Let's start a new project. You probably would run something like
npm init followed by a list of packages you already have in mind. And that's how it goes, right? Well, sure, cleaning up gigabytes of
node_modules from our dev machines is annoying, but otherwise, it's okay, or is it?
We shouldn't, by all means, look into the source code of every module we use. After all, it has 5.5K stars on GitHub, and lots of projects rely on it. They know better after all...
I hate to break it to you, but not always. I'm talking about a package called
graphql-express that just so happens validates graphql schema on every single request ProofLink: Line 274.
Surely, mistakes happen and pull requests fix them after a while. Long after the project's deadline.
Now, you probably realised it's not about this particular package. We base our work on code we can't trust. And I'm not talking about cases where npm packages are purposely hazardous.
Everyone is aware of that, some try to do something about it. Deno, for example, tries to solve this issue by allowing to include code from any https link. Which is great, except I still can't edit the code. I have all the responsibility for my projects, and still, I don't have control over half of it. So, what do we do?
Surprisingly we had a perfect solution, and we have been mocking it. Copy-Paste, change some letters, and good to go. Extremely inconvenient way of sharing code: in the form of code.
But wait, how would we fix the issues or add new features? The code would be spread worldwide; with so many people changing it, it would be practically impossible to control and probably require peer-to-peer connections, a global hub as well as encryption. In other words: some trustworthy distributed network...
Pretty much like blockchain, right?
I know, it's hard to take in; I'm just as surprised as you are. But it does solve all the problems I can think of:
Trust, Availability, Easy access and Small size.
We just need to build it, so who's with me?