I really like that you are using nestjs, idk why some devs hate it, IMHO its the best node framework that can be used to build production ready apps, i started using it a month ago at work and it was my first time using it, and it already made so productive
What is the reason for “open sourcing” this , when any meaningful implementation is locked away behind services and is closed source. I just think these kind of use cases confuses users. There is no problem in being closed source and proprietary (unless you are using preexisting open source code and open sourcing those parts of your code makes it legally compliant) . In any case it is confusing at best and misleading at the worst.
Free advertising on Haker News. 10 bucks net profit without any grows is also profitable. Getting to the main page of HN was worth open sourcing what had no potential anyway.
This is my reasoning, I'm not the creator of this.
As someone that built a 20m ARR survey product... The only difference between this and something making millions is a sales team.
And millions in bots and fake reviews.
it wasn't needed in our case. Selling B2B didn't require online reviews of our product.
Username checks out.
I think maybe you're being overly cynical (yes yes, I did see your username!)
Sometimes, large companies open-source a SaaS product because they expect to make more money from the free marketing (See yesterdays post about headline-driven development) even though their implementation remains closed.
We still give them news-space, don't we? Why should we act any differently for solo developers?
There are organizations (often not small) that will pay for a hosted and closed source solution if it is available under dual license in case it goes away.
Other organizations still, have open source only policies, or no open source at all.
Many of these applications can be in government.
It can increase the footprint.
What organizations have a no open source policy? They would be hard pressed to find any significant commercial software that doesn't have an open source dependency somewhere it its dependency chain!
Oh, they exist. Imagine Microsoft based companies that must have commercial licensing with software that guarantees to work or is secure.
I know of some CMS’ which were dual licensable for this reason.
Other reasons why:
https://www.channelfutures.com/connectivity/reasons-organiza...
when any meaningful implementation is locked away behind services and is closed source.
As someone seeking a purely open source forms solution, what do you mean by this?
Not the commenter you replied to, but I noticed that it depends on Redis and Mongo, which are proprietary database products. However, there are Redis and Mongo mostly-compatible DBs that are Open Source, so you can probably swap them in (though the project may not officially support them and test with them, so you may have to be willing to contribute testing and bug fixes yourself).
I see that the project appears to depend on Mongo and Redis, both non-open source. However, both have substantially compatible alternatives that a user should use in their place. Even if they did not, having the source code available under an open source license means that users can fork it and swap these databases out for something better. Users can learn from and modify the source code for their own uses. Users can review the source code for quality and security. All of these things are possible when the code is open source. So yeah, it would be nice if it used open source dependencies or at least officially supported alternative open source dependencies, making the application open source as is is still a win over keeping it proprietary.
I'm secretly and slowly building a form building application. The idea is that in my association we don't want to rely on Google Forms. And we only want to use open source software. We are using FramaForms which is a bit clunky and doesn't have this feature that updates a spreadsheet automatically. I thought that I could just create something that would answer both concerns.
But a good open source forms app would probably change everything, I would gladly stop my small project (in favor of contributing to an existing one for instance). I see there is integration with a lot of products, including Google Drive and Google Sheet.
Would an integration with Nextcloud be considered?
Congratulations on open sourcing this, we need open source and self hosted form solutions. Critically private data is put in forms and that get sent to big private companies like Google, which is not ideal.
As other commenters say, you might want to use AGPL indeed, but I guess you carefully thought this decision.
Limesurvey is “good enough” for most applications and is open source- any reason why that wouldn’t work for your use case?
As far as I know, LimeSurvey can't auto update a spreadsheet with the answers.
But LimeSurvey has its advantages:
- it's in PHP, and our whole infra is already using it (WordPress and Nextcloud). So it's easier to setup and if we want bridges between these tools, it'll be easier.
- AFAIR, it doesn't require JS when filling a form and in particular, it's not a React app.
We have used LimeSurvey in the past, we got rid of it but I don't remember why, I should look into it another time.
Two other big requirements we have is solid conditional field support and easy to use form builder.
Reason why I ask is that there are many form/survey builders out there, as people often underestimate the complexity it takes to set one up that supports things like max diff, routing etc.
