CJ Silverio, who stepped down as CTO of NPM Inc at the end of last year,
The reason for the creation of Entropic is the complete dependence of the JavaScript / Node.js ecosystem on NPM Inc, which controls the development of the package manager and the maintenance of the NPM repository. There is a situation where a profit-seeking company has sole control over a system upon which millions of JavaScript developers and applications depend, and which processes billions of package downloads per week.
A recent string of employee layoffs, management changes, and NPM Inc's flirting with investors have created a sense of uncertainty about NPM's future and distrust that the company will serve the interests of the community, not investors. According to Silverio, the business of NPM Inc cannot be trusted because the community does not have the leverage to hold it accountable for its actions. Moreover, the profit orientation prevents the implementation of primary, from the point of view of the community, but not bringing money and requiring additional resources, features, such as support for digital signature verification.
Silverio also doubts that NPM Inc is interested in optimizing the interaction with its backend, as this will lead to a decrease in data flows that are potentially interesting in terms of monetization. Every time you run the command "
The Entropic system uses the principle of a federated network, in which a developer can deploy a server with a repository of the packages he uses and connect it to a common distributed network that unites disparate private repositories into a single whole. Entropic implies the coexistence of many repositories, interaction with which is carried out as part of a normal workflow.
All packages are separated using namespaces and include information about the host hosting their primary repository.
A namespace is essentially the name of a package owner or group of maintainers who have the right to release updates. In general, the packet address looks like "[email protected]/pkg-name".
Metadata and dependency information are defined in the format
In the case of placing a package in the local repository that is linked by dependencies from other repositories, these packages are mirrored in the local repository. Thus, the local repository becomes self-contained and includes copies of all necessary dependencies. There is a layer for interacting with the classic NPM repository, which is treated as a read-only archive. You can also install packages from NPM using locally deployed Entropic environments.
For management, a command line toolkit is provided that simplifies the deployment of repositories on your local network. Entropic offers brand new
Source: opennet.ru