New guidelines for Community Resources

[typpo]

Hi everyone,

We’re making some changes to the Community Resources section of the documentation. The goal is to better serve its intended audience: people who are new to the Discord API and are looking for a way to get started.

Here’s what’s changing:

• We’re tightening the standard for inclusion in the libraries list. A library is included if:
  • It's used by at least 1,000 active bots.
  • It supports bot features that have been generally available for over a year.
• The list will be updated once per quarter based on these metrics. It is no longer necessary to PR new libraries.

There are a few things that will disqualify a library or tool even if it meets the above criteria. A resource will be removed from the list if:

• Its maintainers violate our Code of Conduct
• It has an incorrect or incomplete rate limit implementation
• It advertises or includes self-botting APIs
• It mishandles tokens

[Daniel-Worrall]

Are there any that are currently listed at risk of being removed?

If so, can a list be provided, or the maintainers be contacted?

[typpo]

Yes, the list will be shorter. We'll publish the changes later this week

[bdanklin]

Are we still on track for this week?

[FasterSpeeding]

Is there going to be any set system for transparency around why a lib doesn't qualify for inclusion or is this just going to be left up to the imagination or badgering staff about it?

Also are lib maintainers going to be able to get stats on their lib's usage in the future now that discord seems to be using that metric for decisions around libraries?

[advaith1]

to expand on this: can these stats be released publicly?

[typpo]

If library maintainers are wondering about the status of their library, they are welcome to ask us directly. We can't release platform usage stats publicly.

[Stalruth]

What are individual bot developers going to need to do to ensure that they accurately report the libraries that they use?

[Daniel-Worrall]

As long as the library correctly includes the user agent, and the bot developer hasn't overwritten it, then the bot developers don't need to do anything.

[typpo]

We also identify gateway connections by their identify properties https://discord.com/developers/docs/topics/gateway#identify-identify-connection-properties

[A5rocks]

This seems like a bad move. This is biased against:

• libraries in exotic languages (does either Nim library have even close to that many users? But I would argue at least one should remain for the occasional Nim user)
• rest-only libraries, like RestCord
• new libraries. Unfortunately, discovery for these new libraries is terrible and it's silly to delude ourselves that getting a library on the community resources page doesn't get some attention.

Additionally, even the metric is ill-defined. "Active bots"? Does this mean bots connected to the gateway? But bots can have multiple sessions with different libraries, what happens then? Or even, different libraries between shards.

The metric also brings in unwanted libraries, such as possibly custom libraries used by AutoCode, BDFD, or even perhaps some used by bots that allow you to use a custom bot instance for premium (ahem mee6).

[typpo]

Here are my thoughts:

• This list isn't the only source of truth for finding a library. It's meant to be a nice clean place for newbies to start out, not an exhaustive list of languages. Someone looking for a library in an exotic language should Google for it.
• We already record user-agent, but yes we'll document a way to identify interactions libraries.
• Overall, the outbound traffic from community resources is very low. Whether a library appears on the list or not has no bearing on its success. Many libraries are not receiving more than a click or two per week.

To your other points:

• We have standard internal metrics for active bots that we apply here.
• We're not including premium libraries, private libraries, etc.

[A5rocks]

This makes a bit more sense as I thought you were only considering gateway identification for "active" bots. RE: outbound traffic, I was mainly focusing on the effects of having an open PR (occasionally with controversy), but the statistic is interesting. However, I feel like your thoughts on the community resources list are different than what it is currently portrayed to be.

Currently, the docs for community resources libraries states:

The Discord team curates the following list of officially vetted libraries that conform to our APIs standards around authentication and rate limiting.

Right afterwards, however, they scare developers into using libraries listed:

Using custom implementations or non-compliant libraries that abuse the API or cause excessive rate limits may result in a permanent ban.

(emphasis not mine)

Additionally, it appears that a library being listed is a large indicator into whether the developer gets access to the library development channels in ddevs. From a DM with a staff member:

me: "by the way [explanation on why I'm asking], is the requirement for the libdev role in ddevs to have a library on the community resources?"
this person: "That's been our heuristic so far"

I would love to have this clarified if possible! If being on the resources list indeed is a requirement for these channels, this disadvantages anyone using a non-standard language.

