docs: try to prevent "remix" package footgun #9433
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Inspired by https://twitter.com/ryanflorence/status/1790041089778373076.
The
remix
package on npm is the first thing that comes up when one searches "remix" (as the exact match), appears updated regularly, and has no indication that it's no longer used. To hopefully mitigate this, this PR adds an explanation to point people to places they probably intended to go to.This confusion is probably quite bad: of the 9 public dependents (npm says there are 11 but only lists 9, so I'm assuming the other 2 are private): one (
remix-redis-session
) has ~4000 weekly downloads (it depends on 1.3), the others all have 2 or 1 digit weekly downloads. That leaves about 18000 new downloads stepping into the footgun, which is comparatively about 4x (remix
divided by@remix-run/server-runtime
) or 0.5x (remix
divided by@remix-run/router
) as bad as the biome / @biomejs/biome situation judging by the ratios of weekly downloads.