New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm module name / Node.js built-in `worker` module #1

Closed
addaleax opened this Issue May 11, 2018 · 44 comments

Comments

Projects
None yet
@addaleax

addaleax commented May 11, 2018

Hi there!

I’m currently working on built-in Worker support (as in, threaded workers rather than cluster/child process) in Node.js, and there is only little left to do for that. (It’s basically just porting over changes from a fork of Node, Ayo.)

Now, the most natural way to expose that functionality seems through a built-in worker module. Since you own that name on npm, and your module would thus conflict with this: Would you be willing to rename/move this to another module name (similar to what we did for http2)? I realize it’s a pretty great name to get, but on the other hand I’d like to a natural name for the built-in module.

Let me know if you have any thoughts/questions about this!

@blake-regalia

This comment has been minimized.

Owner

blake-regalia commented May 11, 2018

@addaleax addaleax referenced this issue May 22, 2018

Closed

worker: initial implementation #20876

4 of 4 tasks complete
@benjamingr

This comment has been minimized.

benjamingr commented May 22, 2018

To be honest - I realize Anna is asking super nicely here but I don't see why we should take a 50 downloads/week package into account when considering clear naming for millions of users.

I think Node.js should focus on what's best for our users. I think it would be better to focus on how @blake-regalia can contribute (if they want) from their domain knowledge into Node.js workers and help shape them rather than this particular package.

Edit: I've added some motivation here: #1 (comment)

@kyleknighted

This comment has been minimized.

kyleknighted commented May 22, 2018

@blake-regalia I hope you don't back down. This is your project. Your NPM name. If they want it, let them pay for it. You owe them nothing and you have something they want. I'm sorry a bunch of "adults", who act like spoiled children, want to come into your world and start harassing and bullying you.

I hope this blows over and doesn't dissuade you from continuing to contribute to the OSS community.

@pubkey

This comment has been minimized.

pubkey commented May 22, 2018

I prefer a worker-module that works in browsers and node. Why not use require('node/worker') for native modules?

@addaleax

This comment has been minimized.

addaleax commented May 22, 2018

Everybody relax :) I asked @blake-regalia to provide the name, not to give it up because we’re the larger project. It’s not something anybody forces him to do.

@kyleknighted I have no idea where you get any of that from.

Why not use require('node/worker') for native modules?

There has been a lot of discussion on this topic.

@dy

This comment has been minimized.

dy commented May 22, 2018

@kyleknighted I wonder why do you think npm community should be so much monetary self-profit driven? Isn’t freeing name for a package that is worth a lot for millions already a reward? That is a chance to contribute to node core and good npm infrastructure development.

@kyleknighted

This comment has been minimized.

kyleknighted commented May 22, 2018

@addaleax
image

No idea where I'd get such info...

@benjamingr

This comment has been minimized.

benjamingr commented May 22, 2018

@kyleknighted just to be clear I am absolutely under the impression Node.js should use the better name if at all possible and that Node.js should collaborate with the author of said module if at all possible.

I am not hiding that fact at all. Mainly because:

  • If/when we ship a built in module I wouldn't want users to get confused and access a userland one which can be a security vulnerability.
  • The module name is not originally this project's, according to the author it was acquired recently.
  • The fact the module name changed recently is a good indication that the first point here is a possible issue.
  • Node.js has started using this name for workers 3 years before the package in question here ever got the name (from another author).

Note that this is just my opinion and not Node.js's as a project, should we ever use the name it would have to be decided on at a project level - I am expressing my opinion as one person. People are free to disagree.

I am not trying to "strong arm" anyone, I am certainly not trying to dissuade anyone from participating in open source. I would love for the author of this package to participate more especially now when Node.js wants to ship workers because their information is valuable.

I am optimizing for one thing only here - the humans using Node.js, I personally don't see why millions of developers should get a worse name for a 47 downloads / week package that didn't even have that name for very long.

I am entitled to hold that opinion, I would appreciate it if people would respect that.

@benjamingr

This comment has been minimized.

benjamingr commented May 22, 2018

Also @kyleknighted, I think there is a miscommunication where Node.js might appear to be this big scary project. It's a bunch of people who are interested in Node.js and are working on it.

Working on it isn't barred from anyone, feedback is explicitly welcome and you are welcome to volunteer and participate like the rest of us.

