Former npm, Inc. CTO Announces Entropic, a Decentralized Package Registry

Former npm, Inc. CTO Announces Entropic, a Decentralized Package Registry

CJ Silverio, former CTO of npm Inc., gave a presentation at JSConf EU 2019 in Berlin earlier this month titled “The Economics of Open Source.” More specifically, she discussed the economics of package management as it applies to open source software, based on her unique perspective and experience gained in working for the company that runs the world’s largest JavaScript package registry.

Silverio tells the story of how npm gained official status and characterizes its success as a catastrophe for a centralized package registry and repository. Although centralization has some advantages for usability and reliability, success can be expensive when a centralized service becomes popular. She described the events leading up to npm’s incorporation in 2013. The registry was down more than it was up in October 2013 and npm needed money.

npm’s owner took seed funding from a VC firm and the Node project continued to give npm special privileges. Developers perpetuated this by continuing to use npm, as over time it had come to define developers’ expectations in serving JavaScript packages. Silverio discusses some of the consequences of npm coming under private control, how developers now have no input into registry policies or how disputes are resolved.

Presumably speaking from her intimate knowledge of the company’s inner workings, Silverio describes how VC-funding turned npm Inc. into a financial instrument.

“Financial instruments are contracts about money,” she said. “npm Inc, the company that owns our language ecosystem, is a thing that might as well be a collection of pork bellies, as far as its owners are concerned. They make contracts with each other and trade bits of it around. npm Inc. is a means for turning money into more money.”

Silverio contends that JavaScript’s package registry should not be privately controlled and that centralization is a burden that will inevitably lead to private control because the servers cost money.

Her sharp criticism of centralized package management leads into her announcement of a federated, decentralized package registry called Entropic that she created with former npm colleague Chris Dickinson and more than a dozen contributors. The project is Apache 2.0 licensed and its creators are working in cooperation with the OpenJS Foundation.

Entropic comes with its own CLI, and offers a new file-centric publication API. All packages published to the registry are public and developers are encouraged to use something like the GitHub Package Registry if they need to control access to packages. The project is just over a month old and is not ready for use.

“I think it’s right that the pendulum is swinging away from centralization and I want to lend my push to the swing,” Silverio said. The last decade has been about consolidation and monolithic services, but the coming decade is going to be federated. Federation spreads out costs. It spreads out control. It spreads out policy-making. It hands control of your slice of our language ecosystem to you. My hope is that by giving Entropic away, I’ll help us take our language commons back.”

Silverio’s Economics of Package Management essay is available on GitHub. Check out the video of the presentation from JSConf EU below. If decentralized package management gains momentum and becomes the standard for the industry, this video captures what may become a turning point in the JavaScript ecosystem and a defining moment for the future of the web.

[embedded content]

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let’s discuss your ideas.
npm’s 2019 JavaScript Ecosystem Survey Shows 63% of Respondents are Using React

npm’s 2019 JavaScript Ecosystem Survey Shows 63% of Respondents are Using React

npm, Inc. has released a preview of the results of its Enterprise JavaScript in 2019 survey, which was conducted from 12/1/18 – 1/8/19. The company received 33,478 responses from developers across 23 industries and 194 countries and territories. Twenty-two languages were represented and less than half of respondents spoke English (47.13%), although the survey was in English.

The preview highlights essential trends in the JavaScript ecosystem. React’s growing popularity is the least surprising among these trends. The results showed that 63% of respondents are using React.

npm Inc. estimates that there are approximately 5 million React developers worldwide and concludes that “There has never been a JavaScript framework this popular before, and it is more than twice as popular as the next-biggest framework, Angular.”

Results for other frameworks are not yet available to the public but npm Inc. plans to share more details in future articles.

Nearly half (49%) of respondents have more than 5 years of experience using JavaScript, a 9% increase from the previous year’s survey, shifting an estimated 1 million participants into this category. This indicates that the JavaScript user base is becoming more sophisticated overall.

Another trend is the rising popularity of GraphQL. While its adoption is still relatively low, with only 7% of respondents indicating that they use it frequently, 23% of developers use it for some of their projects. The results showed that 72% of npm users are using or considering using GraphQL in 2019.

In a post that goes further in depth on the methodology used for the survey, nmp Inc. said the company did not collect demographics on race or gender identity, so the data may not be representative of the broader population of JavaScript users on these metrics. English speakers are also over-represented and the survey may contain some bias towards the opinions of users “who have more affinity to npm as an organization.” However, results from independent surveys like the 2018 State of JS Survey, show similar trends in the JavaScript ecosystem.

npm Inc. will be sending out follow-up surveys to specific groups of respondents who volunteered to answer additional questions. The company plans to publish more data from the questions about tooling choices, technical preferences, and attitudes towards various professional practices.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let’s discuss your ideas.