That seems like a pretty sensible way of doing things.
I wonder: will people find a way to exploit it? E.g. create a simple but useful dependency that uses 100 sub-dependencies, all by the same author? Will larger, more self-contained dependencies lose out to small ones?
I wonder: will people find a way to exploit it? E.g. create a simple but useful dependency that uses 100 sub-dependencies, all by the same author? Will larger, more self-contained dependencies lose out to small ones?