Discussion on: Entropic: federated JS package registry, announced at JSConfEU 2019

rhymes profile image

Who will run Entropic instances? As an individual, I don't see any incentives to run an instance myself, unless this is made very easy and transparent (like a daemon running on my PC with low energy usage).

Institutions, foundations, companies. The important thing is that one could switch on a moments notice.

Is there any risk of an Entropic instance ended up as the "go-to", meaning going back to a centralized model?

Yeah, there's always going to be a few "go to" servers, especially if they have a faster CDN. The trick is to make it transparent to the user. Even a public log where all the mirrors and modules are that a tool can parse and adjust at runtime it's a good start

dmfay profile image
Dian Fay

I think Java's Maven offers an interesting model: the biggest public registry/repository is maintained by Sonatype, which afaik is also a private company, if an older and stabler one than npm. However, the Maven POM format makes including other and multiple registries extremely simple and there's no shortage of mirrors. Node package.json files don't allow for this: you're locked into one registry at a time. I got started with Node a year or two after npm became the dominant registry but I've often wondered how and why that turned out the way it did.