NPM website was down (opens in new tab)

(status.npmjs.org)

114 points18nleung13d ago54 comments

54 comments

iLemming13d ago

First GitHub, now NPM? Oh no... That is happening, guys. Rise of the machines. I hope Jira is next and Slack follows.

1 more reply

corvad13d ago

I wonder if this is an underlying infra issue with Azure being that Github was also having issues.

nulltrace13d ago

We added a preflight curl against registry.npmjs.org before the install step in CI. Not surprising they went down together.

2ndorderthought13d ago

I bet 10 dollars it's DNS.

thanatos_dem13d ago

Nah, can't be, Azure DNS has a 100% SLA after all: https://learn.microsoft.com/en-us/azure/dns/dns-faq#what-is-...

shakna13d ago

"Always" up, but maybe not going where you expect. [0]

[0] https://arstechnica.com/information-technology/2026/01/odd-a...

parliament3213d ago

To be fair, it feels like the DNS service has been the most reliable part of our Azure infra. Never really had issues with it, whether with traffic or API calls.

yomismoaqui13d ago

  It's not DNS
  There's no way it's DNS
  It was DNS

- SSBroski

basilikum13d ago

It's DNS

If it's not DNS it's MTU if you're a person and BGP if you're a company.

corvad13d ago

Just wait and it will be something like "Github's internal DNS was down and caused widespread service communication issues."

Imustaskforhelp13d ago

I am waiting for jeff geerling's "its always dns" t-shirt reference/video about it if that's the case.

xaxfixho13d ago

it might just be *AZURE*

Scipio_Afri13d ago

Easy there buddy, not everything needs to be a polymarket bet :-)

munk-a13d ago

It's likely someone just ran npm ls -all

airstrike13d ago

https://www.ebay.com/ is also down

Raed66713d ago

lots of amazon pages & search seem to be degraded as well

cozzyd13d ago

That's one way to fix supply chain vulnerabilities.

tantalor13d ago

Can't have any vulnerabilities if you don't have a supply chain

nine_k13d ago

More seriously, keeping a local cache of external npm packages, and a local artifact storage for internal npm packages looks like a wise thing to have done long ago. Might be cheaper in the long run.

Ironically, both Nandu and Verdaccio are implemented in Tyepscript and install via npm.

(Same logic obviously applies to Python packages, Docker images, etc.)

hmokiguess13d ago

At my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions

I took that for granted back then and just assumed it was standard enterprise policy

jamesfinlayson13d ago

Multiple previous jobs had this too (local Packagist is thing, Artifactory is another) but my current job got rid of theirs. Seemed a little short-sighted given the risks but I don't make the decisions.

spartanatreyu13d ago

> a local artifact storage for internal npm packages looks like a wise thing to have done long ago

Deno already does this invisibly by default.

All packages are stored in the global cache.

No need to store multiple versions of the same dependencies across projects.

To the code in your projects: there is no such thing as a global cache. Just import your dependencies like normal and deno maps them to the global cache.

XorNot13d ago

Caching NPM was easier when you could pull the Couchbase replicate API. Afaik that's gone and now you just have to send a bazillion http requests instead.

nine_k13d ago

Sending a bazillion http requests within your LAN, or at least your VPC, is much easier, faster, and cheaper.

Both yarn and pnpm support http/2 which speeds up the bazillion requests quite a bit.

miohtama13d ago

Only if we had a turn key distributed cache, like IPFS

ibejoeb13d ago

Does IPFS support content eviction now? If not, that could go wrong really fast. You get a compromised package out there and then, I think, literally every node needs to unpin it or it remains.

1 more reply

cluckindan13d ago

Waiting for the BitTorrent package manager

hexasquid13d ago

Hold the jokes until we're sure this isn't an `.unwrap()`

lrvick13d ago

Whenever NPM is offline, the internet is a little safer.

Keep up the good work Microsoft.

Let's shoot for 100% downtime though. Thanks.

normie300013d ago

Well it is owned by github.

cute_boi13d ago

which is owned by microslop

rvz13d ago

...and proudly maintained by Microsoft's AI agents: Tay.ai, Zo, and Copilot.

