Add option to return only current dependent packages

[voxpelli]

Right now the list of "dependent packages" is a list of packages which in any of their historic version has depended on the module.

At least in the case of npm that's less interesting. The more interesting data is who are currently depending on a package – not who have done so historically.

A package that was highly dependent upon but which the community have moved on from should in my opinion have a small list of dependent modules, not a large list.

For npm its quite easy: Limit the version of dependents to that matching the latest tag on npm. The version number for that tag is already available in latest_release_number in: https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/installed-check

Opening this issue after speaking about it with @andrew on Mastodon and he suggested opening an issue: https://mastodon.social/@andrewnez/112433091250034050

Me personally would use it for my https://github.com/voxpelli/list-dependents / https://github.com/voxpelli/list-dependents-cli modules

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

[andrew]

We'll need to cache latest onto the latest Version for each package (new boolean column, updated after each time package is synced).

And then tweak the logic of fetching dependent_packages to only consider versions where latest is true: https://github.com/ecosyste-ms/packages/blob/main/app/models/package.rb#L128

Then add a latest parameter to the dependent packages endpoint: https://github.com/ecosyste-ms/packages/blob/main/app/controllers/api/v1/packages_controller.rb#L106

[andrew]

Deploying a first pass at the code now, it's going to take a few hours to update the latest field on 100 million version records, I will prioritize the dependents of standard so you can do some testing.

[andrew]

@voxpelli https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/standard/dependent_packages?latest=true

[voxpelli]

@andrew Trying it out now! Thanks for impressively quick turnaround :)

[andrew]

Thanks! The code change was quick but it's going to take quite a few hours to update the new latest field on all packages, let me know if there are any other packages you'd like prioritized.

[voxpelli]

Worked for all modules I needed it to work on, thanks! As far as I'm concerned this issue can be considered fixed :)

(I haven't yet made the repository public where I use these modules of mine, but I will soon)

[andrew]

List from @voxpelli of packages (github repo names provided) that should be listed in https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@voxpelli/eslint-config/dependent_packages?latest=true&per_page=100&page=1 but are not, that are listed in https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@voxpelli/eslint-config/dependent_packages?per_page=100&page=1 to investigate:

• https://github.com/voxpelli/node-fetch-politely (https://www.npmjs.com/package/fetch-politely)
• https://github.com/voxpelli/node-tema (https://www.npmjs.com/package/tema)
• https://github.com/dependency-check-team/dependency-check (https://www.npmjs.com/package/dependency-check)
• https://github.com/voxpelli/node-format-microformat (https://www.npmjs.com/package/format-microformat)
• https://github.com/voxpelli/node-webmention-testpinger (https://www.npmjs.com/package/webmention-testpinger)
• https://github.com/voxpelli/node-jekyll-utils (https://www.npmjs.com/package/jekyll-utils)
• https://github.com/voxpelli/metadataparser-mf2 (https://www.npmjs.com/package/@voxpelli/metadataparser-mf2)

[voxpelli]

The yikesable/fastify-acl was included, it was me that was accidentally filtering it client side 🙈

[andrew]

• fetch-politely - newest version is a prerelease, currently "latest" in ecosyste.ms ignores preleases
• tema - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
• dependency-check - newest version is a prerelease, currently "latest" in ecosyste.ms ignores preleases
• format-microformat - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
• webmention-testpinger - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
• jekyll-utils - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm
• @voxpelli/metadataparser-mf2 - doesn't appear to have @voxpelli/eslint-config as a direct dependency in the latest published version on npm

There's a couple there that have prerelease versions published to npm with @voxpelli/eslint-config as a dependency, but ecosyste.ms ignores preleases whn calculating the "latest" version.

There's also a few repos you link to that have @voxpelli/eslint-config as a dependency that have not been published to npm, the packages service only looks at versions published to npm, to get data on those you'll need to fetch dependent repository data from https://repos.ecosyste.ms/ instead

[voxpelli]

@andrew Oh, so sorry for that 😬 Evidently I have a backlog of projects to do (stable) releases for, which I have forgot to do releases for

This is entirely upon me then, sorry for wasting your time, I should have dug deeper into it myself first 🙏

[andrew]

@voxpelli no worries, I just wanted to make sure there wasn't something wrong in the detection