New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hoarders is not "cute" #2

Open
eastridge opened this Issue Aug 22, 2012 · 39 comments

Comments

Projects
None yet
@eastridge

eastridge commented Aug 22, 2012

While this may seem like a cute joke, having every npm flagged as being depended on by hoarders is not cute, it is in fact spam. Please consider ceasing the publication of this package as you are inserting garbage into the development ecosystem.

@coderarity

This comment has been minimized.

Show comment
Hide comment
@coderarity

coderarity commented Aug 22, 2012

lol

@jfhbrook

This comment has been minimized.

Show comment
Hide comment
@jfhbrook

jfhbrook Aug 22, 2012

Owner

While I was tempted to reply with an image macro, I think a more serious response is in order here.

Having hoarders show up as a reverse dependency in npmjs.org analyses was an unintended side effect, and not really the "point" of this library at all. I could explain the joke, but then it wouldn't really be funny.

In addition, Isaac himself has told me that he doesn't mind. You might even say he thinks it's "cute". You see, when I learned that hoarders was being reverse-depped to every package on npm, I did consider that it might constitute some level of spam/abuse. But then, after talking to some people, I came to the conclusion that it's okay. At least, for now.

I'm going to close this issue because I don't plan on unpublishing hoarders anytime soon, but that doesn't mean your opinion hasn't been heard.

Owner

jfhbrook commented Aug 22, 2012

While I was tempted to reply with an image macro, I think a more serious response is in order here.

Having hoarders show up as a reverse dependency in npmjs.org analyses was an unintended side effect, and not really the "point" of this library at all. I could explain the joke, but then it wouldn't really be funny.

In addition, Isaac himself has told me that he doesn't mind. You might even say he thinks it's "cute". You see, when I learned that hoarders was being reverse-depped to every package on npm, I did consider that it might constitute some level of spam/abuse. But then, after talking to some people, I came to the conclusion that it's okay. At least, for now.

I'm going to close this issue because I don't plan on unpublishing hoarders anytime soon, but that doesn't mean your opinion hasn't been heard.

@jfhbrook jfhbrook closed this Aug 22, 2012

@eastridge

This comment has been minimized.

Show comment
Hide comment
@eastridge

eastridge Aug 23, 2012

@jesusabdullah sorry to sound like I have a stick up my ass, I'm usually one for pranks. This particular prank did actually cause me to spend time (albiet only a few minutes) investigating the following though:

  1. Had my package been hacked and had a dependency added (no, it was being depended on, oops)
  2. Was someone trying to make a statement that I was hoarding a package name? Nope.

So in essence your unintended consequence does have real world implications on others. Regardless of what Isaac thinks, it did confuse me and you're likely to confuse people in the future. I'm tempted to publish a few packages to prove a point on how easy it is to spam the system here...

eastridge commented Aug 23, 2012

@jesusabdullah sorry to sound like I have a stick up my ass, I'm usually one for pranks. This particular prank did actually cause me to spend time (albiet only a few minutes) investigating the following though:

  1. Had my package been hacked and had a dependency added (no, it was being depended on, oops)
  2. Was someone trying to make a statement that I was hoarding a package name? Nope.

So in essence your unintended consequence does have real world implications on others. Regardless of what Isaac thinks, it did confuse me and you're likely to confuse people in the future. I'm tempted to publish a few packages to prove a point on how easy it is to spam the system here...

@jfhbrook

This comment has been minimized.

Show comment
Hide comment
@jfhbrook

jfhbrook Aug 23, 2012

Owner
  1. Had my package been hacked and had a dependency added (no, it was being depended on, oops)

I mean, you'll have that "problem" anyway as people decide to use your packages. That's really not the fault of hoarders.

  1. Was someone trying to make a statement that I was hoarding a package name? Nope.

I can see this, but it doesn't take a lot of investigative journalism here to find that's not the case. So I don't really find this all that compelling either. That, and I don't really care if people think my modules are any good, y'know? I wrote them for me.

