instead of pulling them from github or NPM. There should be proper categories like productivity, social media etc for the plugins.

  2. The registered members should be allowed to upload plugins to the site.Any registered member should be able to upload a plugin in zip format, after filling out a form providing details like description, screenshots, faq, about their plugin or theme. Once the editors approve it, it can be published. At the end of every week, one of the nodebb team members can go through the submitted plugins and approve or decline it.

  3. In the ACP of NBB, the plugins and themes list should be generated based on the database of instead of pulling from Github or NPM. This will give give the main community more flexibility in removing obsolete plugins or labeling these plugins as outdated. So users can avoid installing plugins which has the label "outdated"

  4. Rather than providing voting options in the website (which WordPress tried and failed), the voting ability should be provided inside the ACP, where each plugin or theme has two options to vote "works" or "breaks", after selecting the version of NBB. This will encourage every admin who uses NBB to vote right from their ACP.

  5. For each registered member of website, their profile can show details like their most downloaded plugin, most rated plugin etc. More like this leaderboard feature in the original plan. Also an option for them to re-upload any updated versions of their plugin.

6)The website should have a "sign in with nodebb" option along with github so that users of community.nodebb can login with their credentials.

Hope you guys try to go through these suggestions and give it a thought. This is a lot of work, but try to implement this or a version of this "" idea before releasing 0.7.


This comment has been minimized.

Copy link

julianlam commented Dec 7, 2014

Much of the NodeBB Package Manager front-end was envisioned by @psychobunny. @baris implemented the API that syncs up from NPM, and I implemented the "version suggestion" portion of the API.

Future plans for the NBBPM have stalled pending other features higher up in our priority chain, though here are my thoughts on the long term plan for the NBBPM:

  1. As you suggest, the NBBPM should host the packages themselves. We will still rely primarily on npm, as there is no convincing reason to split ourselves from npm. If npm fails, NBBPM will act as a redundant download layer. Reasons for not ditching npm:
    • We initially went with npm because it drastically reduced the complexity of the plugin system. NPM handles reg/login, hosting, mirroring, reporting, voting, versioning, etc. Having the NodeBB team handling this (esp. a year ago, when the grand total # of plugins was a fantastic 2), was definitely out-of-scope, since we'd have to maintain the code indefinitely.
    • I still feel piggybacking off of npm is a good idea, at least for now.
  2. Uploading packages to NBBPM would be difficult to reconcile with the npm login system, so this goes against my vision for the first point.
  3. Already planned out -- the existing way this is handled is difficult at best.
  4. Will we continue with the voting? Undecided.
  5. Same with 4
  6. The "Sign in with NodeBB" is actually "sign in via", which is our hosting interface 😄

This comment has been minimized.

Copy link

dwendt commented Dec 11, 2014

just a tiny remark: vulnerabilities should not be part of a flag/vote/democratic system. NBBPM admins should receive disclosures via security@... email, and flag vulnerable nbbpm entries when a valid vulnerability is disclosed. it's important to be promoting simple disclosure methods that have as least resistance(like having to register, or having a running nodebb instance, or whatever) as possible.


This comment has been minimized.

Copy link

pitaj commented Jan 24, 2015

Also, any bugs should be automatically posted to the plugin's issues page on Github if possible.


This comment has been minimized.

Copy link

Kuznetsof commented Feb 3, 2015

Simple idea, to start with:

Here's what would be really nice to have:

On plugins page by default i would like to see only plugins that compatible with my version of Nodebb, then
it's not a bad idea to have an option to show all plugins ever created.


This comment has been minimized.

Copy link

julianlam commented Feb 3, 2015

Off-hand, I am not entirely sure whether the plugin manager can be retrofitted to return a list of packages matching only a specific version.

I believe it can, though it would require a fair bit of JSON parsing and would be better if cached.

What is more important right now (to me, anyways) is forking the npm package search code so we can add some filters to it. (index [Bool], and filtering out packages without compatibility info)

julianlam added a commit that referenced this issue Feb 12, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment