Spam entries in the registry

[maxkfranz]

That npm allows anyone to publish a package is both good and bad. On the bad side, there are several "spam" clones of the cytoscape package.

Here is an example: cytoscape-universal. This looks like it was published by someone who doesn't understand how npm or semver works. He probably wanted to use a particular version of cytoscape in his app, but doesn't know how to use package.json or package-lock.json. So he published a whole new package just for that.

For npm that might not be as big an issue as for BioJS. The npm search is now pretty good at demoting duplicate or otherwise relatively unused packages. However, for BioJS it makes things cluttered.

Is there a way to blacklist these spam entries in BioJS?

[yochannah]

Ooh, good point! We'd been thinking of encouraging good quality primarily by highlighting good quality packages, but I don't think we'd taken the spammy packages into account.

It makes the most sense to handle this on a case-by-case basis as spammy things come up.

@DennisSchwartz @sarthak-sehgal what do you think - is it likely to be easy to add a feature that allows us to add package names to a blacklist?