[typpo]

We do not want to spend time "curating" an exhaustive list of libraries and languages. That text will change.

Library dev roles are assigned separately. We're just focused on fixing community resources right now.

[FasterSpeeding]

We already record user-agent, but yes we'll document a way to identify interactions libraries.

Any updates on this yet? @typpo

[Mehgugs]

You say "It is no longer necessary to PR new libraries.". Currently a lot of pull requests are often reviewed by community members both on the implementation of ratelimiting and also the library maintainer's mangement of the project community. How will that process happen transparently?

[typpo]

Discord staff will review libraries and give feedback on rate limiting implementations directly to authors if necessary.

[Mehgugs]

so it's not going to be transparent then?

[typpo]

Not sure what you mean here. The criteria for inclusion are in the original post. Discord usage stats will always be private, and our communications with library developers about their libraries are private too. Devs can share feedback on their rate limit implementations if they want.

[renhiyama]

so it's not going to be transparent then?

you cant expect every thing to be transparent, atleast not the security part. To be fair, most of the open source projects ask people to inform the maintainers about the security via email or any similar private service (eg: DMs on discord). Also being transparent may sometimes provide outdated info, like if there was a page about being transparent and it doesnt gets updated, some good/new lib may not be used by a new dev just because the outdated information directly from discord said not to use that library just because it didnt had proper ratelimits (that time).

[DeJayDev]

I believe if the goal is to drive visibility to the "best" libraries only including popular ones just gives the opposite result. Now, instead of a beautiful diverse ecosystem of libraries and bots made with them Discord bots would become reliant on the "big" libraries and maintainers may feel like they no longer get the ability to just give up on the library.

What if something like Discord.py happens again? It would take up to a quarter to get replaced and many bots on the platform would be stuck in this limbo. No longer do library artists get to develop libraries for fun or educational purposes and some may feel obligated to purely because of the need developed upon them, which isn't good for an open source maintainers mental health. Especially because the likelihood of these developers being paid for their contributions is very low.

[DeJayDev]

I'm still thinking about this after a conversation had with some friends in a private space. Aside from the concerns about potentially unhealthy dependency on library developers, I believe that if the goal is to highlight libraries that Discord knows "works" or has the most recent features, the community should still have a say in highlighting the most interesting and diverse options.

It's not the right mindset to see the list as a "these are the only options", but to give prospective or already seasoned developers a choice of "these are the tools that work, you pick what works best for you". This inspires creativity, this teaches new developers how to form opinions on things that do and do work for them and their way of problem solving. Developers get this truly powerful skill of building their opinion. "I've used A and B and didn't like how A does xyz". There's never just one way to solve a problem, there's never a place for "just use the most popular stuff and don't worry about it".

If a library suggested to the page doesn't have a certain feature or it's not added in time to appease Discord, someone could just ask "Hey, I really like thing. Please make it so I can keep using this by adding support for abc" maybe a stronger developer can start that process on behalf of the owner and open a PR. I truly believe the goal should be to highlight all the valid solutions, not just a couple and expect developers to know to find their own solutions.

Discord is already changing so rapidly, and library developers already have to be willing to make changes on a dime.

[Daniel-Worrall]

If a maintainer does not want their library to be listed, they can request it to not be listed

[typpo]

Based on current usage, the Community Resources section has no bearing on how diverse/not diverse the Discord ecosystem is or whether a library is successful. It is used by a small number of new arrivals and most libraries currently on the list do not receive meaningful traffic.

No longer to library artists get to develop libraries for fun or educational purposes and some may feel obligated to purely because of the need developed upon them, which isn't good for an open source maintainers mental health.

I'm having trouble connecting this statement to the Community Resources docs. But for the reasons I gave above, no one should be developing a library based on whether it's listed in a table in our documentation. If a bot-related feature takes over a year to get into a library, that library is probably inactive. New developers don't want to be referred to libraries that don't support core features.

