[secondcoming]

Does ‘downloads per day’ actually mean anything? It could be someone large company’s CI system building on every commit. I don’t think I’ve ever seen a JSON5 file in the wild.

I’ve always wanted comments in JSON, but the other issues highlighted are not things I care about. The ‘be lenient in what you accept’ philosophy is a disaster, just look at HTTP… stricter is better IMO.

[snookerdooker]

Although I cannot assume, I'd at least hope that a "large company’s CI system" would cache the frequently encountered version(s) of a certain dependency :/

[metadat]

Not a safe assumption. They tend to only invest effort into caching after getting blocked.

As a concretr example, this is a common big problem for NPM, and they have to resort to blocking IPs and/or CIDR ranges.

[onion2k]

Does ‘downloads per day’ actually mean anything? It could be someone large company’s CI system building on every commit.

I don't think you understand quite how many 60,000,000 downloads per week is if you think a big company's CI pipeline might account for that.

[LtWorf]

Maybe 2 or 3 big companies.

I'll never understand why those companies can't bother to set up an internal mirror.

[wizofaus]

"The ‘be lenient in what you accept’ philosophy is a disaster" - I've seen that stated before, and I don't think I quite agree. It depends on how much market power you have - if you're Chrome or Safari, I agree, you should display non-compliant pages in a way that makes it obvious that they're broken. But if you're just developing a backend component that happens to consume data in a particular format and it's not part of a system that millions depend on daily, ensuring it can handle non-strictly-conforming input well usually pays off (but by all means, do what you can to warn relevant users).

[viraptor]

CI like that can give you some boost, but if the project is building many times a day, the dependencies are cached somewhere. Otherwise people get too annoyed with delays. There may be a phase of lots of downloads, but then it gets fixed.

[LtWorf]

I think most companies do not set up mirrors. There is no way millions of individual companies are downloading daily the same pieces of code. And if they had caching they'd download them only when a new release happens, not daily.

There aren't that many companies in the world basically.

[viraptor]

You don't have to set up local mirrors. You can start the build with periodically-saved node_packages, or if you're using docker "ADD packages.json, RUN npm install", or commit vendored modules, or do one of thousand of other things.

For some companies release just means another merge to master, so they are doing tens/hundreds releases a day.

Once you do enough development that this matters, you're going to be doing caching or you'll be wasting money on waiting and bandwidth.

[LtWorf]

Yes you CAN do all of these things, but do people do them?

Consider that for developers a slow build = break time. https://xkcd.com/303/

And just running npm or pip at every turn is easier than setting up all of that, so there needs to be a push to do it. And the server of those entities seem to be able to deal with the load.

In my first job we had autoscaling cloud servers that took 30-40 minutes to be operational. I told my boss we should have pre-created an image instead of installing and compiling dependencies when we started them. But he said it would not be agile.

[viraptor]

> Yes you CAN do all of these things, but do people do them?

Yes, they do. Mostly as a result of looking for infra savings, optimising job time, improving reliability after some process fails when npm is down. It takes some longer than others. It's not necessarily devs that will do it either.

[kag0]

Valid question, the article has a footer

> JSON5 is in the top 500 by both dependents and PageRank

that probably confirms the project is significant but doesn't answer your question.

[abirch]

If you had OpenAPI to document the JSON, where would you use comments in the JSON payload?

[NonNefarious]

Why would you assume that you would?

If you did, I guess it would be anywhere that you had a description in the OpenAPI document. But I wouldn't do that.