They seem to be doing a pretty good job at wrecking both GitHub and npm at the same time.

adxl13d ago

Clippy was too stupid to qualify as an AI.

squarefoot13d ago

Ebay is also down. https://www.isitdownrightnow.com/ebay.com.html

corvad13d ago

Fixed as of 22:30 UTC. Hope there's a postmortem.

saadn9213d ago

ha, github is down too

dabinat13d ago

Tailscale too: https://status.tailscale.com/

idoxer13d ago

Works for me, could be region related

simjnd13d ago

https://npmx.dev is not

xmprt13d ago

With all the github instability, I wonder if Cloudflare or some other provider is going to look into providing a similar service.

sofixa13d ago

GitLab is right there. And overall provides a better product than GitHub, if nothing else on these two points:

* You can actually have an organisational structure (folders/namespaces), and projects can be moved around with automatic redirects. Also, inheritance of access controls, variables between the namespaces

* GitLabCI is organised in a way that makes supply chain attacks less of a risk. GitHub Actions takes the NPM/JS approach, where every step is an action, one you usually need to get off someone, with shoddy versioning, tons of transient dependencies, etc. In GitLabCI you can have templates, but you don't have to use an external template for every bit. It's shell scripting on top of containers, so you can have custom container images with your stuff, or custom scripts, or templates that bundle it all.

justinclift13d ago

GitLab also limits the size of PRs/MRs, which makes it Unfit for Purpose. :( :( :(

Its a problem they know about, but have no plan to fix before 2027.

irishcoffee13d ago

I mean, the PR limit is like a million characters. I would also reject a PR of a million characters. That’s bananas.

1 more reply

fontain13d ago

All of those features are supported by GitHub in some form, e.g: Organizations can now belong to Enterprises.

sofixa13d ago

It's not the same, at all.

SSO, access tokens, secrets are all bound to the Organization level - if you work on multiple Organizations you have to log in separately... You also cannot have nested Organizations.

dijksterhuis13d ago

tree based directory structure stuff is available on gitlab’s free tier — so are all the permissions inheritance for groups etc.

so, while you’re technically right, these features are apparently paywalled heavily on github.

ime you get more features on gitlab for the same price (or less). i switched fully two years ago and im not going back.

dllrr13d ago

Cloudflare artifacts??

https://developers.cloudflare.com/artifacts/

xmprt13d ago

I mean more like a full git competitor. Gitlab exists but more competition is generally better for the consumer and it looks like Github's lead is starting to falter with all these incidents.

dmitrygr13d ago

libc is still working just fine, as is the linux kernel. Mayhaps having 2000 dependencies on 3000 packages from 4000 unvetted sources was a mistake afterall?

naikrovek13d ago

Oh no. At least nothing of value is affected.

cute_boi13d ago

microslop slops are down.

12345hn678913d ago

Azure is completely dead across multiple resources. Confirming....

DaiPlusPlus13d ago

https://azure.status.microsoft/en-US/status says "There are currently no active events." - and everything's fine with my day-job's Azure sub right now.

j / k navigate · click thread line to collapse

54 comments

iLemming13d ago

First GitHub, now NPM? Oh no... That is happening, guys. Rise of the machines. I hope Jira is next and Slack follows.

1 more reply

corvad13d ago

I wonder if this is an underlying infra issue with Azure being that Github was also having issues.

nulltrace13d ago

We added a preflight curl against registry.npmjs.org before the install step in CI. Not surprising they went down together.

2ndorderthought13d ago

I bet 10 dollars it's DNS.

thanatos_dem13d ago

Nah, can't be, Azure DNS has a 100% SLA after all: https://learn.microsoft.com/en-us/azure/dns/dns-faq#what-is-...

shakna13d ago

"Always" up, but maybe not going where you expect. [0]

[0] https://arstechnica.com/information-technology/2026/01/odd-a...

parliament3213d ago

To be fair, it feels like the DNS service has been the most reliable part of our Azure infra. Never really had issues with it, whether with traffic or API calls.

yomismoaqui13d ago

  It's not DNS
  There's no way it's DNS
  It was DNS

- SSBroski

basilikum13d ago

It's DNS

If it's not DNS it's MTU if you're a person and BGP if you're a company.

corvad13d ago

Just wait and it will be something like "Github's internal DNS was down and caused widespread service communication issues."

Imustaskforhelp13d ago

I am waiting for jeff geerling's "its always dns" t-shirt reference/video about it if that's the case.

xaxfixho13d ago

it might just be *AZURE*

Scipio_Afri13d ago

Easy there buddy, not everything needs to be a polymarket bet :-)

munk-a13d ago

It's likely someone just ran npm ls -all

airstrike13d ago

https://www.ebay.com/ is also down

Raed66713d ago

lots of amazon pages & search seem to be degraded as well

cozzyd13d ago

That's one way to fix supply chain vulnerabilities.

tantalor13d ago

Can't have any vulnerabilities if you don't have a supply chain

nine_k13d ago

More seriously, keeping a local cache of external npm packages, and a local artifact storage for internal npm packages looks like a wise thing to have done long ago. Might be cheaper in the long run.

