he/him 
Both clients have first-class support, caching etc. Registry packages are just tarballs after all. This would actually be faster as there's no need to hit a JSON endpoint to get the package URL 
Show this thread
If you had to install an npm package by URL, instead of by registry name, would you mind? eg. $ npm install https://website.com/package.tgz $ yarn add https://website.com/package.tgz
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Just to be specific. This is a capability that those npm clients offer TODAY. It circumvents the registry, but that's by design. You can even append a SHA1 hash to the URL to enforce integrity checks, actually safer than the registry because it's author-provided.
Show this thread -
PROS: - Author provided integrity hashes - Distributed package distribution - No guardian of control CONS: - No semver ranges (would only work well for top-level dependencies) - Sketchy availability (increased reliance on multiple servers) - Hard to self-host
Show this thread
End of conversation
New conversation -
-
-
Can you elaborate about what you mean?
- 6 more replies
New conversation -
-
-
sounds like going from domains to ip addresses for websites
-
I think that's too simplified. It's more like going from a DNS monopoly to a distributed system of DNS servers with their own distribution.
- 3 more replies
New conversation -
-
-
Can people please stop trying to explain to me how bower, git and npm work lol
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
You mean like how I have to reference git repositories by URL when cloning?
-
Yeah, basically. Not similar to how git URLs work though in npm clients, there's a lot of overhead associated there.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.