That said, I am aware of the "noise" that hoarders adds to npm as a whole, and I've had a number of conversations today about the correct course of action. I'm still weighing my options here.

Owner

jfhbrook commented Aug 23, 2012

  1. Had my package been hacked and had a dependency added (no, it was being depended on, oops)

I mean, you'll have that "problem" anyway as people decide to use your packages. That's really not the fault of hoarders.

  1. Was someone trying to make a statement that I was hoarding a package name? Nope.

I can see this, but it doesn't take a lot of investigative journalism here to find that's not the case. So I don't really find this all that compelling either. That, and I don't really care if people think my modules are any good, y'know? I wrote them for me.

That said, I am aware of the "noise" that hoarders adds to npm as a whole, and I've had a number of conversations today about the correct course of action. I'm still weighing my options here.

@jfhbrook jfhbrook reopened this Aug 23, 2012

@dominictarr

This comment has been minimized.

Show comment
Hide comment
@dominictarr

dominictarr Aug 25, 2012

Node is fun, because screwing around is taken seriously.
There are a bunch of modules that are quite silly (like caps-lock-script),
hoarders is one of the greatest of the silly modules.

dominictarr commented Aug 25, 2012

Node is fun, because screwing around is taken seriously.
There are a bunch of modules that are quite silly (like caps-lock-script),
hoarders is one of the greatest of the silly modules.

@kevinohara80

This comment has been minimized.

Show comment
Hide comment
@kevinohara80

kevinohara80 Aug 28, 2012

Why is this a "silly" module? I use it even when I only need Request.

kevinohara80 commented Aug 28, 2012

Why is this a "silly" module? I use it even when I only need Request.

@bmeck

This comment has been minimized.

Show comment
Hide comment
@bmeck

bmeck Oct 13, 2012

An aside, we are using this intermittently when stress testing things, +1.

bmeck commented Oct 13, 2012

An aside, we are using this intermittently when stress testing things, +1.

@broofa

This comment has been minimized.

Show comment
Hide comment
@broofa

broofa Nov 25, 2012

Can we please get rid of this package? @jesusabdullah: I would point out that each of your replies to @beastridge issues involve some modicum of work on his part, as the owner of a module that shows a 'hoarders' dependency. Sure, this work is usually trivial, but it's non-zero. And every single module owner is likely to have some-hoarder related question at some point. For example, the impetus for this comment is an email I'm sending to people that depend on the 'uuid' module. Do I need to include hoarders in this email or not? I don't know because I don't know what hoarders is used for, or if it's a joke, or what. And... so... I've lost 5-10 minutes of my day to this. :(

I.e. hoarders is a layer of unnecessary complexity that permeates the whole npm ecosystem. To those who [think they have] a legitimate use for this module, I would argue that there are better ways to accomplish your goals.

broofa commented Nov 25, 2012

Can we please get rid of this package? @jesusabdullah: I would point out that each of your replies to @beastridge issues involve some modicum of work on his part, as the owner of a module that shows a 'hoarders' dependency. Sure, this work is usually trivial, but it's non-zero. And every single module owner is likely to have some-hoarder related question at some point. For example, the impetus for this comment is an email I'm sending to people that depend on the 'uuid' module. Do I need to include hoarders in this email or not? I don't know because I don't know what hoarders is used for, or if it's a joke, or what. And... so... I've lost 5-10 minutes of my day to this. :(

I.e. hoarders is a layer of unnecessary complexity that permeates the whole npm ecosystem. To those who [think they have] a legitimate use for this module, I would argue that there are better ways to accomplish your goals.

@Raynos

This comment has been minimized.

Show comment
Hide comment
@Raynos

Raynos Nov 28, 2012

@broofa this is a non trivial and deeper problem that npm is a free for all and as it grows more weird and confusing shit is going to be on there.