Looking at the forums I can see that some have managed to achieve what you need via plugins (albeit the one I see that is confirmed working seems to be paid…)
Just thinking contributing an open source plugin to a great open source scripting tool would save you headaches down the road :)
You are right, this is a time consuming and a genuinely hard problem to tackle.
I have not been satisfied with existing software, but I would be happy to find out otherwise.
But a good open source forms app would probably change everything
Can you go into that a bit more, I'm interested what you would see changing. Why do you think it hasn't been done already?
My understanding of the comment is that “changing everything” should be understood in the context described by the begining of the comment. That is their organisation would stop using FramaForms, and the commenter would stop working on their replacement skunk project. That is all of those mentioned plans/activities would change drastically.
It wouldn’t change literally everything. The Sun and the Earth will continue to orbit around a shared barycenter. Humans will continue to breath oxygen. Carbon will continue to form four covalent bonds per atom. Some boys will continue to think a lot about some girls, etc etc.
Yep, I meant this indeed.
Thank you for sharing your experience and insights. It would be fantastic if we could collaborate to make HeyForm better suited to your needs, as well as the needs of many others.
Would an integration with Nextcloud be considered?
We are definitely interested in exploring this possibility. However, since I am not personally familiar with Nextcloud, it would be helpful if you could provide more details. Could you please open an issue so that we can discuss it further?
Sure, I'll take the time.
Grist has the ability to create forms that are automatically connected to their spreadsheets [1]. Though it doesn't seem like you can create sophisticated forms (with some logic in them for example) just yet.
I am thinking of moving my volunteer org away from Google forms towards Grist.
Can anyone confirm if the legal advice here https://docs.heyform.net/license is correct? Seems slightly different to my own interpretation of the spirit of GPL.
There's nothing problematic about this, except that it's GPL plus conditions. AFAICT, only the second condition would be in addition to the GPL, but I didn't spend much time thinking about it.
GPL does not permit additional conditions, it actually states that additional conditions may be removed by the licensee.
In this case, I don’t see the actual license containing additional conditions, simply that the FAQ guidance on the page is misleading.
But it needs attribution and he can say what attribution is valid, no? IANAL so can't say for sure but does GPLv3 have same issue as early CC? https://doctorow.medium.com/a-bug-in-early-creative-commons-...
Yes and no. While the author can specify an attribution notice, the GPL limits it to being relayed amongst “appropriate legal notices” - these typically appear in an EULA or About screen. Otherwise an “inappropriate” attribution requirement could be misused to prevent modification of certain parts of the work.
As for the issue with CC, GPLv3 gives a 30 day grace period for rectifying violations which obviates many potential troll issues.
Thank you.
it's GPL plus conditions
Not in a uniform way - the license distributed with the code on github doesn’t have the extra conditions.
At this point I’d nuke the repo and force push with AGPL license instead, that seems a better fit.
They would need to use the AGPL if they want folks that self-host to release their changes.
I don't know if the page changed, but it says that it is using AGPL
Yeah, it looks wrong to me too. It claims to be GPLv3 and the "use cases" explainer looks like it's trying to clarify what GPLv3 means, but the requirements described under the use cases are not part of GPLv3.
The 1st one is fine. The 2nd one says you would need to open source your modifications, but that would only be true if you also distributed your version rather than just using it on the server side. The 3rd adds three conditions. The first and third are again only true if you are redistributing the software. The second is an attribution clause that is not part of GPLv3, and the page to me definitely reads like it's explaining the license but not actually a license itself. GPLv3 does allow adding in similar conditions, but probably not those: I'm not sure requiring a link to the original project is ok.
AGPLv3 would be a much closer match to what the author appears to intend. It allows adding the attribution requirements that the author wants; see https://www.gnu.org/licenses/agpl-3.0.en.html section 7: "You may...supplement the terms...: (b) Requiring preservation of...author attribution..."
(IANAL, and every time I claim anything about licenses I get at least one detail wrong.)
Huge Affero (AGPL) warning.
Do not touch unless you understand how the license works and want to do so anyway.
Can you be more specific?
In what ways exactly it is more dangerous than other open source licenses in this case?
more dangerous
only if you intend to produce a derivative work for which you intend to sell, and thus do not want to reveal said derivative to others.
AGPL is the best license available for open source imho.
That was my understanding too, I don’t understand how this would be seen as dangerous in this context, I’d also view it as a benefit.
