Slashdot Mirror
Node.js's npm Is Now The Largest Package Registry in the World (linux.com)
Linux.com highlights some interesting statistics about npm, the package manager for Node.js.
- "At over 350,000 packages, the npm registry contains more than double the next most populated package registry (which is the Apache Maven repository). In fact, it is currently the largest package registry in the world."
- In the preceding four weeks, users installed 18 billion packages.
- This translates into 6 billion downloads, "because approximately 66 percent of the installs are now being served from the cache."
- ping.npmjs.com "shows that the registry's services offer a 99.999 uptime."
- Every week roughly 160 people publish their first package in the registry
But what about the incident last year where a developer suddenly pulled all their modules and broke thousands of dependent projects? npm's Ashley Williams "admitted that the left-pad debacle happened because of naive policies at npm. Since, the npm team have devised new policies, the main one being that you are only allowed to unpublish a package within 24 hours of publishing it." And their new dissociate and deprecate policy allows developers to mark packages as "unmaintained" without erasing them from the registry.
When you get such trivialities as left pad in the registry, why should anyone care that the raw number of packages is large?
Quick everybody: how do you write "hello world" in javascript?
npm install hello-world
I think the debacle really just opened up a lot of eyes as to when it's appropriate to start npm installing a bunch of crap instead of writing your own code.
There's a fetish for modules in the JavaScript world that defies reason.
"What? Use the built-in keyword "function" for defining functions? Heavens no you fool, we install Sindre Sore-Ass's woopee-unicorn-function-creator package!
It's cancer all the way down on NPM.
There's no choice on the client, but why do people put up with all of Javascript's many rough edges and missing features when there is a universe of more appropriate server-side languages?
A huge problem with JavaScript, compared to other languages, is that its standard library is totally lacking, even after 20 years of existence.
A lot of common library functionality that Java, C#, Perl, Ruby, Python, Tcl, Go and even C++ include by default just aren't present when using JavaScript. Or worse, if JavaScript does include some functionality it's often really shitty, sometimes to the point of being unusable.
So if you're using JavaScript you pretty much have no choice but to start using external packages almost right away. That's why npm has become so widely used: it's because JavaScript itself is so goddamn lacking in the most basic of ways.
Npm is basically a bandage that you have to apply to JavaScript to make it even barely usable. And you have to apply it for pretty much each and every project written in JavaScript.
made by amateur 17 years olds....
Ever installed some nodejs stuff?
You do "npm install" and watch an endless packagelist being downloaded. No, not to the central installation, but into the project. And they are like modules with 5 lines. See for example the "left-pad" thing. Yes, people include other programmers code for 5 lines of a function which you can create without even thinking about it. And they include such 5 line functions from hundereds of different people in their project. Not only one missing package can break millions of builds (see the left-pad example), but one malicious programmer can infect millions of production systems by issuing an update, which includes one malicious line, which loads some external script he will be able to change on demand. Because who re-reads the code of the modules, if he even read it the first place, when adding it because the name and short description seemed to match the requirements.
The node.js ecosystem is fucked up. Working, but still a working mess.