CJ Silverio, who stepped down as CTO of NPM Inc at the end of last year, new package repository , which is being developed as a distributed alternative to NPM that is not controlled by a specific company. The Entropic code is written in JavaScript and licensed under Apache 2.0. The project has only been developing for a month and is at the initial prototype stage, but already supports basic operations such as connecting, publishing, and installing packages.
The reason for the creation of Entropic is the complete dependence of the JavaScript / Node.js ecosystem on NPM Inc, which controls the development of the package manager and the maintenance of the NPM repository. There is a situation where a profit-seeking company has sole control over a system upon which millions of JavaScript developers and applications depend, and which processes billions of package downloads per week.
A recent string of employee layoffs, management changes, and NPM Inc's flirting with investors have created a sense of uncertainty about NPM's future and distrust that the company will serve the interests of the community, not investors. According to Silverio, the business of NPM Inc cannot be trusted because the community does not have the leverage to hold it accountable for its actions. Moreover, the profit orientation prevents the implementation of primary, from the point of view of the community, but not bringing money and requiring additional resources, features, such as support for digital signature verification.
Silverio also doubts that NPM Inc is interested in optimizing the interaction with its backend, as this will lead to a decrease in data flows that are potentially interesting in terms of monetization. Every time you run the command "Β» the contents of the file are given outside , which includes a lot of interesting information about what the developer does. In response, several prominent members of the JavaScript/Node.js community have begun developing an alternative that is not controlled by individual companies.
The Entropic system uses the principle of a federated network, in which a developer can deploy a server with a repository of the packages he uses and connect it to a common distributed network that unites disparate private repositories into a single whole. Entropic implies the coexistence of many repositories, interaction with which is carried out as part of a normal workflow.
All packages are separated using namespaces and include information about the host hosting their primary repository.
A namespace is essentially the name of a package owner or group of maintainers who have the right to release updates. In general, the packet address looks like "[email protected]/pkg-name".
Metadata and dependency information are defined in the format .
In the case of placing a package in the local repository that is linked by dependencies from other repositories, these packages are mirrored in the local repository. Thus, the local repository becomes self-contained and includes copies of all necessary dependencies. There is a layer for interacting with the classic NPM repository, which is treated as a read-only archive. You can also install packages from NPM using locally deployed Entropic environments.
For management, a command line toolkit is provided that simplifies the deployment of repositories on your local network. Entropic offers brand new and a storage system that minimizes the amount of data downloaded over the network. Entropic is touted as a universal system that can be used to create repositories for packages in any programming language, but nevertheless, Entropic is developed with JavaScript in mind and is best suited for projects in this language.
Source: opennet.ru