I see this as huge Affero (AGPL) praise!
It would be great if the license was used more. I'd much rather contribute to something where sharealike extends in some way across networks - software doesn't link in binaries, as the GPL does cover, as much these days.
GPL never talked about linking, it's probably the single most misunderstood aspect of GPL.
You can in fact have GPL bw applied over network IPC even
See their docs page here: https://docs.heyform.net/license
What's your rationale behind this step?
It's to tap into global collaboration for faster innovation, and ensure transparency and trust.
Thanks for bringing up the good question!
Do you have another source of income? If someone just use it without giving you money or code contributions, would you feel ok?
Both of us work part-time on HeyForm and are satisfied with the revenue it generates.
However, who wouldn't want to earn more? :D
Would this be a clever way of shrinking the market? Any competitors will now automatically need to have a value proposition greater than this free software.
I'm not OP but the software is GPL3, so it would disqualify a lot of risk-averse customers from hosting it.
Your website doesn’t open, it seems it’s flagged in one of the DNS popular blacklists
For me too, using NextDNS
+1
Works fine for me. Did you add these blacklists yourself or is it from your ISP?
It's strange that our website is being blocked by an ISP.
Could you please provide us with the name of the ISP so that we can contact them and request to have the ban lifted?
I cannot quickly find the answer so maybe the project owner can share - I have a need for which apparently there is no ready-to-use product - I need to have form which is anonymous, but at the same time it should be one-time-only submit. (Like voting system).
My ideal solution would be to send unique link to each recipient and limit one submission per link. However, I as a purchaser should not be able to see who got which link, or at least, how each link voted.
Question if heyform has some implementation of the need already, because none of the well known products - Google forms, MS Forms, Typeform - support anything like that
I doubt any generic platform would support such a specific use case out of the box, especially if major providers don’t offer it.
Eh, I mean it's a pretty common ask in my experience, but my experience isn't the world's
Even if it were anonymous, your recipients wouldn’t trust it. Everyone knows anonymous polls get you fired (which is still proof that some people still trust anonymity, but those people are usually not working here anymore).
I was curious and did a google search, looks like you’re right and this can happen; some anecdotes are terrifying:
My manager let me know that due to my answers in the culture survey, they didn't think I was a good fit for the company anymore and were letting me go.
said that my responses to the survey showed that I had a negative attitude about the company and that they wanted to part ways.
source: https://old.reddit.com/r/legaladvice/comments/67j04o/i_was_f...
Very cool! Form builders are really fun applications to build and teach you a lot about more advanced relational models (like polymorphic relations)
I scrapped together a form-builder-with-payments using RoR and RailsAdmin last year for my club and ended up spinning it off into a pay-per-use SaaS[1].
As it turns out, forms are a fundamental aspect of a LOT of things, and offering free use tools can change the game for clubs or organizations looking to keep their data in one place.
What do you mean by club exactly?
I generally mean a member based organizations, could be a book club or professional association or anything of the sorts.
Not every club charges dues, but those that do generally start off with a google form and a pinky promise that you'll send your dues after submitting the form.
Works for awhile but it's hard to maintain, speaking as someone who's had to do this before. embolt is my go at offering a member platform with a very low (the lowest) barrier of entry to getting up and running with paid registrations forms & an admin dashboard.
Looks very well done! Did you have to write much JS or could you do everything you needed with RoR?
Thanks! I initially started out with just jQuery but eventually realized I needed to support more complex interactions and adopted Turbo & Stimulus [1].
Still sticking with server-side rendering though, always loved that approach to building webapps and tools like HTMX & Turbo make it much easier to integrate with complex UX interactions.
[1] https://medium.com/@csofiamsousa/hotwire-turbo-and-stimulus-...
Congrats on open sourcing your project!
I see that it relies on mongodb, at a first glance this seems a good fit for a forms oriented product - looks like using a document db for actually dealing with documents. How did it work out for you? Would you choose it again?
Maybe not. MySQL and PostgreSQL are both capable of performing this task effectively.
Are you associated with the project or are you commenting based on your own experience?
do you consider this a marketing move?
Of course; how else could they have been on the HN frontpage? (I’m not saying this negatively)
We do, but this is not the main reason.
I currently use NocoDB for forms, which works great, but this looks great too, many thanks for sharing!
