Silverio tells the story of how npm gained official status and characterizes its success as a catastrophe for a centralized package registry and repository. Although centralization has some advantages for usability and reliability, success can be expensive when a centralized service becomes popular. She described the events leading up to npm’s incorporation in 2013. The registry was down more than it was up in October 2013 and npm needed money.
Presumably speaking from her intimate knowledge of the company’s inner workings, Silverio describes how VC-funding turned npm Inc. into a financial instrument.
“Financial instruments are contracts about money,” she said. “npm Inc, the company that owns our language ecosystem, is a thing that might as well be a collection of pork bellies, as far as its owners are concerned. They make contracts with each other and trade bits of it around. npm Inc. is a means for turning money into more money.”
Her sharp criticism of centralized package management leads into her announcement of a federated, decentralized package registry called Entropic that she created with former npm colleague Chris Dickinson and more than a dozen contributors. The project is Apache 2.0 licensed and its creators are working in cooperation with the OpenJS Foundation.
Warming my heart right now: how many former npm-ers are contributing to entropic <3
— Ceej Architect Tech Companies (@ceejbot) June 6, 2019
Entropic comes with its own CLI, and offers a new file-centric publication API. All packages published to the registry are public and developers are encouraged to use something like the GitHub Package Registry if they need to control access to packages. The project is just over a month old and is not ready for use.
“I think it’s right that the pendulum is swinging away from centralization and I want to lend my push to the swing,” Silverio said. The last decade has been about consolidation and monolithic services, but the coming decade is going to be federated. Federation spreads out costs. It spreads out control. It spreads out policy-making. It hands control of your slice of our language ecosystem to you. My hope is that by giving Entropic away, I’ll help us take our language commons back.”