MadSons
commented
1 month ago The fraction of dependencies that are pinned to at least a specific major+minor version, e.g., version 2.3.X of the dependency. (If a package has zero dependencies, it should receive a 1.0 rating. Now, suppose a package has two dependencies, one that is constrained to a particular major+minor version and another that is not. In this case, one of the two dependencies satisfies the requisite level of pinning, and so the fraction of dependencies is 1 in 2 or a score of ½ = 0.5.3
New metric to be added to phase 1 code The fraction of dependencies that are pinned to at least a specific major+minor version (see phase 2 specs).