Dependabot-core: Feature: show change in npm install size

Created on 14 Jun 2018  路  6Comments  路  Source: dependabot/dependabot-core

I really like dependabot, and I use it regularly with Package Phobia.

I think it would be cool to use data from Package Phobia when submitting the PR to update an npm dependency.

Maybe something like, "an increase of x MB" or "a decrease of x kB".

Mockup

mockup

Package Phobia web app

https://packagephobia.com/[email protected]

Package Phobia API

https://packagephobia.com/v2/[email protected]

picture styfle

Most helpful comment

@styfle yep sorry about that! We鈥檝e now pinned all feature requests.

picture feelepxyz on 23 Oct 2019
1 🎉1 👍1

All 6 comments

Interesting, thanks for the feature request.

First up, I really like what you've done with Package Phobia. It's a great idea and looks really nicely implemented. Nice work.

However, I'm not sure this should live in Dependabot right now. In particular, it would be hard to include it in a way that isn't overly prominent, and I don't feel that would be right for all JS Dependabot users. My hunch is that a better approach would be a bot that comments on Dependabot PRs (/and PRs that do a package update). Does that already exist? Happy to be convinced if you feel strongly.

greysteil picture greysteil on 16 Jun 2018
👍1

Hi Grey, thank you for the kind words 馃槃

I don't believe that bot already exists, but I understand your hesitation to rely on a third party tool (that's actually kind of in the nature of Package Phobia 馃懡)

Anywho, the reason why I think it makes sense to add package size in the Dependabot PR, is that this information is not easy to find AND it is relevant to the person who may or may not merge the PR.

Exhibit A

Earlier this year, jQuery released v3.3.0 that was 14x larger than it's predecessor. It was quickly fixed in the next release but it would have been good to see that immediately in a dependabot PR.

Exhibit B

Last year, socket.io release v2.0.0 which was 7x larger than it's predecessor. It wasn't until several releases later that the size went back down.

Alternatives

Another place to check for package size is for the npm author to check at publish time. However, that tool doesn't exist yet...see this discussion.

styfle picture styfle on 16 Jun 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.

stale[bot] picture stale[bot] on 23 Oct 2019

https://twitter.com/styfle/status/1163946760135467010

styfle picture styfle on 23 Oct 2019

@styfle yep sorry about that! We鈥檝e now pinned all feature requests.

feelepxyz picture feelepxyz on 23 Oct 2019
1 🎉1 👍1

Closing this as it's unlikely we'd take this directly in Dependabot. We'll pass the idea on to the GitHub dependency graph team, as it's a more suitable addition there.

infin8x picture infin8x on 2 Jul 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

byjrack picture byjrack  路  3Comments
v1sion picture v1sion  路  3Comments
artzag picture artzag  路  3Comments
glenn-jocher picture glenn-jocher  路  3Comments
LankyLou picture LankyLou  路  4Comments