In fact, if you're interested (and this goes out to anyone else reading this) - you are welcome to email me personally (my email is listed in https://github.com/nodejs/node) regarding being more involved with Node.js where you can help make these calls and I promise to do my best to help. I like having people who disagree with me (or others) around.

@kapv89

This comment has been minimized.

kapv89 commented May 22, 2018

My 2 cents, If the "threaded workers" that @addaleax is working on provide "shared-memory parallelism" for node.js, which in turn should technically provide the ability to use loaded modules across multiple threads in parallel, and the ability to work on shared data in multiple threads, then I think @blake-regalia should concede the package name. It'd be better for node.js, and for every professional and company that depends on node.js.

@benjamingr

This comment has been minimized.

benjamingr commented May 22, 2018

@kapv89

Where is everyone coming here from 😅? In my experience the more "new" traffic some place gets the more miscommunication and misconceptions there can be.

If at all possible - I would rather find that place is and then make ourselves available to answer their questions. The technical steering committee takes questions every week, everyone is welcome to open an issue and Node.js is trying to be very transparent and open.

If Node.js antagonised or alienated anyone that concerns me and I would prefer to figure it out. You are welcome to reach out to me (or the project) directly if you prefer.

@kapv89

This comment has been minimized.

kapv89 commented May 22, 2018

@benjamingr I saw this on twitter, Javascript daily tweeted it, I posted this discussion on reddit right now, cos I seriously think that shared-memory-parallelism is one of the few things that node.js really needs. Gonna take down the reddit post.
Update: took it down

@blake-regalia

This comment has been minimized.

Owner

blake-regalia commented May 22, 2018

It seems to me that this approach of seizing a package name for each new internal module that comes along (and I'm sure there will be more in the future) is largely unsustainable. The real solution here should be the preventative and long-term measure of distinguishing between internal modules and public 'packages' in the call to require. If I surrendered the name then it would propagate a morally questionable precedent that I don't agree with.

@benjamingr I must add that I find it ironic that some leaders of a project which prides itself on fostering such an ideology is willing to take such an entitled stance on this matter.

I appreciate the discussion and hope it serves towards improving your project.

@dy

This comment has been minimized.

dy commented May 22, 2018

If I surrendered the name then it would propagate a morally questionable precedent that I don't agree with.

As a matter of fact, many other people let go of their package/user names for benefit of everyone, personal examples are orca, audio-play, tst, audio, jsxify and others. In turn, scapjs is an org ready to give out any deprecated/unused packages there.

Morally - why holding a name knowing you won't be able to do that package as useful and good? That could be "collaborating" instead of "surrendering".

@ericandre615

This comment has been minimized.

ericandre615 commented May 22, 2018

What about 'thread' or 'webworker' not sure those names are already taken.

@addaleax

This comment has been minimized.

addaleax commented May 22, 2018

webworker doesn’t work because it’s not an implementation of web workers, it’s more powerful than that.

@ericandre615

This comment has been minimized.

ericandre615 commented May 22, 2018

Yeah was suggesting that more for the current npm 'worker' package and 'thread' for this nodejs package. I mean it seems threads are the main thing here. I am seeing that word Every time I look at something for this.

const { Worker, isMainThread, postMessage, workerData } = require('thread');

Even has something called isMainThread, seems like a clear sign to me. Obviously the owner of this 'worker' package does not care to give up the name.

@benjamingr

This comment has been minimized.

benjamingr commented May 23, 2018

It seems to me that this approach of seizing a package name for each new internal module that comes along (and I'm sure there will be more in the future) is largely unsustainable.

Node.js doesn't plan to add a large number of modules though.

The real solution here should be the preventative and long-term measure of distinguishing between internal modules and public 'packages' in the call to require. If I surrendered the name then it would propagate a morally questionable precedent that I don't agree with.

So just to be clear - you are trying to educate the Node.js foundation and force their hand not because of the package name but because you believe in a different technical decision about how module naming should work?

@benjamingr I must add that I find it ironic that some leaders of a project which prides itself on fostering such an ideology is willing to take such an entitled stance on this matter.

What ideology? What entitlement?

Node.js does not need to consult package authors if we want to use names for internal modules - that's a promise we never made and the only measure I personally believe in is usefulness.

