This article was originally published on my blog: resynth1943.net. If you'd like more timely notifications of new posts, consider subscribing to my RSS feed.
From its inception, Node.js, a server-side runtime for JavaScript, has heavily relied on NPM. NPM is a closed-source, corporate package manager.
In many ways, NPM embodies the JavaScript ecosystem. Without NPM, JavaScript just wouldn't work. And this has happened. NPM has gone down before, and it's stalled developers in their tracks.
That's one of the problems with a centralised architecture: uptime.
Many of my followers will know that I actively oppose Cloudflare. Centralised structures that "just can't fail" end up harming and restricting users, instead of helping them power the open web.
They also stifle competition. Take Google, for example, who are now facing a huge anti-trust case, for limiting and actively stifling opposition. Google took advantage of the trust they've garnered from users, and now use that to prevent competitive search engines (like DuckDuckGo) from gaining market share.
All of these companies have one thing in common: they're very useful at what they do. Centralised structures have empowered us, but there's a substantial issue underpinning them: they create walled gardens, designed to entrap and, in many ways, actively harm the user.
In 2016, NPM received notice from Kik that one of their packages violated their trademarks. The package name was, of course, named "kik". This then led to a dispute between Azer, the maintainer of the "kik" package, and Kik, who went on to send baseless legal threats and egregious accusations.
Eventually, NPM sided with kik.
Although I disagree with NPM's decision, it does beg the question: what happens when these centralised companies do something wrong? Where do people move to from NPM?
The short answer is: you don't. The NPM command-line tool makes it especially difficult to switch from their package repository. Essentially, you have to persuade end-users of your package to adopt a new registry, by editing mysterious configuration files.
This isn't good enough.
Top comments (0)