Feature to allow report of packages that just copy another package code.

tighten / novapackages

https://novapackages.com

335 stars 61 forks source link

Feature to allow report of packages that just copy another package code. #305

Closed ziming closed 1 year ago

ziming commented 1 year ago

Example:

https://novapackages.com/packages/joerithegreat/nova-table-card

is a total copy of

https://github.com/m-a-k-o/nova-custom-table-card

marcusmoore commented 1 year ago

Hi @ziming,

In this case, it looks like the author fixed some issues and opened a PR to the original repository but might consider the package abandoned so they went ahead and published to packagist (and here) with those fixes.

Unfortunately, it looks like the author didn't fork the repo, which would display a link to the original in GitHub, or add a link to it in the readme. I don't think that is ideal but the license doesn't disallow it.

Users searching for "table card" will see both packages in the results and can make a decision on which one they would like to pull into their app.

I'm going to close this but please comment if you find another example of a package that you think should be addressed.

Have a good weekend! 😄

ziming commented 1 year ago

Hi @marcusmoore

What I mean is a request to have a reporting button on novapackages.com website, be it for copycats or something else (say package with malicious code) so reporting "bad" packages be easier and more anonymous (compared to posting an issue here which reveals my username)

Also the original package last release is 3 months ago and they last replied to that PR on 3rd October. how is that abandoned?

I also just tested the new package in question and the pagination feature that is added is not really working, so I think it is natural the maintainer didn't merge it.

marcusmoore commented 1 year ago

Hi @ziming

Sorry for further revealing your username. Linking to relevant issues and PRs in GitHub comments is second-nature to me and I did it without thinking.

I don't know if the author considers the package abandoned or not I was simply putting together a timeline of how this package could have been created. In this case, we wouldn't delist the package because it is a "copy" since the author is free to fork the package (albeit without attribution in this case) and modify it how they wish. Of course, you are free to rate/review the package (keep in mind your username will appear next to reviews) according to your experience with the bugs in it.

Your point about malicious code is valid and we certainly don't want to list packages that have malicious code in them. I've created an issue to track that #308

whitespacecode commented 1 year ago

Hi @ziming I was looking for a package to include a table on my dashboard. I stumbled upon the package from m-a-k-o. Using it i noticed some things broken and missing (reported on his issues tab) So i forked the code, fixed bugs, optimise the code + readme and even added pagination function. When creating a PR i even notified m-a-k-o with no response. After i few weeks i decided to publish and maintain the package myself, thereby releasing it on novapackages to. There are no new updates yet since the package does what i need and nobody is making issues or requests. If you encounter things that don't work please create an issue and i will look into it.

Edit: I see i didn't add a link in my readme. I will address this right away