Suggestion to alleviate squatting problem: public user reviews of crates

[rodrigocfd]

We all know there is a problem with squatting in crates.io. This topic is being discussed time and again, and some attempts have been made to ease this problem, like #58, #624 and #1340.

Instead of creating rules to restrict the crate uploading in some way – which have found no consensus so far –, I propose the creation of an user review system similar to the one in the Android Play Store:

I believe peer review could help to identify bad crates, and it would also be a way to identify good crates.

One could argue that this won't solve the issue, but simply move it from one place to another: squatters will now create fake profiles to generate fake reviews. But even in this case, it's a lot more work, so I believe it's worth. Anyway, if user pages show the crates reviewed by the user, it would help a little bit.

I understand this won't solve the problem completely, I just hope it can alleviate it.

[carols10cents]

For peer code review, please see the cargo crev project.

Having comments directly on crates.io would significantly increase the moderation burden, which is not something the all-volunteer crates.io and moderation teams are interested in taking on right now.

In any case, this would need to go through the Rust RFC process first to build a design and policies with the community.

Similarly to cargo crev, this could be built unofficially on a separate site from crates.io.

Also see these related issues:

• Feature request / discussion: add some discussion on crates.io to leave feedback and compare functionality (to avoid Pythonic mess) #452
• Add user's comments under crates #1820

[najamelan]

@rodrigocfd I feel there is a misconception here of what squatting is about. Quality of crates indeed varies, and that's unavoidable. However, when you need a lib for a certain purpose, it's not that hard to weed it out. If it has good guide level docs, API docs, tests etc. You have a candidate worth looking into. The rest you can skip most of the time. cargo-crev is a useful tool, but it's user-friendliness is not really comparable to inline feedback on a website.

There is also lib.rs which uses a different algorithm for search results and evaluates crates in terms of documentation, number of dependent crates and so on to float quality crates to the top.

However squatting is about reserving names without ever using them. A bit like domain name squatting. Having a short memorable name for your library that you are serious and ambitious about is definitely desirable and squatting can be frustrating in this regard.

The problem isn't identifying those crates, rather that crates.io is not namespaced and it is first come first serve. You can also namespace yourself by prefixing your crate names like user_library.

As for crates.io, a useful feature might be to automatically pull stars from github, gitlab, bitbucket and other git hosting services, as that is already a way users indicate a basic feedback on usefulness of a project.

[rodrigocfd]

As for crates.io, a useful feature might be to automatically pull stars from github, gitlab, bitbucket and other git hosting services, as that is already a way users indicate a basic feedback on usefulness of a project.

That's a great idea. Is there any ticket discussing this?

[carols10cents]

We don't require any repository URL, and we don't require that it's any particular service (it could be self hosted for example), so this feature would exclude some crates.

This issue is relevant: #786