Feed for new versions.

[bsutton]

I'm looking to see if there is a feed containing updates for new versions of packages uploaded to pub.dev.

Possibly this might be a REST end point that I can ask for new versions since some date/time. I might the have to poll the end point every few minutes to get list of new packages/versions since the last poll.

Some time ago I seem to recall reading about something along these lines.

Does such an service exist in pub.dev?

[isoos]

There is no such feed except for the https://pub.dev/feed.atom

What's the use case you are looking to solve?

[bsutton]

We are building a private package repo saas for dart. We want the ability to send out notifications to users when a new version of a public package is released.

On Thu, 24 Feb 2022, 11:25 pm István Soós, @.***> wrote:

There is no such feed except for the https://pub.dev/feed.atom

What's the use case you are looking to solve?

— Reply to this email directly, view it on GitHub https://github.com/dart-lang/pub-dev/issues/5532#issuecomment-1049807484, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OBC2EPWEBE34FJXBZLU4YPSPANCNFSM5PC7ZX6Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you authored the thread.Message ID: @.***>

[sigurdm]

Perhaps our progress on dependabot-integration, and especially the dependency_services we made could be of interest here. It will only query for new versions of packages that are already dependencies.

But maybe that is just enough.

[bsutton]

So I'm not familiar with how dependabot works outside of its integration with github.

I assume it works as a service that scans dependencies in a git repo and sends alerts if a new dependency is available. Is this intended for organisations to implement internally or is it intended to allow github to support dart? How does it talk to pub.dev? I'm not certain how this might provide us with an alternative, given my (vague) understanding of what it does. I assume that it must somehow be pulling version updates out of pub.dev? This is a service we want to offer to our private package repo customers.

We have played with the atom feed and it looks like we can poll that every five minutes or so and then pull the new versions' meta data. Haven't been able to find any doco on the atom feed but it looks to have about the last 6 hours of updates. Is based on a count of the last 'n' entries or a time span?

We are keen not to have to do major re-sinks after any outages (at our end). Provided we resume services within the window of the atom feed this should be doable.

S. Brett Sutton Noojee Contact Solutions 03 8320 8100

On Fri, 25 Feb 2022 at 19:47, Sigurd Meldgaard @.***> wrote:

Perhaps our progress on dependabot-integration https://github.com/dependabot/dependabot-core/pull/4510, and especially the dependency_services https://github.com/dart-lang/pub/commit/941191f7f83ad60259348860197cfcdd83bb8e6f we made could be of interest here. It will only query for new versions of packages that are already dependencies.

But maybe that is just enough.

— Reply to this email directly, view it on GitHub https://github.com/dart-lang/pub-dev/issues/5532#issuecomment-1050653065, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OGZJPIREJP7GYRT7ITU446YTANCNFSM5PC7ZX6Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you authored the thread.Message ID: @.***>

[sigurdm]

I'm not certain how this might provide us with an alternative, given my (vague) understanding of what it does.

The dependency_services we implemented is akin to a machine-parsable pub outdated with more detailed output (it detects possible updates for each dependency separately). described here.

So, if what you want is to provide update notifications for peoples packages, you could run dependency_services for each project, and parse the output for new versions of the dependencies.

That might or might not fit your use-case.

[isoos]

Haven't been able to find any doco on the atom feed but it looks to have about the last 6 hours of updates. Is based on a count of the last 'n' entries or a time span?

It is last-N. Keep in mind that it is likely to change if/when pub.dev outgrows its current publishing rate.

[bsutton]

So is 'n' is likely to increase or are you foreshadowing a possible change to the spec?

On Sat, 26 Feb 2022, 8:38 am István Soós, @.***> wrote:

Haven't been able to find any doco on the atom feed but it looks to have about the last 6 hours of updates. Is based on a count of the last 'n' entries or a time span?

It is last-N. Keep in mind that it is likely to change if/when pub.dev outgrows its current publishing rate.

— Reply to this email directly, view it on GitHub https://github.com/dart-lang/pub-dev/issues/5532#issuecomment-1051290456, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OHJ36LXE4FOWMDTVQTU47ZG5ANCNFSM5PC7ZX6Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you authored the thread.Message ID: @.***>

[FMorschel]

There is no such feed except for the https://pub.dev/feed.atom

What's the use case you are looking to solve?

Maybe for logged users, their liked packages could be shown on a different page by last edits or something similar? That's why I got to this issue. Any thoughts?

[isoos]

A few months ago GitHub launched dependabot integration with pub. https://github.blog/changelog/2022-04-05-pub-beta-support-for-dependabot-version-updates/

We think that for most use cases we are aware of, this provides a good solution to keep track of changes in their packages (alongside the occasional pub upgrade on the specific project). Please let us know if something is not covered well enough.