We can temporarily solve the problem for hoarders but the underlying issue isn't going to dissappear.

Raynos commented Nov 28, 2012

@broofa this is a non trivial and deeper problem that npm is a free for all and as it grows more weird and confusing shit is going to be on there.

We can temporarily solve the problem for hoarders but the underlying issue isn't going to dissappear.

@broofa

This comment has been minimized.

Show comment
Hide comment
@broofa

broofa Nov 29, 2012

@broofa this is a non trivial and deeper problem that npm is a free for all and as it grows more weird and confusing shit is going to be on there.

meta-issue

We can temporarily solve the problem for hoarders...

Great! Let's do that.

... but the underlying issue isn't going to dissappear.

I'm fine with that. I'm not suggesting we slay any giants here.

broofa commented Nov 29, 2012

@broofa this is a non trivial and deeper problem that npm is a free for all and as it grows more weird and confusing shit is going to be on there.

meta-issue

We can temporarily solve the problem for hoarders...

Great! Let's do that.

... but the underlying issue isn't going to dissappear.

I'm fine with that. I'm not suggesting we slay any giants here.

@Raynos

This comment has been minimized.

Show comment
Hide comment
@Raynos

Raynos Nov 29, 2012

@broofa btw include me in that email!

Raynos commented Nov 29, 2012

@broofa btw include me in that email!

@dominictarr

This comment has been minimized.

Show comment
Hide comment
@dominictarr

dominictarr Nov 29, 2012

hoarders is important for stress testing npm, etc.

also, it's cute as fuck.

dominictarr commented Nov 29, 2012

hoarders is important for stress testing npm, etc.

also, it's cute as fuck.

@broofa

This comment has been minimized.

Show comment
Hide comment
@broofa

broofa Nov 29, 2012

hoarders is important for stress testing npm, etc.

Can you elaborate?

Given that hoarders has at least 200X more dependencies than would reasonably appear in even a "LARGE" real-world package, I'll argue that the only thing hoarders tests is whether or not NPM can accomodate hoarders; I.e. it's neither useful nor important.

broofa commented Nov 29, 2012

hoarders is important for stress testing npm, etc.

Can you elaborate?

Given that hoarders has at least 200X more dependencies than would reasonably appear in even a "LARGE" real-world package, I'll argue that the only thing hoarders tests is whether or not NPM can accomodate hoarders; I.e. it's neither useful nor important.

@eastridge

This comment has been minimized.

Show comment
Hide comment
@eastridge

eastridge Nov 30, 2012

Every time I browse a package on npmjs.org I feel taunted by hoarders. I see it sitting there. Smugly. Slyly. It follows me everywhere, quietly taunting me. All the while it grows ever stronger gathering packages. Slowly. Surely. Relentlessly.

eastridge commented Nov 30, 2012

Every time I browse a package on npmjs.org I feel taunted by hoarders. I see it sitting there. Smugly. Slyly. It follows me everywhere, quietly taunting me. All the while it grows ever stronger gathering packages. Slowly. Surely. Relentlessly.

@kevinohara80

This comment has been minimized.

Show comment
Hide comment
@kevinohara80

kevinohara80 Dec 2, 2012

Totally.
On Nov 30, 2012 1:51 PM, "Ryan Eastridge" notifications@github.com wrote:

Every time I browse a package on npmjs.org I feel taunted by hoarders. I
see it sitting there. Smugly. Slyly. It follows me everywhere, quietly
taunting me. All the while it grows ever stronger gathering packages.
Slowly. Surely. Relentlessly.


Reply to this email directly or view it on GitHubhttps://github.com//issues/2#issuecomment-10899508.

kevinohara80 commented Dec 2, 2012

Totally.
On Nov 30, 2012 1:51 PM, "Ryan Eastridge" notifications@github.com wrote:

Every time I browse a package on npmjs.org I feel taunted by hoarders. I
see it sitting there. Smugly. Slyly. It follows me everywhere, quietly
taunting me. All the while it grows ever stronger gathering packages.
Slowly. Surely. Relentlessly.


