Description
Problem
npm publish creates output like this:
npm notice
npm notice π¦ [email protected]
npm notice === Tarball Contents ===
npm notice 245B file1
npm notice 222B directory/file2
npm notice 3.1kB directory/file3
...(more files)
npm notice === Tarball Details ===
npm notice name: package-name
npm notice version: 1.0.0
npm notice filename: package-name-1.0.0.tgz
npm notice package size: 143.8 kB
npm notice unpacked size: 727.0 kB
npm notice shasum: 7ac0451464945285b57dc815377842c3bd045234
npm notice integrity: sha512-GBy/l39nceg9J[...]Jpaxrshg4SCJA==
npm notice total files: 42
npm notice
npm notice Publishing to https://registry.npmjs.org/
This output includes some metrics about the package, notably:
- a list of all files included in the published package, along with their file sizes
- the total size of the package when compressed
- the total size of the package when unpacked
- the number of files in the package
Information about the size of the package is useful for package maintainers. Having it displayed at publish time gives maintainers a simple way to periodically audit the size of their published packages.
There is (to my knowledge) currently no tool included in cargo that will produce this kind of information. cargo package only produces a normal cargo build compilation log; the package is then available under target/package/package-name-1.0.0.crate but this is not obvious and the size is only visible by explicitly seeking it out. cargo package --list is useful but only outputs the names of the included files, meaning maintainers would still have to build custom logic to get the corresponding sizes and add them together.
Many Rust repositories contain additional content (test harnesses and data, CI/CD config, example code, READMEs and other non-rustdoc documentation, etc.) that is not useful when crates are added as dependencies. It's possible to add them to the exclude list in the crate's Cargo.toml if a maintainer is aware of this mechanic and remembers to do so, but there's currently nothing nudging maintainers towards it.
Small crates help everyone, improving the speed of downloading dependencies (especially for users with poor internet connections), and reducing the bandwidth/storage requirements of crates.io and other related infrastructure.
Proposed Solution
Adding an additional package size summary to cargo package and cargo publish would be a great step in pushing package maintainers to be mindful of the size of their packages and make proper use of the exclude list.
The number of files, uncompressed size, and compressed size could easily fit on a single summary line, decorated with a bold green Packaged prefix to match the general style of cargo output. A simple mockup for cargo publish:
Compiling ...
Compiling dependency-19 v0.1.3
Compiling dependency-20 v0.2.8
Compiling package-name v1.0.0 (/path/to/repo/package-name/target/package/package-name-1.0.0)
Finished dev [unoptimized + debuginfo] target(s) in 10.08s
Packaged 42 files, 727.0KiB (143.8KiB compressed)
Uploading package-name v1.0.0 (/path/to/repo/package-name)
The cargo package output would be similar, just differing by the missing Uploading line as it already does today:
Compiling ...
Compiling dependency-19 v0.1.3
Compiling dependency-20 v0.2.8
Compiling package-name v1.0.0 (/path/to/repo/package-name/target/package/package-name-1.0.0)
Finished dev [unoptimized + debuginfo] target(s) in 10.08s
Packaged 42 files, 727.0KiB (143.8KiB compressed)
Notes
Related work
#9058 proposes a warning when large files are included into the package. It makes sense, but requires some agreement on what should be considered "too large". Displaying the total size of the package will at least put package sizes onto maintainers' radars, allowing them to be mindful of it and craft their exclude list accordingly to their own standards of "too large."