EFI: Regular publishing of new version #189
Description
Motivation
Publishing a new version of a package can be see as a way to display that the community around the project is live and that security issue (or performance optimization) are taken into account. In the Node.js ecosystem, targeting a patch update for security / performance can make sense - without overwhelming users relying on the library.
Expectation
Define a max duration for which not having an update raise an alert
Automatically watch all repositories for latest release and trigger a message (slack / email / other)
Implementation
Discuss about the max time (and if we want to do that)
Implement an action per repo (or one action checking all repo regularly - no need to PR that in all repository)
Status
Part: Technical
Draft
We should define a threshold (6 months or a year) to raise warning if a packaged was not updated in this amount of time
Keeping a large amount of libraries up to date and publishing new versions is hard but is also one way to display a live and healthy ecosystem. By enforcing that all packages need to be updated and published at least once in a defined amount of time we can lower the global risk while displaying the need to update to our user base.