Moreover - Node.js doesn't actually need the package name in order to make a module internal - Node can decide to vote on it and take the name. People using npm install worker would still get this package but all require('worker')s would point to the internal module. require('./node_modules/worker/index') would still work though.

I think Node.js should do whatever is best to the humans using it (as explained here).

I appreciate the discussion and hope it serves towards improving your project.

Thanks, I hope this discussion isn't coming off as aggressive from my part - I am trying to be honest and upfront about my opinions here. I appreciate you taking the time to respond and share a different perspective.

It would also be great if you took a look at the workers PR at Node and tell us what you think :)

@kapouer

This comment has been minimized.

kapouer commented May 23, 2018

There is absolutely no point in getting the npm worker package name.
https://www.npmjs.com/package/path
https://www.npmjs.com/package/util
...
so this whole discussion is just a flame.

@benjamingr

This comment has been minimized.

benjamingr commented May 23, 2018

so this whole discussion is just a flame.

I respectfully disagree - I certainly wouldn't want Node.js to take a module name without discussing it first internally and communicating it to the community and the author. I think Anna did the right thing opening this issue.

I haven't made up my mind yet (and neither did the Node.js foundation), I'm still learning from others' opinions and while I have an opinion it is not set in stone.

I'm learning from the discussion here - I wouldn't consider if flame - but maybe that's just me.

@MadaraUchiha

This comment has been minimized.

MadaraUchiha commented May 23, 2018

If I had a time machine, I would have preferred Node modules to be prefixed, so node/fs, node/http and this newest addition, node/worker (or some such).

But this is not the case, and this it would be a major compatibility break to do so, while possible, very undesirable.

Now, it's worth noting that Node has the power to simply take the name, and leave this package in the dark. Quoting @benjamingr:

Node.js doesn't actually need the package name in order to make a module internal - Node can decide to vote on it and take the name. People using npm install worker would still get this package but all require('worker')s would point to the internal module.

This is much more of a courtesy notice than it is asking for permission, and it would be better, given the current situation of module names in node, for everyone, that the name worker would be used for the native worker API and not a package.

Seeing that this package has relatively few users (6 stars, ~50 downloads/mo), only strengthens that position.

In short, I gotta say I'm not overly happy with the situation, it bears a similarity to the left-pad fiasco of olde, albeit with less of a corporate tone, but I agree with Benji and Anna here.

@Attrash-Islam

This comment has been minimized.

Attrash-Islam commented May 23, 2018

I think that the choice is in his hand, since the domain name is belong to him, so even if he decide to give it or not, that's his choice.. Also, I think that Node.js Community should refactor the way they acquire npm packages from developers (Since that is not the first time!)

And the suggestion of taking the name of the package without any permission from the package owner (by votes) is really not comfort at all for the npm users (Who have improved this whole eco-system) including me. How can I be safe from any future votes that may kill my investment in my OSS project? Terrifying!

I hope the issue resolves to good choices

@benjamingr

This comment has been minimized.

benjamingr commented May 23, 2018

@Attrash-Islam

Since that is not the first time!

This is the first time Node.js has asked someone from a package name and they said "no" as far as I know. I believe this is the case because Node.js only asks for names that:

a) sound like native modules to begin with
b) don't have many popular downloads

I think in this case Node.js's mistake was not to reserve that name when we intended to use it in 2015 - 3 years before the current owner of the package has acquired it.

I do not agree that our users should be punished for the fact we did not reserve a certain package name - especially since we are not under obligation to do it to begin with.

@Attrash-Islam

This comment has been minimized.

Attrash-Islam commented May 23, 2018

@benjamingr Thanks for the clarification 👍

@vsemozhetbyt

This comment has been minimized.

vsemozhetbyt commented May 23, 2018

Strangely, for the last days downloading of https://www.npmjs.com/package/worker increases from ~50 up to ~7.000.

@MadaraUchiha

This comment has been minimized.

MadaraUchiha commented May 23, 2018

@vsemozhetbyt It was all a conspiracy to gain more downloads all this time!

@Attrash-Islam

This comment has been minimized.

Attrash-Islam commented May 23, 2018

@MadaraUchiha Or maybe a bot 😃 Which makes more sense to prove the point that it's not only 50 downloads per month. Do you see @benjamingr ? 😂

@Linkgoron

This comment has been minimized.

