New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why restrict components to NPM? #14

Closed
howardroark opened this Issue Sep 11, 2014 · 4 comments

Comments

3 participants
@howardroark

howardroark commented Sep 11, 2014

Close this up if you feel like I am trolling (which I am) :) No offence taken and I apologize! Just thought that given the cutting edge nature of bioinformatics, you may want to help think of ways to push the boundaries of how we use Node.js :)

There is not an easy alternative to NPM as of yet, but the idea is the main point. Why not just source a package from where ever you please? Instead of a "node_modules" folder at the root, offer a "modules" folder instead. NPM ends up limiting the names people can use and could be described as a cumbersome process. Just about every NPM package is a GitHub repo anyway, why not cut out the middle man.

It would be amazing if there was a simple schema that allowed you to source packages from Git over ssh, http servers and local file systems. To follow the UNIX philosophy well there is likely a few separate projects would have to spin out of the idea. I just feel that eventually NPM has to go, or any body which claims an amount authority as to what stays and goes.

For inspiration there are these projects...

https://github.com/duojs/duo (this is really focused on the browser, but the core idea is key)
https://github.com/ismotgroup/bring (the concept of replacing "require" with an alternative is really the point here)

Thanks!

@wilzbach

This comment has been minimized.

Member

wilzbach commented Sep 11, 2014

have a look at #9 .

The reason why Bionode and also BioJS haven choosen npm as platform is that npm is the missing package manager for JavaScript.

Why not just source a package from where ever you please?

NPM supports that.

https://www.npmjs.org/doc/cli/npm-install.html

NPM packages work with github repos, however

  • you don't have versioning.
  • you normally don't push binaries (e.g. compiled JavaScript from CoffeeScript) into your github account

I just feel that eventually NPM has to go

Why? One could say the same about PyPy or RubyGems

For inspiration there are these projects.

They both depend on npm for their installation ;-)

like I am trolling

Start learning about NPM. NPM is awesome ;-)

@bmpvieira

This comment has been minimized.

Member

bmpvieira commented Sep 11, 2014

I just feel that eventually NPM has to go

I don't agree that NPM "has to go". On the contrary, I think that EVERYTHING (not only JavaScript) should be on NPM! However, we should have many distributed and connected "NPMs" to avoid depending too much on one registry. To understand what I mean, check out this amazing talk (that I was lucky enough to see live) by @substack: James Halliday (substack) - LXJS 2013 - Modularidade para todos

claims an amount authority as to what stays and goes

No one is really "controlling" what goes on NPM, so you can just put whatever you want. I don't think fragmentation in package managers is a good thing (see Python). Ideally, you want a package manager that is really good like NPM to have everything there in order to increase reusability. Among other things, NPM solves semantic versioning so that we can rely on other people's code without worrying that they might rewrite the code and not update the version number (something that might happen if we use GitHub directly).

NPM ends up limiting the names people can use

If you run out of names on NPM, no one is stopping you from mirroring GitHub and naming your modules "username-modulename".

If I haven't convinced you yet, I think the following illustration will make my case much stronger:

NPM all the things

@howardroark

This comment has been minimized.

howardroark commented Sep 12, 2014

I feel like I'm getting a bite here, so I'm gonna get into this :) I would have made all the same points a week ago, but I have been converted!

@greenify

If the main point of #9 was to decide whether or not to use AMD... don't do it! Browserify has caught on so quickly because people just get it. It also proves that you can do a lot of great stuff using require, that you may not have considered before. The main idea behind duo as well :)

NPM supports that.

Totally. They know it's right deep down inside ;)

Why? One could say the same about PyPy or RubyGems

Philosophically, yeah they should adapt. I mean they could be informative catalogs that keep things close to a topic (ie. language), but ultimately they should just point you to a Git repo to get stuff. They can even all have handy command line tools that make life easy and do stuff for you.

you normally don't push binaries (e.g. compiled JavaScript from CoffeeScript) into your github account

I would say that your example is not quite there, but maybe there just isn't many examples these days. I think dealing with binaries is a bit of a thing of the past. Plus you could have a post fetch hook that does some work to convert Coffee to JS.

They both depend on npm for their installation ;-)

True until something else comes along :)

@bmpvieira

I think that EVERYTHING (not only JavaScript) should be on NPM

I whole heartedly agree with what your are saying, but isn't that what GitHub is? A place where all the open-source sits and gets worked on each day.

NPM solves semantic versioning

The tag of a git reference makes this process pretty simple as well.

If you run out of names on NPM, no one is stopping you from mirroring GitHub and naming your modules "username-modulename".

True. It is still sad though... not being allowed to call it what you wanted to call it. Always seeing it named everywhere as "COULDHAVEBEEN-PERFECT". If you ever wanted to to transfer it to someone else you then have a debacle.

NPM INSTALL ALL THINGS

I love the idea and what it means! BUT... why HAVE to run a command argument to install something? Why not just go get it when you need it? Why not be able to just "require" from anywhere? Why can't it come from Git, your local files or an http server? I know this involves a bunch of new tools and some rethinking, but it would be sweet!

I dunno. I just struggle to see how any component to any greater system needs to be much more than a Git Repo with a file that describes what to do with it when installing. I'm not saying that GitHub is king, but the patterns of Git are... and here to stay. GitHub just happens to be the company that most capitalized from it.

I'm not really expecting to convince you! Though, I still have not be drawn to your side, haha! Yes NPM is just fine and dandy, it's just not perfect. Thanks for being good about my trolling and putting some quality thought into your replies... I got a lot of good thinking out of it. I just feel that if any community is going to move away from Old School ways it has got to be the Node community!

I will let you do the honours of closing this issue. I hope that I have not annoyed you to much :p

@bmpvieira

This comment has been minimized.

Member

bmpvieira commented Apr 4, 2015

Thanks @howardroark and @greenify for this interesting discussion. Nowadays NPM has more modules than any other package manager and most importantly "It Just Works™". Although in JavaScript there is some other interesting package managers, I think this is a subject where "less is more", and NPM works fine on the frontend too.

@howardroark also check this answer on another thread, in particular the part where he mentions how a game project got screwed because the Go language package manager fetches directly from version control systems and thus doesn't host a copy of the dependency, which makes it vulnerable to changes. That is why we shouldn't just rely on Git/GitHub.

I'm going to close this, but feel free to continue to discuss on gitter.im/bionode/bionode or IRC #bionode

@bmpvieira bmpvieira closed this Apr 4, 2015

@bmpvieira bmpvieira added the question label Apr 4, 2015

@bmpvieira bmpvieira added discussion and removed question labels Apr 4, 2017

@bmpvieira bmpvieira self-assigned this Apr 5, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment