It would be neat if it was possible to opt out of crate download increments for builds that are known to be from bots (I'm using "bot" in a non-pejorative way). Say when
lib.rs downloads the crates, they could send along some metadata to identify themselves as bots, and crates.io would avoid incrementing the download count.
Basically I would like to add something like
do-not-count-bot-downloads = true to my
Cargo.toml files to enable this feature.
- Is there already some mechanism to accomplish this?
- Are there reasons this couldn't be implemented?
- Are there reasons this shouldn't be implemented?
Problem I want to solve: I want to know if anyone has chosen to use my crates. The download counter is steadily increasing, but I don't know how to know if there are any actual users of my crates.
This would be better on internals.rust-lang.org. I feel like this could be gamed and that including bots/CI is better than potentially excluding legitimate uses. Reverse dependencies are certainly the best way to determine who is actually using a crate.
This makes no sense to me.
If there's someone who wants to hide their downloads, then .. more power to them, I guess. But I'm skeptical that the average rust developer would ever want to have their downloads not be counted. Meanwhile, I have some very obscure crates that I'm certain no one else uses (yet) and they have 2000+ downloads. I realize this doesn't matter to crate maintainers who have thousands of legitimate users. But to me the difference of zero and non-zero legitimate users is very relevant. I know I'll never be able to get that precision, but 2000+ downloads for a probably zero-users crates is not very helpful when I'm trying to decide where I should direct my focus with regards to updating dependencies and documentation, and - more importantly - at what point I should start to do less experiments about API design and slow down with the breaking changes version updates.
The presumption being that every cargo project is published on crates.io, which is most certainly not true. The majority of my rust projects are not published, and I have several proprietary crates I work on for clients that I am not allowed to publish under any circumstances. I'm fairly certain I'm not unique in this regard.
If opting out of artificial boosting can lead to gaming -- how about this variant: Well-known bots (docs.rs, libs.rs, and any others) keep an internal counter of how many times they have explicitly downloaded each crate, and expose this counter using a REST API. Then people who want access to the information I'm seeking can get the download counter from crates.io, then request the "number of requested downloads" from each well-known bot site, and simply do a little subtraction to get a slightly more more accurate non-bots download count.
Counting could be done better. There's room for improvement for distinguishing various types of legitimate users like CI and app installs, as well as even basic anti-spam protections. However, last time I asked about this the crates-io team did not have capacity to implement such things.
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.