Linkgoron commented May 23, 2018

@MadaraUchiha
Clearly NPM just had a caching issue with the download numbers.

http://shouldiblamecaching.com/

@jskrzypek

This comment has been minimized.

jskrzypek commented May 23, 2018

Actually it's probably just a bunch of people downloading the package to see what's in it / try it out. I certainly added to the the count at least once :)

@blake-regalia

This comment has been minimized.

Owner

blake-regalia commented May 23, 2018

I do not agree that our users should be punished for the fact we did not reserve a certain package name - especially since we are not under obligation to do it to begin with.

The idea on display that you are somehow "punishing" users with a new module is quite inflammatory, nobody is getting hurt here. Right now its worker, next it will be http3, gpu, or whatever... if the precedent is to just take an aggressive narrative against 'those who get in my way' or even taking it by force, then you are doing something wrong -- especially considering that you are in full control of making the change to internal module scoping.

@benjamingr

This comment has been minimized.

benjamingr commented May 23, 2018

@blake-regalia

if the precedent is to just take an aggressive narrative against 'those who get in my way' or even taking it by force, then you are doing something wrong

Work with me here - let's say we make this the first module and name it @nodejs/worker or @node/worker or any of the proposed names. People are still going to try to use worker because that's what has been working for them for every core module since Node.js started.

You seem like a pretty nice person - what if at some point someone who isn't as concerned with the wellbeing of the Node.js user community shows up and that someone just exports require('@nodejs/worker) for a while - some less savvy users npm install worker --save and it works. Then, after a while longer, that someone decides to install a backdoor when the user installed worker in addition to it.

This scenario scares me, it scares me that our users will be exposed to it enough to not want to call it @nodejs/worker what should Node.js do in your opinion?

you are in full control of making the change to internal module scoping.

I think you're giving me way too much credit here. As I said before multiple times I am one person, Node is a community project and I don't call the shots. As I said before - you are welcome to participate in calling the shots if you want to.

There is no requirement for it, you could be influencing how millions of people would use the built-in node workers if you choose - that is up to you.

@xemasiv

This comment has been minimized.

xemasiv commented May 23, 2018

Come on guys since it's a powerful worker, we can use:

https://www.npmjs.com/package/superworker

It's not taken yet 😉

And months from now you and I foresee Medium articles featuring Node SuperWorkers

Sick.

Points to consider:

  1. The convention of node's current require mechanism for requiring built-in and third-party modules.. trying to change it would be a head-splitting community headache. Especially for the users of previous node versions who could find it hard to adapt to new versions, and the extra confusion it will create in the documentations.
  2. Using scoped names really got issues as @benjamingr said
  3. npm and yarn can help by providing warnings, but their previous cli versions can't
  4. npm can create an audit process for package names with node-module name conflicts but that would be a waste of time checking for malwares instead of working on our crafts
  5. It's 2018 already, npm og's (like og xbox gamertags) are definitely taken already
  6. Using cheesy names is fine as long as it delivers what its name should represent and it's easy to remember; plus, using them can avoid unnecessary debates and accelerate the process faster ❤️

ps: nodejs/node#20876 looks fucking sick man that's gangsta

@benjamingr

This comment has been minimized.

benjamingr commented May 24, 2018

Just throwing another idea out there and my comment from #1 (comment) more - one thing we can do is @nodejs/worker and warn when worker is required.

@refack

This comment has been minimized.

refack commented May 24, 2018

Just in case it wasn't brought up earlier, the current documented consensus reached in the node core repository, is that in namespace conflicts node core should yield to the wider community's decision.

image
https://github.com/nodejs/node/blob/master/COLLABORATOR_GUIDE.md#introducing-new-modules

Personally I don't agree with @benjamingr opinion regarding unilateral action, but I think negotiation about the best way forward could be beneficial.

P.S. I was once the owner of the jest npm name and yielded it to FB, since it made most sense.

@benjamingr

This comment has been minimized.

benjamingr commented May 24, 2018

Personally I don't agree with @benjamingr opinion regarding unilateral action, but I think negotiation about the best way forward could be beneficial.

I think there is a good chance we won't be using worker anyway - but even if we will it won't be unilateral action but a discussion.

I'm waiting on a response for #1 (comment) at the moment.

@Scritches

This comment has been minimized.

