Status Enquiry From the Package Maintenance Team

[ghinks]

Hello @Gozala I am contacting you in my capacity as a member of the package maintenance team. We have been writing guidelines and building tools for package maintainers.

We see that querystring is very popular but is not actively maintained. We see that the module is marked as maintainer needed. We wanted to ask you what your intentions were? If you are actively looking for maintainers we could bring this under the umbrella of known good actors within the package maintenance team.

If your intent is to deprecate the module and encourage people to migrate to other modules we can help with that too.

If you could please respond in this issue so that the package maintenance team could provide help we would appreciate it.

[Gozala]

Hi @ghinks, discussion about wanted maintainer took place in the past and following comment is my position on the subject https://github.com/Gozala/querystring/issues/29#issuecomment-458533559

Hi Everyone,

Apologies for not responding sooner. Given the recent exploits on npm that have occurred through maintainer translations, I am not ready to just pass on maintenance to strangers.

Please don’t take that personally, but rotting package on npm is probably better than risk of facilitating malware.

If you do want to help, please start by playing an active role, handling issues, pull requests etc... On my end I’ll try to not be a bottleneck

I am not familiar with package maintenance team, but I'd be interested in finding a workable solution to pass on the maintenance burden to willing good actor, but how to build a trust without taking time to built it is something I have not yet reconciled.

[ghinks]

We completely understand and applaud your position. Let me communicate your response so you can see who you corresponding with.

[medikoo]

@ghinks I also have rights to maintain this package (and publish a new releases), and I'll be happy to address any security issues which may need to be addressed.

Concerning regular evolution and maintenance I do not have a capacity to invest my time into this package. Still I proposed the path which could be taken with this package at https://github.com/Gozala/querystring/issues/20 and I'm simply open for PR's on that. It was also communicated in https://github.com/Gozala/querystring/issues/29

[medikoo]

I've updated the main README and removed "Maintainer needed" call, to reflect @Gozala stance (which I fully understand and respect).

I've also added a note on how incoming contributors can help with eventual project evolution

[ghinks]

Thank you so very much I will get back to the package maintenance team and let them know what you have communicated.

[bnb]

A question I'd have for both @Gozala and @medikoo: is this module meaningfully contributing something that Node.js's querystring does not currently do? Given that it's not been published in 8 years, I can only imagine Node.js's implementation has improved in ways this module has not at this point.

If it's not, would deprecation be a potential path forward?

[ljharb]

I believe it serves as a browserify/bundler shim for node's core module, in which case gaps between it and node's implementation are indeed a problem worth fixing.

[medikoo]

@bnb is supposed to be an environment agnostic version of Node.js querystring.

It's not improved for years as simply no one decided to invest time into it.

There's a proposal on how to move it forward: https://github.com/Gozala/querystring/issues/20 would you like to help with that?

[bnb]

@medikoo that looks good to me, though I don't currently have the time/availability to help with this. I'd be happy to reach out to some folks I trust to see if they'd be willing to help, if that'd be helpful to you?

[medikoo]

@bnb any help would be welcome. Still this project is not in any critical condition, I believe that best if contributions are made by those which see value in further evolution and look forward to use new versions.

[Gozala]

Thanks @medikoo for your comments on this thread.

I pretty much share same viewpoint, that this is an environment agnostic module with the same goals as node's built-in querystring. API compatibility from my perspective has always been more of a nice to have than a must. That said I welcome efforts to improve compatibility as long as it does not reduce it's portability.