@dominic

Q: is the npm registry still open source?
A: no. npm, inc is now intergalactic feudal empire

https://github.com/npm/registry/issues/41

he who controls the spice controls the universe

@ev
Re: %f6No+0gck

Someone needs to invent the stillsuit of distributed package managers.

@dead.substack
Re: %f6No+0gck

Centralized services require vast resources and complicated architectures to scale and the more internal services are necessary to run a piece of infrastructure, the less value there is in keeping the code open because it becomes harder and harder for other people to run it themselves to make modifications, as that issue discusses. The difficulty of replication for this scaled up infrastructure, exclusive control over deeding of property rights for the namespace, and network effects conspire to create barriers to entry which are defensible by design.

These are the ingredients of a successful business and hopefully a long-lived service as a result (because we need npm right now to incubate dexentralized alternatives), but we can take this example as illustrative for how power dynamics are embedded in computer architectures. If we want a more egalitarian, communitarian internet, we'll need to bake those features in from the beginning in such a way that we don't end up back where we've started from. We should fail in new, interesting ways or else succeed in building a future that doesn't need us.

@ev
Re: %f6No+0gck

I say store modules as ssb blobs and then figure out how to clone them back up from scuttlebot in an effective way.

Right now I have an 'ipm' shell script in my site repos for front-end dependencies that clone from git-ssb. Next step, blob all node_modules.

@dangerousbeans
Re: %f6No+0gck

We could make a ruby gem wrapper for npm modules and host them on the still opensource https://github.com/rubygems/rubygems.org ? </troll>

@angel
Re: %f6No+0gck

spice! I knew it all along...