Scritches commented May 24, 2018

Isn't this the sort of conflict that vendor namespace prefixes are supposed to prevent?

@ShirtlessKirk

This comment has been minimized.

ShirtlessKirk commented May 24, 2018

@Scritches you'd have thought so, yes, but there's all those legacy issues already mentioned.

However, I'm with @blake-regalia here. "Asking nicely" as a "courtesy" when the possibility exists of the name just being taken anyway is nothing of the sort. That the package gets only 50 or so downloads/week or was originally from a different developer is immaterial and to use these reasons as justification for capitulation is attempting to strongarm a single developer into following groupthink.

Also, there's the implicit threat that should the name be used anyway then it breaks the standard require of this package; nice module you got there, be a real shame if anything happened to it. That's a land grab.

Then there's the throwing in of the added insults that if this doesn't happen then they aren't contributing to "the greater good" and are morally wrong in refusing. That's brigading.

It's a pity the name wasn't taken 3 years ago, but that's not @blake-regalia 's problem.

Personally, I'm surprised the dialogue is still active after the issue was deemed closed. The answer to the question was "no". Get over it and move on.

@p3x-robot

This comment has been minimized.

p3x-robot commented May 28, 2018

8 stars, wow. you can create a travis daily via cron to increase your downloads, but you cannot increase your stars...
can't nodejs just override the worker name if they are not helping ?

@addaleax

This comment has been minimized.

addaleax commented May 28, 2018

I’ve tried my best to engage in this thread in a productive manner, and I think @blake-regalia has done so as well, just from a different point of view. It’s frustrating to see the support he’s receiving to take such an (imo unjustified) accusatory tone, though.

I’m sorry that we, as the Node.js core team, seem to communicate so poorly that we are a group made out of community members, and that no single person has any say about what happens, and that no single person can alone take an action in the name of the project. @benjamingr has tried to emphasize that a couple times, and I can’t put it better than he did.

In particular, there are other Node.js TSC members that are opposed to taking a module name without the npm package owner’s consent, which is a significant hurdle to overcome if we were to go through with this.

@refack

This comment has been minimized.

refack commented May 28, 2018

In particular, there are other Node.js TSC members that are opposed to taking a module name without the npm package owner’s consent, which is a significant hurdle to overcome if we were to go through with this.

I feel that statements such as this are those that are experienced as veiled threats (the if might be perceived as you reminding the reader that node-core could go the strong-arm route).
IMHO It should have been enough to state that the current consensus policy is that node-core module names should not conflict with userland module names.

@NadyaNayme

This comment has been minimized.

NadyaNayme commented May 31, 2018

@addaleax

It’s frustrating to see the support he’s receiving to take such an (imo unjustified) accusatory tone, though.

Or maybe certain members of the NPM team are a bit blind to their attempts at strongarming a dev into giving up the name? Maybe take a step back and do some gradeschool level introspection.

Child A: "Can I play with your toy?"

Child B: "No."

Child A: cries to Mommy "He won't let me play with his toy! Take it away from him and give it to me! I want to play with it!"

You aren't entitled to have the toy just because you want it.

Maybe try following your collaborator guide - unless you think those kinds of things shouldn't apply to you (might have something to do with a sense of entitlement).

The name of the new core module should not conflict with any existing module in the ecosystem unless a written agreement with the owner of those modules is reached to transfer ownership.

You didn't reach a written agreement. Go find a different toy.

@blake-regalia
You're doing the right thing, don't let them bully you into changing your mind.

@addaleax

This comment has been minimized.

addaleax commented May 31, 2018

@NadyaNayme You don’t seem to be reading my replies from above here, so I won’t bother much with replying either, but I’m going to point out that Node.js and npm are different things made by different people and this has nothing to do with the npm team so far.

@p3x-robot

This comment has been minimized.

p3x-robot commented May 31, 2018

@addaleax
i think you cannot take and try someone's name.
either if it is 1 or N, both are the same equality or right.
given, it is right now, is his, there is nothing so beautiful about brutal-force or new.
i give up.

@p3x-robot

This comment has been minimized.

p3x-robot commented May 31, 2018

server-worker / server_worker / serverWorker / ServerWorker / server worker / Server worker etc ...

Repository owner locked as too heated and limited conversation to collaborators May 31, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.