NPM website was down (opens in new tab)

(status.npmjs.org)

126 points18nleung2mo ago61 comments

61 comments

42 comments · 17 top-level

corvad2mo ago· 9 in thread

I wonder if this is an underlying infra issue with Azure being that Github was also having issues.

We added a preflight curl against registry.npmjs.org before the install step in CI. Not surprising they went down together.

2ndorderthought2mo ago

I bet 10 dollars it's DNS.

thanatos_dem2mo ago

Nah, can't be, Azure DNS has a 100% SLA after all: https://learn.microsoft.com/en-us/azure/dns/dns-faq#what-is-...

2 more replies

yomismoaqui2mo ago

  It's not DNS
  There's no way it's DNS
  It was DNS

- SSBroski

1 more reply

corvad2mo ago

Just wait and it will be something like "Github's internal DNS was down and caused widespread service communication issues."

Imustaskforhelp2mo ago

I am waiting for jeff geerling's "its always dns" t-shirt reference/video about it if that's the case.

Scipio_Afri2mo ago

Easy there buddy, not everything needs to be a polymarket bet :-)

xaxfixho2mo ago

it might just be *AZURE*

munk-a2mo ago

It's likely someone just ran npm ls -all

cozzyd2mo ago· 6 in thread

That's one way to fix supply chain vulnerabilities.

tantalor2mo ago

Can't have any vulnerabilities if you don't have a supply chain

nine_k2mo ago

More seriously, keeping a local cache of external npm packages, and a local artifact storage for internal npm packages looks like a wise thing to have done long ago. Might be cheaper in the long run.

Ironically, both Nandu and Verdaccio are implemented in Tyepscript and install via npm.

(Same logic obviously applies to Python packages, Docker images, etc.)

hmokiguess2mo ago

At my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions

I took that for granted back then and just assumed it was standard enterprise policy

1 more reply

spartanatreyu2mo ago

> a local artifact storage for internal npm packages looks like a wise thing to have done long ago

Deno already does this invisibly by default.

All packages are stored in the global cache.

No need to store multiple versions of the same dependencies across projects.

To the code in your projects: there is no such thing as a global cache. Just import your dependencies like normal and deno maps them to the global cache.

XorNot2mo ago

Caching NPM was easier when you could pull the Couchbase replicate API. Afaik that's gone and now you just have to send a bazillion http requests instead.

1 more reply

miohtama2mo ago

Only if we had a turn key distributed cache, like IPFS

2 more replies

xmprt2mo ago· 5 in thread

With all the github instability, I wonder if Cloudflare or some other provider is going to look into providing a similar service.

sofixa2mo ago

GitLab is right there. And overall provides a better product than GitHub, if nothing else on these two points:

* You can actually have an organisational structure (folders/namespaces), and projects can be moved around with automatic redirects. Also, inheritance of access controls, variables between the namespaces

* GitLabCI is organised in a way that makes supply chain attacks less of a risk. GitHub Actions takes the NPM/JS approach, where every step is an action, one you usually need to get off someone, with shoddy versioning, tons of transient dependencies, etc. In GitLabCI you can have templates, but you don't have to use an external template for every bit. It's shell scripting on top of containers, so you can have custom container images with your stuff, or custom scripts, or templates that bundle it all.

justinclift2mo ago

GitLab also limits the size of PRs/MRs, which makes it Unfit for Purpose. :( :( :(

Its a problem they know about, but have no plan to fix before 2027.

1 more reply

fontain2mo ago

All of those features are supported by GitHub in some form, e.g: Organizations can now belong to Enterprises.

2 more replies

dllrr2mo ago

Cloudflare artifacts??

https://developers.cloudflare.com/artifacts/

xmprt2mo ago

I mean more like a full git competitor. Gitlab exists but more competition is generally better for the consumer and it looks like Github's lead is starting to falter with all these incidents.

normie30002mo ago· 2 in thread

Well it is owned by github.

cute_boi2mo ago

which is owned by microslop

rvz2mo ago

...and proudly maintained by Microsoft's AI agents: Tay.ai, Zo, and Copilot.

They seem to be doing a pretty good job at wrecking both GitHub and npm at the same time.

1 more reply

cute_boi2mo ago· 2 in thread

microslop slops are down.

12345hn67892mo ago

Azure is completely dead across multiple resources. Confirming....

DaiPlusPlus2mo ago

https://azure.status.microsoft/en-US/status says "There are currently no active events." - and everything's fine with my day-job's Azure sub right now.

airstrike2mo ago· 1 in thread

https://www.ebay.com/ is also down

Raed6672mo ago

lots of amazon pages & search seem to be degraded as well

iLemming2mo ago

First GitHub, now NPM? Oh no... That is happening, guys. Rise of the machines. I hope Jira is next and Slack follows.

1 more reply

hexasquid2mo ago

Hold the jokes until we're sure this isn't an `.unwrap()`

lrvick2mo ago

Whenever NPM is offline, the internet is a little safer.

Keep up the good work Microsoft.

Let's shoot for 100% downtime though. Thanks.

squarefoot2mo ago

Ebay is also down. https://www.isitdownrightnow.com/ebay.com.html

corvad2mo ago

Fixed as of 22:30 UTC. Hope there's a postmortem.

saadn922mo ago

ha, github is down too

dmitrygr2mo ago

libc is still working just fine, as is the linux kernel. Mayhaps having 2000 dependencies on 3000 packages from 4000 unvetted sources was a mistake afterall?

simjnd2mo ago

https://npmx.dev is not

idoxer2mo ago

Works for me, could be region related

dabinat2mo ago

Tailscale too: https://status.tailscale.com/

naikrovek2mo ago

Oh no. At least nothing of value is affected.

j / k navigate · click thread line to collapse

61 comments

42 comments · 17 top-level

corvad2mo ago· 9 in thread

I wonder if this is an underlying infra issue with Azure being that Github was also having issues.

nulltrace2mo ago

We added a preflight curl against registry.npmjs.org before the install step in CI. Not surprising they went down together.

2ndorderthought2mo ago

I bet 10 dollars it's DNS.

thanatos_dem2mo ago

Nah, can't be, Azure DNS has a 100% SLA after all: https://learn.microsoft.com/en-us/azure/dns/dns-faq#what-is-...

2 more replies

yomismoaqui2mo ago

  It's not DNS
  There's no way it's DNS
  It was DNS

- SSBroski

1 more reply

corvad2mo ago

Just wait and it will be something like "Github's internal DNS was down and caused widespread service communication issues."

Imustaskforhelp2mo ago

I am waiting for jeff geerling's "its always dns" t-shirt reference/video about it if that's the case.

Scipio_Afri2mo ago

Easy there buddy, not everything needs to be a polymarket bet :-)

xaxfixho2mo ago

it might just be *AZURE*

munk-a2mo ago

It's likely someone just ran npm ls -all

cozzyd2mo ago· 6 in thread

That's one way to fix supply chain vulnerabilities.

tantalor2mo ago

Can't have any vulnerabilities if you don't have a supply chain

nine_k2mo ago

More seriously, keeping a local cache of external npm packages, and a local artifact storage for internal npm packages looks like a wise thing to have done long ago. Might be cheaper in the long run.

Ironically, both Nandu and Verdaccio are implemented in Tyepscript and install via npm.

(Same logic obviously applies to Python packages, Docker images, etc.)

hmokiguess2mo ago

At my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions

I took that for granted back then and just assumed it was standard enterprise policy

1 more reply

spartanatreyu2mo ago

> a local artifact storage for internal npm packages looks like a wise thing to have done long ago

Deno already does this invisibly by default.

All packages are stored in the global cache.

No need to store multiple versions of the same dependencies across projects.

To the code in your projects: there is no such thing as a global cache. Just import your dependencies like normal and deno maps them to the global cache.

XorNot2mo ago

Caching NPM was easier when you could pull the Couchbase replicate API. Afaik that's gone and now you just have to send a bazillion http requests instead.

1 more reply

miohtama2mo ago

Only if we had a turn key distributed cache, like IPFS

2 more replies

xmprt2mo ago· 5 in thread

With all the github instability, I wonder if Cloudflare or some other provider is going to look into providing a similar service.

sofixa2mo ago

GitLab is right there. And overall provides a better product than GitHub, if nothing else on these two points:

justinclift2mo ago

GitLab also limits the size of PRs/MRs, which makes it Unfit for Purpose. :( :( :(

Its a problem they know about, but have no plan to fix before 2027.

1 more reply

fontain2mo ago

All of those features are supported by GitHub in some form, e.g: Organizations can now belong to Enterprises.

2 more replies

dllrr2mo ago

Cloudflare artifacts??

https://developers.cloudflare.com/artifacts/

xmprt2mo ago

I mean more like a full git competitor. Gitlab exists but more competition is generally better for the consumer and it looks like Github's lead is starting to falter with all these incidents.

normie30002mo ago· 2 in thread

Well it is owned by github.

cute_boi2mo ago

which is owned by microslop

rvz2mo ago

...and proudly maintained by Microsoft's AI agents: Tay.ai, Zo, and Copilot.

They seem to be doing a pretty good job at wrecking both GitHub and npm at the same time.

1 more reply

cute_boi2mo ago· 2 in thread

microslop slops are down.

12345hn67892mo ago

Azure is completely dead across multiple resources. Confirming....

DaiPlusPlus2mo ago

https://azure.status.microsoft/en-US/status says "There are currently no active events." - and everything's fine with my day-job's Azure sub right now.

airstrike2mo ago· 1 in thread

https://www.ebay.com/ is also down

Raed6672mo ago

lots of amazon pages & search seem to be degraded as well

iLemming2mo ago

First GitHub, now NPM? Oh no... That is happening, guys. Rise of the machines. I hope Jira is next and Slack follows.

1 more reply

hexasquid2mo ago

Hold the jokes until we're sure this isn't an `.unwrap()`

lrvick2mo ago

Whenever NPM is offline, the internet is a little safer.

Keep up the good work Microsoft.

Let's shoot for 100% downtime though. Thanks.

squarefoot2mo ago

Ebay is also down. https://www.isitdownrightnow.com/ebay.com.html

corvad2mo ago

Fixed as of 22:30 UTC. Hope there's a postmortem.

saadn922mo ago

ha, github is down too

dmitrygr2mo ago

libc is still working just fine, as is the linux kernel. Mayhaps having 2000 dependencies on 3000 packages from 4000 unvetted sources was a mistake afterall?

simjnd2mo ago

https://npmx.dev is not

idoxer2mo ago

Works for me, could be region related

dabinat2mo ago

Tailscale too: https://status.tailscale.com/

naikrovek2mo ago

Oh no. At least nothing of value is affected.

j / k navigate · click thread line to collapse