Hi, all. Tidelift engineer John here. Every so often, a package you’re working on just doesn’t cut it anymore. You want to (or have to) rename it or move it under a new organization. A large package gets split into multiple small packages. Or, in the worst cases, it’s become actively harmful to continue to use an old package. At that point, you need to deprecate the old package.
Some ecosystems have the concept of officially deprecating a package, and two of those, NPM and Packagist, publish that information in an easy-to-parse format. If you’re publishing a package on those ecosystems and mark the whole package as deprecated via that ecosystem’s mechanism, it’s now picked up by Libraries.io automatically:
But other ecosystems don’t support this, or their support is limited and can’t describe a lot of the situations under which a package gets deprecated and what a subscriber can do about its use. That’s why we now have deprecated package support in Tidelift. At the bottom of a package page, active lifters will see:
This new feature allows us to support a lot of the common requests we’ve received from lifters, and some of the edge cases that we’ve seen or run into as developers ourselves:
- How can I rename a package, and keep lifting the old one while subscribers transition?
- How can I let subscribers know they should stop using a package completely?
- How can I guide subscribers on an often-skipped transition to alternative packages?
When you deprecate a package on Tidelift, you have the option of selecting a deprecation type. We typically see package deprecations phrased as “use this other package for x, y, z reasons”, and, more rarely, “don’t use this package at all”, and you can indicate to subscribers your intent for deprecation with this setting. You also get a markdown-enabled text field to help explain to subscribers any other instructions or reasons for the change:
Finally, you can provide the ecosystem and name of a package that subscribers should move to instead. Right now, we’re only autocompleting the names of packages you’re lifting, but you can enter in any valid package to redirect subscribers to:
And, for those using NPM and Packagist, most deprecation settings are automatically passed down from Libraries.io to Tidelift, so subscribers will know right away to be ready for more information about your decision.
This feature is still new and fresh, and we’d love to hear your feedback on it. Thanks!