Screw npm – it's time for change (opens in new tab)

(github.com)

6 pointsspringmissile10y ago4 comments

4 comments

4 comments · 3 top-level

mattkrea10y ago· 1 in thread

> no single point of failure

I have no solution to this but replacing npmjs.org with github.com might not be the answer. Wonder how a torrent-based package manager might work..

krapp10y ago

I'm assuming that the github: key implies the possibility of non-github repositories being allowed. PHP's Composer does the same thing in a slightly more verbose way to support arbitrary repos and multiple VCS types. Packagist is less a centralized repository as a suggested but not necessary first choice, which in my opinion is how it should be.

It also uses a JSON file to define project dependencies. Probably not the worst model to copy.

nikolay10y ago

There's already a good solution, it's called git-vendor [0]!

[0]: https://brettlangdon.github.io/git-vendor/

JdeBP10y ago

Duplicates https://news.ycombinator.com/item?id=11364190 , badly.

j / k navigate · click thread line to collapse