@dearroy in fact, it'd be great if you integrated with NocoDB! I was a little disappointed to see that at present you mostly only integrate with proprietary tools and not with other self-hostable tools.
You request it, we make it!
Please open an issue and let's discuss it further. With any luck, we can make it available in just a few weeks.
I've often wanted a simple online form solution for random purposes, yet I have never quite gotten around to learning Google Forms. My kids use it for school stuff. They're reasonably capable with it and have gotten good mileage from it. I guess at some level it's hard for me to get into something that often requires flexibility, yet can't be modified beyond rigidly prescribed boundaries.
I would totally rather learn something like this that I can hack on. And when other people ask me how to do something for a Real reason, I would not hesitate to recommend the hosted version if it can do what they want. (No, I don't want to be on the hook for maintaining a self-hosted version of something that will be depended on for wide public consumption. I'm done with pager duty.)
The creators' hearts seem to be in the right place, so I'm less subliminally worried that they'll enshittify it in some way that bothers me. And if they do, the license gives me a way to proceed without starting with something new from scratch.
Google Forms is very simple to learn. There's not much to it. You just dive in and you're good to go.
Considering that this is SaaS, are you sure GPL is sufficient here? Did you consider AGPL?
Risk is low. A copycat can copy but code is only part of the equation.
This looks really nice. I assume you have looked at the alternatives and created heyform with a special feature or use case in mind? If so, could you summarize the differences between heyform and for example: getinput.co, quillforms.com or snoopforms.com?
Cool
Looks really cool and could be a good alternative to Typeform.
In our organization, due to privacy reasons we need to self host.
You might want to look at something like the plus plan photoprism has. For photoprism, if you want a UI for user admin, you pay something. One can do the same thing from cli, but in corporate environments it's easier for me to say, look, we need to pay, because we need this admin interface. If I would self host but want to support you otherwise, it's hard to argue why the organization should "donate" money.
Hope it makes sense. Best wishes!
How did you think about the tradeoffs between closed-source profitable vs. open sourcing it? What do you see as your criteria for success on this move?
AI thanks you for your efforts.
NestJS is nodeJS for Java people. It's like Angular in that sense.
So some people will feel like it's over engineered.
I mean it's overengineered. Why do I have to register all these things, and why does it keep crashing if I register it like this without any understandable error message. It has a little bit of an OCD relationship with dependency injection. Where the normal import system can handle most of those cases.
But few nice things, resolvers, auto-generate swaggers. And TypeORM is lovely.
But yeah it's a bit too demanding. I'm okay with an opiniated framework if it gives a lot of features out of the box (like laravel or NextJs), but NestJS tells me how to do things without giving me enough in return. (auth, sockets etc are still quite a lot of work)
Yeah, I don't know, most of the time only time you actually need dep injection is for tests, and at that point why not just mock with Jest? Feels too much just having to do all this work just to complicate dependencies and make moving around more difficult for tests when a much simpler solution is available.
Dependency injection was not really meant to help with testing, but to keep code decoupled. It can be a nice pattern, but even if nestjs forces us to do it, we developers still find creative ways to nullify any attempts to decouple the code we write :).
It wasn't meant to, but it realistically and potentially feels only useful in those cases.
To me in most cases it is used it seems to just overengineer and obfuscate things unnecessarily when much simpler code would be easier to understand, etc.
It shouldn't be a thing that is done by default, only when it really makes sense.
Eventually with all those injections you are going to cause a situation where making any changes becomes really complex, if there are any use cases you didn't foresee at all.
In 90%+ cases you don't need interfaces and or DI, you should just be able to follow the logic with your IDE, it makes no sense to obfuscate that.
If the impl truly must vary for whatever case, then sure, you can use it.
But I would also say that don't do interfaces and impl before you actually need to switch them out dynamically depending on the context (and not just for testing).
If you have something that does Storage, and Storage drivers could be different like FileSystem, GoogleDrive, whatever, then sure use an interface, but not otherwise.
It's like DRY. Unless you actually use it 2-3 times, don't make everything unnecessarily into a reusable fn.
If you don't foresee having multiple storage methods in the near future then just use a class for storing which you can move to, to see how it does file storage or similar.
yeah agree, there was a time where everyone only wanted to code in patterns. I do think they are nice, but often most of us hardly understood the original reason why they were created.
