Skip to content

Add change feed / webhook API #1030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ry opened this issue Apr 8, 2025 · 5 comments
Open

Add change feed / webhook API #1030

ry opened this issue Apr 8, 2025 · 5 comments

Comments

@ry
Copy link
Contributor

ry commented Apr 8, 2025
edited
Loading

@coreybutler
https://x.com/goldglovecb/status/1909638974802387128
https://github.com/npm/registry-follower-tutorial
@github-project-automation github-project-automation bot moved this to Needs Triage in JSR Apr 8, 2025
@coreybutler
Copy link

coreybutler commented Apr 8, 2025
edited
Loading

I'm sure there are many use cases, but to clarify my request, I am interested in any kind of push-driven change feed we can monitor.

We are building a notification platform for developers that aggregates many different kinds of updates. Currently, we're using the npm change feed to capture module updates, which are relayed to our processing server via HTTP reqs (basically a big webhook receiver). We heavily process these and distribute notifications to users when relevant to them.

We'd love to incorporate JSR into this flow. Ideally, I think we'd register a webhook to receive all JSR module updates. I anticipate that as JSR grows, this could potentially present a scaling challenge. In our case, it's not absolutely critical to receive the update immediately/every second. It would be fine if updates were batched, say every 5-15 minutes, or some reasonable interval. The appeal of this approach is simplicity: we only need to setup an HTTP server to receive requests.

I'm only presenting the above as initial thoughtwork. I'm keen on any kind of solution and I'm open to discussing this topic in more detail. I originally proposed this to some early Deno DevRels (who may have moved on by now) on Twitter. I remember @bmeck chimed in on one of them that Socket.dev may have an interest in something like this as well.

@crowlKats
Copy link
Collaborator

I think these are things we could provide updates for:

  • package created
  • package archived
  • package version published
  • package version yanked
  • package version deleted
  • scope member added
  • scope member left

let me know if there is anything else more granular that you would want to have

@coreybutler
Copy link

@crowlKats At first glance, that seems comprehensive. Is archiving essentially deprecation?

Would version publishing updates include license data (jsr.json)? I'd be interested in knowing if a license changes, but we could track the diff ourselves if the data is available.

@crowlKats
Copy link
Collaborator

Is archiving essentially deprecation?

archiving is the same as on github; so becomes read-only. so yes, it can be seen as deprecation, though a package can be unarchived

Would version publishing updates include license data (jsr.json)?

I think we could be able to provide that info, though not entirely sure right now

@coreybutler
Copy link

As I read the docs a little more carefully, I came to the realization that yanking is more aligned with what I was considering deprecation. Associating archiving with GitHub's made sense. There's probably some conceptual cross-over between those, but since both yanking/archiving would be available, it seems to cover the use case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
JSR
Status: Needs Triage
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ry @coreybutler @crowlKats