Reply to this email directly or view it on GitHubhttps://github.com//issues/2#issuecomment-10899508.

@simov

This comment has been minimized.

Show comment
Hide comment
@simov

simov Dec 13, 2012

I think what confuses people the most is the name of the module as it's not descriptive enough. Maybe a more generic name like npm-bot or npm-index or whatever should be fine. Of course it won't be funny anymore but will reach a wider audience.

simov commented Dec 13, 2012

I think what confuses people the most is the name of the module as it's not descriptive enough. Maybe a more generic name like npm-bot or npm-index or whatever should be fine. Of course it won't be funny anymore but will reach a wider audience.

@dominictarr

This comment has been minimized.

Show comment
Hide comment
@dominictarr

dominictarr Dec 13, 2012

@simov makes a very good point.

hoarders is too witty, clever a name.
I'm +1 on renaming to npm-bot or all-npm or something.
Of course, we can't delete hoarders because that will break apps that are depending on it already.

dominictarr commented Dec 13, 2012

@simov makes a very good point.

hoarders is too witty, clever a name.
I'm +1 on renaming to npm-bot or all-npm or something.
Of course, we can't delete hoarders because that will break apps that are depending on it already.

@Raynos

This comment has been minimized.

Show comment
Hide comment
@Raynos

Raynos Dec 13, 2012

Of course, we can't delete hoarders because that will break apps that are depending on it already.

lol.

Raynos commented Dec 13, 2012

Of course, we can't delete hoarders because that will break apps that are depending on it already.

lol.

@vicary

This comment has been minimized.

Show comment
Hide comment
@vicary

vicary Dec 14, 2012

This is a good point to remind people that they should understand more of how the platform they are using.

Sometimes I got pissed off by what others think fun, like those punctuations (aww...). But I think this joke is good enough, take it easy people.

I guess @jesusabdullah could even ask Isaacs to put some description about this somewhere in npmjs.org, just for the serious guys. ;)

vicary commented Dec 14, 2012

This is a good point to remind people that they should understand more of how the platform they are using.

Sometimes I got pissed off by what others think fun, like those punctuations (aww...). But I think this joke is good enough, take it easy people.

I guess @jesusabdullah could even ask Isaacs to put some description about this somewhere in npmjs.org, just for the serious guys. ;)

@jfhbrook

This comment has been minimized.

Show comment
Hide comment
@jfhbrook

jfhbrook Dec 14, 2012

Owner

Or, I could update the description in the package.json to say, "THAT'S THE JOKE"

Owner

jfhbrook commented Dec 14, 2012

Or, I could update the description in the package.json to say, "THAT'S THE JOKE"

@coderarity

This comment has been minimized.

Show comment
Hide comment
@coderarity

coderarity Dec 15, 2012

you silly serious sams :D

coderarity commented Dec 15, 2012

you silly serious sams :D

@sindresorhus

This comment has been minimized.

Show comment
Hide comment
@sindresorhus

sindresorhus Jan 17, 2013

Even if it was intended as an internal joke, it affects people that don't get it or care.

5 min discovering what it is * devs using npm = a lot of wasted time for nothing.

I think it should be removed. It's just plain spam and has nothing to do on npm.

sindresorhus commented Jan 17, 2013

Even if it was intended as an internal joke, it affects people that don't get it or care.

5 min discovering what it is * devs using npm = a lot of wasted time for nothing.

I think it should be removed. It's just plain spam and has nothing to do on npm.

@vicary

This comment has been minimized.

Show comment
Hide comment
@vicary

vicary Jan 19, 2013

AFAIK early linux communities had a lot of things like this, did they blame it? They just think it's fun.

