|
Do you have dozens of projects that each have different versions of the same dozen dependencies, or do you actually have hundreds of differents deps, i.e. each of the dozen projects does a wildly different thing from the other and therefore doesn't need the same deps? Or are you talking about transitive deps, i.e. the dependencies of your dependencies? I think that if you want it automated (which you should because you should be able to do this check in regular interval), you want to measure some kind of proxy related to activity and try to reason about frequency and recency. How many commits, how many released versions how many responses to github issues, how many mailing list posts by the maintainer... have been made in the last year relative to last year. Ofc some of these are gonna be easier to measure than others. Though I think that there's a few catches. Generally one would expect better and more mature libs to require less maintenance work. Though perhaps there's maintenance work that has to happen regardless, like making use of new language features and whatnot.
|
#
¿
Apr 6, 2024 18:03
|
|
|
|
| # ¿ May 5, 2024 18:09 |
|