he/him 
If you had to install an npm package by URL, instead of by registry name, would you mind? eg. $ npm install https://website.com/package.tgz $ yarn add https://website.com/package.tgz
Show this thread
Both clients have first-class support, caching etc. Registry packages are just tarballs after all. This would actually be faster as there's no need to hit a JSON endpoint to get the package URL 
-
-
Wouldn’t this only be faster if the package has no deps (or if they’re all bundled)? They couldn’t prefetch in parallel. I would expect that such a system would result in fewer bigger deps, like what we see in golang, java, or in js pre-2009.
-
Yeah it would. I should have clarified, I was way too vague. The packages I’m imagining this for are top-level and wouldn’t have any external dependencies.
End of conversation
New conversation -
-
-
This Tweet is unavailable.
-
You can add on "#<SHA1HASHHERE>" to enforce the integrity of tarball URLs. In fact, it would be safer because the package author is giving you the hash, not the registry.
- 1 more reply
-
-
-
"This would actually be faster as there's no need to hit a JSON endpoint to get the package URL" Where would the metadata come from to resolve e.g. the latest version of a package?
-
It doesn't resolve version info; what's at the URL is what you get. I've seen this used for dependencies that are unversioned.
- 2 more replies
New conversation -
-
-
As a developer I don’t care, where my package is located. Just gimme the package
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
What does mean first-class? Can I have a link explain it?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.