Is npm Enough? Why Startups Are Coming After This JavaScript Package Registry (redmonk.com)
(Thursday February 27, 2025 @11:40AM (msmash)
from the closer-look dept.)
- Reference: 0176557367
- News link: https://it.slashdot.org/story/25/02/27/0923237/is-npm-enough-why-startups-are-coming-after-this-javascript-package-registry
- Source link: https://redmonk.com/kholterhoff/2025/01/30/is-npm-enough/
The JavaScript package world is heating up as startups [1]attempt to challenge npm's long-standing dominance . While npm remains the backbone of JavaScript dependency management, Deno's JSR and vlt's vsr have entered the scene with impressive backing and even more impressive leadership -- JSR comes from Node.js creator Ryan Dahl, while npm's own creator Isaac Schlueter is behind vsr. Neither aims to completely replace npm, instead building compatible layers that promise better developer experiences.
Many developers feel GitHub has left npm to stagnate since its 2020 acquisition, doing just enough to keep it running while neglecting innovations. Security problems and package spam have only intensified these frustrations. Yet these newcomers face the same harsh reality that pushed npm into GitHub's arms: running a package registry costs serious money -- not just for servers, but for lawyers handling trademark fights and content moderation.
[1] https://redmonk.com/kholterhoff/2025/01/30/is-npm-enough/
Many developers feel GitHub has left npm to stagnate since its 2020 acquisition, doing just enough to keep it running while neglecting innovations. Security problems and package spam have only intensified these frustrations. Yet these newcomers face the same harsh reality that pushed npm into GitHub's arms: running a package registry costs serious money -- not just for servers, but for lawyers handling trademark fights and content moderation.
[1] https://redmonk.com/kholterhoff/2025/01/30/is-npm-enough/
A question (Score:2)
by ArchieBunker ( 132337 )
How on earth did anyone ever write code before the advent of these always connected library collections?
Re: (Score:1)
by bad-badtz-maru ( 119524 )
You downloaded the libraries manually. As the repositories became more popular, and there was more cross-library code reuse, it required downloading more and more libraries individually. So the package manager was born.
waste (Score:1)
by cen1 ( 2915315 )
NPM single-handedly wasted millions of hours of developer time troubleshooting ridiculous issues and took us back at least 10 years by introducing the whole web cancer and JS dependency hell. Change my mind.
"Problem: There are now 28 competing standards." (Score:2)
I hate fucking around with package managers, but that's because I hate fucking around with packages. They call it "hell" for a reason. The only thing worse than having to fuck around with a package manager is having to fuck around with TWO package managers.
Re: (Score:2)
It's both a celebration and a destruction of open source as a concept.
You can publish any sort of tool for others to use in their projects easily, and on the other side you can find a tool for almost anything you need. But the idea of just changing the code you fetch to suit your needs has become an extremely difficult problem to solve. You can't just go edit the code to fix it for your case and push it to your team's repo, and send a patch to the owner if you think it helps.
No. Now you gotta go up to th