Serious question: what are the actual benefits of the npm registry compared to just Github / Gitlab? It just hit me that most of the reasons I see are artificials.
Conversation
At minimum, you would need a separate source of metadata to avoid needing to clone tons of repos just to do dependency resolution.
You would also need everyone to agree on a single version/tag scheme (and messing it up would break things)
3
2
The TLDR is that npm (and cargo, and rubygems, etc) are places that have a self-contained and (more or less) permanent list of all of the packages in the ecosystem.
2
Yeah, that converges with what was saying. I wonder how much of this is a matter of tooling.
Quote Tweet
Replying to @arcanis
The main one is that they offer an endpoint where you can query all the package.jsons for all the versions in one single request.
1
I realized that if you were going to build all that tooling to ensure packages can't be unpublished etc, it would involve some kind of daemon acting as a service. May as well deploy custom npm server at that point, which you can already do today.
1
1
One benefit of git based package management is that everyone already has a github account for project development, and it would be nice to have only one account/auth to manage.
1
1
That's why cargo uses GitHub for sign in. Underrated early cargo decision.
1
5
Incidentally, when I was first working on cargo back in 2014, I wrote a FAQ that included precisely this question:
doc.rust-lang.org/cargo/faq.html
1
This is a perennial question, but frankly once people have registries, the speculative idea that GitHub would be much simpler kind of evaporates.
All that said, it is very important for package managers to support git as a fallback and for private packages.
1
2
Having used a package manager without the ability to seamlessly refer to packages in external repositories (in Elm) I know how much of a pain it is. It's so handy, even if it's just to support initial prototyping, or testing out a patch/bug-fix before publishing.
Totally! This has been a critical feature in the package managers I have worked on personally (Cargo / Bundler) and ones I closely advised (like Yarn, but that mostly came from npm already having the feature).
Quick patches and local dev are critical use-cases for package mgrs.
1