[typpo]

oops, none of your replies loaded for me here. Apologies if I missed some context

[Mineinjava]

Especially because the likelihood of these developers being paid for their contributions is very low.
What if discord paid developers to develop official libraries for them?

[zina-bug]

There would should never be such as finite number to get added to the list. malicious developers would find such a way to manipulate the numbers. this should have a similarity structure to the Partnered Server Owners application. partner program has issues on it own but each application has a secret magic to it in order to get approved. such requirements are not shared publicly beyond the Community Team hence why the partnered servers are very high quality. the same should be done here. on top of the 1 thousand active bots using the library there shall be some other requirements not shared publicly beyond the API Team if this would be implemented there would be less gamification added here.

kindly excuse any grammar errors as english is not my native language

[advaith1]

...no, I don't think they should be just denying most libraries without providing any explanation

[zina-bug]

...no, I don't think they should be just denying most libraries without providing any explanation

The partner program got issues on it own as I said. at least the servers in the partnered program are high quality. there shall be some small not publicly shared requirements on top of the 1 thousands active bots requirement is my solution.

[kyranet]

Just a doubt, since it looks like the User-Agent header is a key part of recognising what library a bot uses when doing REST requests, does the specified version of the library matter?

For example in Discord.js, the latest stable version (v13) will show the version as v13 (with a base UA that similar to DiscordBot (https://discord.js.org, 13.6.0) Node.js/v16.13.1), however, the development version (v14) moves the REST component to its own separate package and versioning, which in turn makes bots running discord.js v14-dev have a base UA with a lower version: DiscordBot (https://discord.js.org, 0.3.0).

Also, in the event a library changes its domain (be it because the domain they were using expired, or because they migrate to another, e.g. from the repository to a dedicated domain, or even the repository link due to the library's owner changing), would the metrics for both $url parameters somewhat merge even if manually? Will there be dedicated systems to bind different URLs to the same library?

[bsian03]

It advertises or includes self-botting APIs

Do we have to completely remove them or can we just put a warning that it is a user account endpoint and should not be used

This is the case for Eris, and would otherwise fit every other requirement. Abal has historically leaned against removing these but if I need to then that's not an issue either

[bsian03]

We make it clear that user account is no longer supported with Eris and there have been no updates on user account features since the relevant ToS change. Also I don't know what statistics you're referencing from but there's only been around 10 discussions about removing user account features since 2018 of which only like 2-3 of them have been actual requests to remove them.
You're welcome to join our support server if you want to discuss this further

[rilysh]

"No updates on user account", I agree with this that Eris doesn't officially support user bot. However Eris still contains some sort of user bot features which can be easily invoke, and I feel like Eris shall remove all sort of user account endpoints and refactor, depends on abal... does he want to do it..

[bsian03]

We've been told to remove user account features completely if anyone's wondering

[NovaFox161]

Is the 1000 active bots metric a requirement, or more of a "strong suggestion"?

By that I mean would a library with several hundred (but not 1000+) active bots, doesn't break the code of conduct, and has good code quality, be able to appear on the community resources page?

It would be nice to give a "spotlight" (for lack of better words) to well maintained libraries that haven't reached this 1000 bot target, as a pure metrics driven approach could unintentionally encourage unwanted behavior (falling code quality, pushing more people to "mainstream" libraries and reducing the competition in the ecosystem).

I want to see the dev community succeed and grow. But pushing newbies to only the largest libraries may cause more harm than good, and encourage what we've seen before; with only 1 major library in a popular language and its sudden deprecation causing quite a lot of drama and stress for developers.

[typpo]

Unfortunately that approach will cause people to claim bias, debate inclusions, etc. Short of removing the entire section, the most objective approach is to come up with is clear, public criteria.

Re: large libraries vs small libraries, we have found that the Community Resources list has almost no influence on whether a library grows or not. Most people find their libraries elsewhere (I'm guessing through tutorials and package managers). For this reason it's best to keep the criteria simple and objective.

[i0bs]

Is it safe to assume that the active bots metric will be assumed by the custom User-Agent header passed by libraries in HTTP requests, as well as the Gateway identifiers? Additionally, will 1,000 active bots be alive connections, just bots that haven't been offline for X amount of time?

[erkinalp]

For those who are new to the Discord developers community, the library mentioned by the parent comment is discord.py.

[JDJGInc]

Discord.py no longer supports user bots, it's not official, no will help in their guild or github.
People seem to use older versions to get it to work.
The help channels and one guy dmed me. We all said no we don't help with self botting and it's against tos.
No library I know of supports it, people just use older editions who do support it.
Don't self bot, it's against tos and bots work better anyway

[insyri]

It advertises or includes self-botting APIs

Every API can be used for that case, what dictates whether it is or is not? Advertised to be specifically for self-botting? Mostly used for self-botting? API is oriented for self-botting (like including specific functions — let's say spam dm function — that are popularly used for that case)?

[bsian03]

Endpoints that only user accounts are supposed to use is what's meant by self-botting APIs

[insyri]

Makes sense, this should be more clear.

[FasterSpeeding]

What counts as a library "support[ing] bot features" by Discord's standards? Let's say a library provides an interface for voice send functionality and its ecosystem has separate libraries which implement this interface to provide voice send functionality but the library itself does not include a standard implementation, would this count?

[renhiyama]

I believe yes, provided the ecosystem follows the discord guidelines too.

[rilysh]

Honestly, I didn't agree with "It's used by at least 1,000 active bots". It makes a new library more far pointless as adopting a library for new people without knowing it's existence. Some of newbies also take look at community driven libraries and without notified them about the creation, how it suppose to grow about "1000+ bots"? Yes, except the creator and some sort of user until advertise to other to use that library, but it's not reliable and will take a long time to grow in that point.

And besides this, I found a lack of view on those bots who's uses custom libraries.

[typpo]

Community Resources doesn't help bots grow. It's a place for people to view resources that are commonly used by the community.

[rilysh]

I'm not really talking about bots growing, talking about adopting and growth of that library, please read the comment carefully.

[typpo]

Sorry, I mistyped. Community Resources doesn't help libraries grow. It's a place for people to view resources that are commonly used by the community.

[braindigitalis]

this is basically going to make the list just five entries, for JavaScript, python, rust and C#.

any less Popular language which would struggle to amass a thousand bots is basically just now not important enough for exposure.

[renhiyama]

This idea seems to be looking more of a app discovery/ server discovery requirement:
Those two discoveries seems to be promoting popular servers, but not small and new servers.
Same goes with the library: popular gets more popular, new ones gets no attention.
I would like to suggest changes:
Instead of having a requirement of 1000 active bots, we can have requirements like:

• having atleast 100 stars (most open source helping projects take this as an requirement, like crowdin, open collective)
• have a good amount of interactivity on the repo (like issues, prs, discussions)
• have atleast 100 members on discord support server (excluding bots) / atleast 50 online members / atleast a discussion here everyday.

Also I would like to suggest additional info for these libs, show whether the library is a fork of any other list, so bot devs can learn better which list would be easy to pick up with minimal changes from a discontinued library (in this current scenario, discord.py)
Also what about showing stars and forks on the docs page? That can tell more meta info about a library without needing to visit their homepage.
I would also like to inform to include a need to have multi pages docs, guides and/or a generated doc like made with jsdoc. (Mobile viewing & good SEO/in-site search like algolia would be a good addition)
If this is not an requirement, atleast let the developer know whether there's any good docs made by the maintainers or not.

[braindigitalis]

Unfortunately, many of these criteria are highly gameable/subjective and would lead to ambiguous reasoning and outcomes similar to what we have today.

what exactly is the issue youre trying to prevent?
As a user, i dont see a problem with the page and the system as it is now, and it's 99% community maintained and policed anyhow?
What have i missed? I'm concerned the harm this will do to smaller projects in esoteric languages. There's no way for example any C++, nim, julia, etc lib could ever get 1000 active bots. I'm guessing you'll end up with a list of maybe a handful of libs, if you go with the 1000 active route.

[Bluenix2]

I think the somewhat sad reality is that this is what they want. The scope of the Community Resources is changing to be only the very most commonly used libraries - so that newer people who view the docs looking for a library picks up one of the big libraries with a lot of use and support.

It's not meant to be an exhaustive list, rather, it's now meant to recommend the bigger libraries that one can get started in easily.

[renhiyama]

Unfortunately, many of these criteria are highly gameable/subjective and would lead to ambiguous reasoning and outcomes similar to what we have today.

You're the developers who make these topics a gamified version and battle. Like there's literally no problem with anyone with the current version of how libraries are listed. Everyone can agree here that everything discord is upto now is becoming a listing battle here now, bots, servers, and now libraries. Discord was meant to be a place where every community of any size can live together, peacefully and happily. It isn't meant to be a place where popular stuff get more popular...
#DiscordNeedsToChange

[JDJGInc]

I personally use whatever library suits me, with the language I use as long as it's personally used enough in order to get help, just cause it's listed doesn't mean it's the only choice.
There are plenty of different options, just follow tos.
That's what I do

[Bluenix2]

Like there's literally no problem with anyone with the current version of how libraries are listed.

No, there is a problem. There's no other type of PRs I see that get as heated as PRs touching the Community Libraries. Look at #3725, #4355, #3146, #3795 and #3732.

Requirements like these would also make it clear what objectively makes it to the list and what doesn't - they are now vetted, verified, and curated by Discord only. This way all other community drama is left out and the list is only for tried-and-tested big libraries.

I wish things wouldn't have had to be done like this, but I have yet to see a better proposal. I do want to say that I am in support of GitHub stars also being a statistic tracked, although 100 stars seem rather small.

[sevenc-nanashi]

Question:

It's used by at least 1,000 active bots.

How do you count them? Gateway, User-Agent, or Downloads on package manager?

[braindigitalis]

Question:

It's used by at least 1,000 active bots.

How do you count them? Gateway, User-Agent, or Downloads on package manager?

you can't use package manager downloads - some languages don't have a unified standard package manager like python has pip and node has npm. take C and C++ for example...

[renhiyama]

Question:

It's used by at least 1,000 active bots.

How do you count them? Gateway, User-Agent, or Downloads on package manager?

you can't use package manager downloads - some languages don't have a unified standard package manager like python has pip and node has npm. take C and C++ for example...

And conan package manager for c++ isn't used by everyone

[rilysh]

Question:

It's used by at least 1,000 active bots.

How do you count them? Gateway, User-Agent, or Downloads on package manager?

you can't use package manager downloads - some languages don't have a unified standard package manager like python has pip and node has npm. take C and C++ for example...

And conan package manager for c++ isn't used by everyone

I don't think everyone uses conan, asking myself, nope.

[erkinalp]

It has an incorrect or incomplete rate limit implementation

What counts as incorrect rate limit implementation? For example, is it considered improper to statically tune the limiter to always use the worst case limits? After all, not all bots may need to use the excess rates that can be utilised by having a dynamic rate limiting implementation.

[prryplatypus]

Being dynamic, technically the worst case limit would be a ratelimit of 0/∞ (not expecting Discord to ever do this, but the option is there). Would any library being used by 1000+ bots really want to code this in? 🤨

[i0bs]

This comparison makes little sense, nor does it seem worthwhile semantically arguing the basis for incorrect rate limit implementation. Case in point, in order to be added to the community resources, a library will need to follow the official documentation pertaining to it.

[renhiyama]

I think the libraries should be checked on whether they follow discord api guidelines, tos, and whether they have active maintenance/development on them, while having a support server can greatly help, still GitHub discussions can help people out anyways.

[renhiyama]

@typpo what about making a requirement for making those libraries should be open source only? In that way, everyone can learn by themselves what is a lib upto, whether it's fake and/or harmful, does it really respect rate limits, etc. Just a suggestion.

[banocean]

When this library will be unlisted, support servers also will lose verification?

[erkinalp]

Why would it?

[Faf4a]

Sorry for hitting up this old discussion, however are extension libraries still disallowed to be submitted?