And I (and many others) just embrace how the open source world worked out this way, why would people blame errors that they can actually learn something from?

vicary commented Jan 19, 2013

AFAIK early linux communities had a lot of things like this, did they blame it? They just think it's fun.

And I (and many others) just embrace how the open source world worked out this way, why would people blame errors that they can actually learn something from?

@simov

This comment has been minimized.

Show comment
Hide comment
@simov

simov Jan 19, 2013

The more I use npm the more I think it doesn't really matter if some one think the modules are joke or not. Not everyone publish them to become famous. It's just an easy way to reuse and distribute useful parts of your program into different projects.

simov commented Jan 19, 2013

The more I use npm the more I think it doesn't really matter if some one think the modules are joke or not. Not everyone publish them to become famous. It's just an easy way to reuse and distribute useful parts of your program into different projects.

@guybrush

This comment has been minimized.

Show comment
Hide comment
@guybrush

guybrush Jan 19, 2013

if this goes off npm - it would be a sad story

hoarders isn't a joke, its art! if i had enough money i would pay someone for maintaining this package :)

guybrush commented Jan 19, 2013

if this goes off npm - it would be a sad story

hoarders isn't a joke, its art! if i had enough money i would pay someone for maintaining this package :)

@jfhbrook

This comment has been minimized.

Show comment
Hide comment
@jfhbrook

jfhbrook Jan 19, 2013

Owner

I implemented a blacklist for people that don't want to be depended on by hoarders:

https://github.com/jesusabdullah/hoarders/blob/master/build.js#L12-L22

Broofa's modules should be blacklisted already. If you would also like to opt out, send a pull request.

Owner

jfhbrook commented Jan 19, 2013

I implemented a blacklist for people that don't want to be depended on by hoarders:

https://github.com/jesusabdullah/hoarders/blob/master/build.js#L12-L22

Broofa's modules should be blacklisted already. If you would also like to opt out, send a pull request.

@jfhbrook jfhbrook closed this Jan 19, 2013

@jfhbrook

This comment has been minimized.

Show comment
Hide comment
@jfhbrook

jfhbrook Jan 19, 2013

Owner

Reopening this for greater visibility to those which have not been blacklisted yet.

Owner

jfhbrook commented Jan 19, 2013

Reopening this for greater visibility to those which have not been blacklisted yet.

@jfhbrook jfhbrook reopened this Jan 19, 2013

@simov

This comment has been minimized.

Show comment
Hide comment
@simov

simov Jan 19, 2013

You can even make it in separate blacklist.json and require it in your code. Will lose the comments though.

simov commented Jan 19, 2013

You can even make it in separate blacklist.json and require it in your code. Will lose the comments though.

@jfhbrook

This comment has been minimized.

Show comment
Hide comment
@jfhbrook

jfhbrook Jan 19, 2013

Owner

I mean, I could but all the important configuration is in the build.json anyway.

Owner

jfhbrook commented Jan 19, 2013

I mean, I could but all the important configuration is in the build.json anyway.

@simov

This comment has been minimized.

Show comment
Hide comment
@simov

simov Jan 19, 2013

I see my bad

simov commented Jan 19, 2013

I see my bad

@dominictarr

This comment has been minimized.

Show comment
Hide comment
@dominictarr

dominictarr Jan 19, 2013

I think the best way to implement this feature would be to publish a separate blacklist module that hoarders also depends on.

dominictarr commented Jan 19, 2013

I think the best way to implement this feature would be to publish a separate blacklist module that hoarders also depends on.

@simov

This comment has been minimized.

Show comment
Hide comment
@simov

simov Jan 19, 2013

Yeah might be just an index.json :D

simov commented Jan 19, 2013

Yeah might be just an index.json :D

@SomeKittens

This comment has been minimized.

