43081j
commented
9 months ago I've been trying to find a good place to get hold of this data to do exactly that
The registry API doesn't seem to have a dependents endpoint anymore, so I've been scraping the website locally so far (which quickly gets rate limited).
There's also a bigquery public data set that could help but it's pretty big, so I feel like most queries will be costly (it doesn't only contain npm, and contains many versions).
Similar, you can get hold of what claims to be an npm snapshot but I didn't have the storage locally to try it out
All ideas welcome. If we can at least have a script to help us do these lookups, it'll save a lot of time
I'm also looking into doing the reverse recently: take a popular starter kit or library and go down the tree looking for culprits
mcmxcdev
This seems like a great project! I think one way to find the best leverage for updates is to crawl npm dependents of the legacy packages like xtend, and find packages that are both updated in the last year (so the author might be still maintaining it) and then sort by download counts. Might be able to throw this script together, though I can't find anywhere that npm really exposes the dependents graph.