Just wanted to chime in and say that if you use the CLI to generate things, the experience is much nicer. However, you do still need to be in their playground. If you have a large team out org and don't want to have to document extra about the guts, I love having something proven. If you need to mix protocols, I believe Feathers JS was a little simpler to get into last I looked.
Best makes JavaScript look like Java, it’s needlessly complex and just encourages vast amounts of boilerplate. Awful stuff.
This is precisely my experience. Classes are painful to deal with. Decorators are not only unergonomic, they also throw away any type safety. Also Nest shoves class transformer and class validator down your throat, which are also a pian in the ass.
My go-to right now is itty router with zod.
Love to hear it!
Btw, itty-router v5 just dropped a couple days ago, with a fun batteries-included (still ultra-small) router, that should make your code even leaner.
How is the integration w/ zod anyway, and how can we make it better?
Yes I noticed v5! I love it so much. The great thing about itty is you can integrate anything really easily.
I'm in the progress of making a simple middleware based on zod to parse not only request body, but also params, headers, etc. Zod is really powerful and you could even use it to do stuff like parse jwt tokens and have complete type inference.
Perhaps my only issue with this approach is that you rely on a wrapper function to correctly pass the generics fron the middleware to the main handler.
Another possible approach is using types-per-route but then it's hard to enforce that the validator agrees with the handler itself.
Same experience here. Admittedly it's been a few years since I last used it, but there was so much boilerplate coupled with a layer of "magic" that was too thick for my liking.
Provider initialization (dependency injection) failed on me on a few occasions and it always wasted hours of productivity. It would break in some obscure way that wouldn't log any errors to the console, so there was nothing to go on besides attaching a debugger and stepping through layers of framework code. It was quite infuriating because it always happened when I was in the middle of something else.
If your specific use case wasn't covered by their docs (which were very barebones and "hello-world" oriented at the time), it was painful to figure out and use.
I'm literally in the middle of spending my evening, outside of work, gutting NestJS from a project I've inherited at work. I would literally consider changing jobs if I couldn't remove it.
There is so much to unpack to get as why I have such an issue with it. But time and again I have been frustrated with it in terms of: it's design philosophy, implementation, scope of what it covers, bloat, recommended implementation approaches, etc.
I don't understand how a single framework can think that it should cover: message/request handling, logging, config management, dependency inversion, persistence, and IO. These things have almost no cross over (i.e. if they are well designed they should be easily composable with any other component) but time and again framework developers attempt to bundle them into a "one size fits all solution".
To best sum it up. I think any package I use should be secondary to my application. But this package makes it so that my application is secondary to the framework.
Don’t .NET and Rails do all those things?
They provide a default.
I suppose in nextjs it's the only option?
Nah, you can swap out most things.
The worst Java frameworks are better than NestJS IMO
Why? In what sense? What would you recommend instead for TS? And what would you recommend instead of Nest and TS?
I wouldn't really recommend TS anymore. I would just go to a compiled language that actually has runtime type safety and a good ecosystem and devx. Although, it looks like Deno/Bun will improve things. After working with it for 5yrs, I just don't want to deal with the typescript compiler and ecosystem anymore, it's more of a headache than it's worth when Java (or ktl), Go, (and because HN: rust) are great.
nestjs is nice if you’re coming from Angular. It’s basically Angular for the backend.
But like Angular, there is a very wide range of use cases where it is totally overkill and like Angular, companies are throwing it at each and every project.
I don’t find it bad but it’s in a strange spot being more bloated than other JS frameworks while still being way less "batteries included" than more classical corporate frameworks.
Like Angular, I don’t hate it though it’s just that I still haven’t figured out a project where it’s better suited than something else.
Why not use NestJS, a framework that solves the engineering problems you encounter in other Node.js frameworks?
Why Nest over Next? Is it worth switching?
I use nestjs in my open source no-code database https://github.com/teableio/teable, and I really like it, especially the dependency injection capability.
I recently migrated my API from lambda functions do a dockerized Node API and I evaluated NestJS, though ended up using Fastify. Like others have mentioned, it's great for devs that come from Angular or Java but for me I didn't like that it used decorators all over the place and preferred to have something more "Express like"