Show comment
Hide comment
@SomeKittens

SomeKittens Jan 26, 2013

Contributor

Another issue with hoarders (though it is a funny idea) is that it artificially inflates download numbers. I was elated when I discovered that downloads for mongo-helper had tripled, but was dismayed when pretty much all of them were "stress testing" or what-have-you. I'd like to know when people are actually using my package. The blacklist's a good idea (and I'll add myself to it) but here's some food for thought.

That said, it does increase visibility to packages, but by an amount that you'd need an electron microscope to find.

Contributor

SomeKittens commented Jan 26, 2013

Another issue with hoarders (though it is a funny idea) is that it artificially inflates download numbers. I was elated when I discovered that downloads for mongo-helper had tripled, but was dismayed when pretty much all of them were "stress testing" or what-have-you. I'd like to know when people are actually using my package. The blacklist's a good idea (and I'll add myself to it) but here's some food for thought.

That said, it does increase visibility to packages, but by an amount that you'd need an electron microscope to find.

@dominictarr

This comment has been minimized.

Show comment
Hide comment
@dominictarr

dominictarr Jan 27, 2013

The "downloads" count is actually a count of cache misses. Each time someone installs a module the npm client checks whether the cached version is current, and doesn't download the package.

This means that a module that is installed often, but updated only occasionally, could have more cache misses (and thus a higher "downloads" count) than a module that is updated often but has less actual users.

So, "downloads" is a rather difficult metric to interpret, and doesn't relate directly to the number of actual users...

dominictarr commented Jan 27, 2013

The "downloads" count is actually a count of cache misses. Each time someone installs a module the npm client checks whether the cached version is current, and doesn't download the package.

This means that a module that is installed often, but updated only occasionally, could have more cache misses (and thus a higher "downloads" count) than a module that is updated often but has less actual users.

So, "downloads" is a rather difficult metric to interpret, and doesn't relate directly to the number of actual users...

@jfhbrook

This comment has been minimized.

Show comment
Hide comment
@jfhbrook

jfhbrook Feb 1, 2013

Owner

is that it artificially inflates download numbers.

Does it? You have to actually install hoarders in order for that download to show up.

Owner

jfhbrook commented Feb 1, 2013

is that it artificially inflates download numbers.

Does it? You have to actually install hoarders in order for that download to show up.

@cscott

This comment has been minimized.

Show comment
Hide comment
@cscott

cscott Feb 4, 2013

Don't let the haters get you down, man: hoarders is hilarious. And educational!

cscott commented Feb 4, 2013

Don't let the haters get you down, man: hoarders is hilarious. And educational!

@coderarity

This comment has been minimized.

Show comment
Hide comment
@coderarity

coderarity Feb 4, 2013

Does it? You have to actually install hoarders in order for that download to show up.

We all know how many people have gone through the pain of doing THAT.

coderarity commented Feb 4, 2013

Does it? You have to actually install hoarders in order for that download to show up.

We all know how many people have gone through the pain of doing THAT.

@vicary

This comment has been minimized.

Show comment
Hide comment
@vicary

vicary Feb 6, 2013

Haters gonna hate, when people say "bad experience is good", they never listen.

vicary commented Feb 6, 2013

Haters gonna hate, when people say "bad experience is good", they never listen.

@getify

This comment has been minimized.

Show comment
Hide comment
@getify

getify Feb 13, 2013

"Hoarders" is kind of like the Hello Dolly Wordpress plugin. And to quote that plugin's description:

This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong.

Also, I have just one package on npm, and it's nice to be ever so slightly less lonely in that hoarders is the only dependent package yet. It "symbolizes my hope and enthusiasm" and makes me feel a little less crappy. :)

getify commented Feb 13, 2013

"Hoarders" is kind of like the Hello Dolly Wordpress plugin. And to quote that plugin's description:

This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong.

Also, I have just one package on npm, and it's nice to be ever so slightly less lonely in that hoarders is the only dependent package yet. It "symbolizes my hope and enthusiasm" and makes me feel a little less crappy. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment