Update all the stuff

[XhmikosR]

• switch to ESM, require Node.js 12
• switch to GitHub Actions
• remove pify, make-dir and rimraf packages
• add coverage with c8
• update all packages to the latest version except for file-type and got they require further code changes:
  • got now throws on unsupported options being passed like extract
  • file-type >= 13.0.0 is async only

Closes #212, closes #204, closes #200

CI run: https://github.com/XhmikosR/download/actions

/CC @sindresorhus

[sindresorhus]

I don't have access to this repo anymore (by choice).

[XhmikosR]

Damn, I didn't know and I thought you'd have access hence why I spent some time to make this PR.

I guess the only solution would be if someone forked and maintained a new fork for the ecosystem to benefit. Unfortunately, I don't have the time to maintain another project, so if anyone wants feel free to cherry pick my patches.

[striezel]

I guess the only solution would be if someone forked and maintained a new fork for the ecosystem to benefit.

What about @kevva, the current owner of this repository? Can't he review this PR instead?

[seriiix]

We can use npm i https://github.com/XhmikosR/download/tree/dev as a temporary solution.

[striezel]

We can use npm i https://github.com/XhmikosR/download/tree/dev as a temporary solution.

Well, as you said: That is only a temporary solution.

Such a temporary workaround will only reach a small fraction of the users of this package. The better way - reaching most of the users - is to get this stuff merged and an updated version of that package published to npmjs.

[robinschneider]

@kevva Is it possible to merge this PR?

[kevva]

@robinschneider, yes. I'll be back from vacation tomorrow. Going to review and merge then.

[robinschneider]

@robinschneider, yes. I'll be back from vacation tomorrow. Going to review and merge then.

Any updates when this will be available?

[tulski]

@robinschneider, yes. I'll be back from vacation tomorrow. Going to review and merge then.

@kevva any updates? When we can expect your review?

[denysoblohin-okta]

@kevva Please merge and release new version. got version used currently has a vulnerability

[Haegin]

@kevva do you need a hand getting this over the line? We've got existing code that we need to update to fix the got vulnerability others have mentioned and it's likely easier for me to help you land this and release a new version than it is to remove this dependency from our code.

[striezel]

[...] it's likely easier for me to help you land this and release a new version than it is to remove this dependency from our code.

Yes, that would be easier. But I have little (if any) hope left that this will get reviewed and merged.

This PR has been open for more than eight months without being resolved in any way (neither reviewed nor rejected nor merged) by the current repository owner / maintainer. That alone is not a good sign. It gets even worse when looking at other pull request. The latest merged pull request is https://github.com/kevva/download/pull/192 from April 2020, and that was still merged by the previous maintainer (sindresorhus). The latest commit on the main branch, 94e9081e461719b61e62050704cdfcc6a464d6a7, is also from April 2020, and it was also made by the previous maintainer sindresorhus.

In other words: There has been no visible activity to bring in any code changes by the current maintainer / repository owner kevva for almost 2.5 years, and that sends basically a message to anyone using the download package: The download package is unmaintained, and its users should consider moving on to maintained packages. :(

[robinschneider]

I removed this package in favor of node-download-helper https://github.com/hgouveia/node-downloader-helper

[felipecrs]

@kevva is there a chance you can add maintainers on this repo?

I have created a fork of one of your projects and published a scoped packaged in npmjs, and it receives a quite reasonable amount of downloads per week.

https://www.npmjs.com/package/@felipecrs/decompress-tarxz

Maybe if you add more maintainers to this project it will help offload you while for everyone's benefit.

[XhmikosR]

I have already published my forks for some time now:

• https://www.npmjs.com/package/@xhmikosr/bin-wrapper
• https://www.npmjs.com/package/@xhmikosr/downloader
• https://www.npmjs.com/package/@xhmikosr/decompress

I currently use it in https://www.npmjs.com/package/hugo-bin

[felipecrs]

That's great, thank you!

[felipecrs]

@XhmikosR I am trying to migrate to your fork, but I am consuming them with TypeScript. DefinitelyTyped provides types for the old versions, which are no longer compatible with your fork.

https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/download/index.d.ts https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/decompress/index.d.ts

It should not be too hard since there are the types above to be based on.

Would you consider to add types to your fork? This would simplify my life by a lot. Let me know if you need help also.

[XhmikosR]

@felipecrs I don't use TypeScript so someone else will need to fix such issues, submit a PR and CC me.

[felipecrs]

@XhmikosR great. I will see what I can do. Thank you!

[felipecrs]

@XhmikosR, last thing, by any chance are you willing to pick up https://github.com/kevva/decompress-tarxz (newest fork https://github.com/felipecrs/decompress-tarxz) to have everything under your umbrella?