Node.js's npm Is Now The Largest Package Registry in the World

Linux.com highlights some interesting statistics about npm, the package manager for Node.js.

• "At over 350,000 packages, the npm registry contains more than double the next most populated package registry (which is the Apache Maven repository). In fact, it is currently the largest package registry in the world."
• In the preceding four weeks, users installed 18 billion packages.
• This translates into 6 billion downloads, "because approximately 66 percent of the installs are now being served from the cache."
• ping.npmjs.com "shows that the registry's services offer a 99.999 uptime."
• Every week roughly 160 people publish their first package in the registry

But what about the incident last year where a developer suddenly pulled all their modules and broke thousands of dependent projects? npm's Ashley Williams "admitted that the left-pad debacle happened because of naive policies at npm. Since, the npm team have devised new policies, the main one being that you are only allowed to unpublish a package within 24 hours of publishing it." And their new dissociate and deprecate policy allows developers to mark packages as "unmaintained" without erasing them from the registry.

Packages still aren't signed

Packages on npm still aren't signed - something that Java repository servers have had since inception.

Might as well just open up your firewalls and let the hackers inject whatever code they want.

Broken by design!

Captcha: "amateurs"

Re: Packages still aren't signed

They're both things that JavaScript programmers don't/can't comprehend.

How many *useful* packages?

When you get such trivialities as left pad in the registry, why should anyone care that the raw number of packages is large?

Quick everybody: how do you write "hello world" in javascript?

npm install hello-world