Ironically, both Nandu and Verdaccio are implemented in Tyepscript and install via npm.

(Same logic obviously applies to Python packages, Docker images, etc.)

hmokiguess13d ago

At my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions

I took that for granted back then and just assumed it was standard enterprise policy

jamesfinlayson13d ago

spartanatreyu13d ago

> a local artifact storage for internal npm packages looks like a wise thing to have done long ago

Deno already does this invisibly by default.

All packages are stored in the global cache.

No need to store multiple versions of the same dependencies across projects.

To the code in your projects: there is no such thing as a global cache. Just import your dependencies like normal and deno maps them to the global cache.

XorNot13d ago

Caching NPM was easier when you could pull the Couchbase replicate API. Afaik that's gone and now you just have to send a bazillion http requests instead.

nine_k13d ago

Sending a bazillion http requests within your LAN, or at least your VPC, is much easier, faster, and cheaper.

Both yarn and pnpm support http/2 which speeds up the bazillion requests quite a bit.

miohtama13d ago

Only if we had a turn key distributed cache, like IPFS

ibejoeb13d ago

Does IPFS support content eviction now? If not, that could go wrong really fast. You get a compromised package out there and then, I think, literally every node needs to unpin it or it remains.

1 more reply

cluckindan13d ago

Waiting for the BitTorrent package manager

hexasquid13d ago

Hold the jokes until we're sure this isn't an `.unwrap()`

lrvick13d ago

Whenever NPM is offline, the internet is a little safer.

Keep up the good work Microsoft.

Let's shoot for 100% downtime though. Thanks.

normie300013d ago

Well it is owned by github.

cute_boi13d ago

which is owned by microslop

rvz13d ago

...and proudly maintained by Microsoft's AI agents: Tay.ai, Zo, and Copilot.

They seem to be doing a pretty good job at wrecking both GitHub and npm at the same time.

adxl13d ago

Clippy was too stupid to qualify as an AI.

squarefoot13d ago

Ebay is also down. https://www.isitdownrightnow.com/ebay.com.html

corvad13d ago

Fixed as of 22:30 UTC. Hope there's a postmortem.

saadn9213d ago

ha, github is down too

dabinat13d ago

Tailscale too: https://status.tailscale.com/

idoxer13d ago

Works for me, could be region related

simjnd13d ago

https://npmx.dev is not

xmprt13d ago

With all the github instability, I wonder if Cloudflare or some other provider is going to look into providing a similar service.

sofixa13d ago

GitLab is right there. And overall provides a better product than GitHub, if nothing else on these two points:

justinclift13d ago

GitLab also limits the size of PRs/MRs, which makes it Unfit for Purpose. :( :( :(

Its a problem they know about, but have no plan to fix before 2027.

irishcoffee13d ago

I mean, the PR limit is like a million characters. I would also reject a PR of a million characters. That’s bananas.

1 more reply

fontain13d ago

All of those features are supported by GitHub in some form, e.g: Organizations can now belong to Enterprises.

sofixa13d ago

It's not the same, at all.

SSO, access tokens, secrets are all bound to the Organization level - if you work on multiple Organizations you have to log in separately... You also cannot have nested Organizations.

dijksterhuis13d ago

tree based directory structure stuff is available on gitlab’s free tier — so are all the permissions inheritance for groups etc.

so, while you’re technically right, these features are apparently paywalled heavily on github.

ime you get more features on gitlab for the same price (or less). i switched fully two years ago and im not going back.

dllrr13d ago

Cloudflare artifacts??

https://developers.cloudflare.com/artifacts/

xmprt13d ago

I mean more like a full git competitor. Gitlab exists but more competition is generally better for the consumer and it looks like Github's lead is starting to falter with all these incidents.

dmitrygr13d ago

libc is still working just fine, as is the linux kernel. Mayhaps having 2000 dependencies on 3000 packages from 4000 unvetted sources was a mistake afterall?

naikrovek13d ago

Oh no. At least nothing of value is affected.

cute_boi13d ago

microslop slops are down.

12345hn678913d ago

Azure is completely dead across multiple resources. Confirming....

DaiPlusPlus13d ago

https://azure.status.microsoft/en-US/status says "There are currently no active events." - and everything's fine with my day-job's Azure sub right now.

j / k navigate · click thread line to collapse