Return of the JSedi: After being ousted from NPM Inc, former CTO is back with rival package registry Entropic After being ousted late last year as CTO of JavaScript package registry NPM Inc in a management shakeup, CJ Silverio on Saturday unveiled a self-hosted federated package registry called Entropic that she hopes will serve the JavaScript community better than her former employer's technology. It is the third such effort to …
But all the cool kids are into pulling in random stuff from the internet for nightly builds. No hipster millennial has time to understand things like threading or even how a computer works at the hardware level. All about gluing whatever is the hot new frameworks, runtimes and libraries together and posting your web "developer" cred on social media.
"Entropic is federated," Silverio explained. "You can depend on packages from any other Entropic instance, and ..."
How will this compare to the level of 'trust' I can have in Git repositories? A specific revision is trustworthy because it exists in multiple places and its instance can't be faked when multiple repositories can be sampled. And I can have reasonable assurance where the revision came from.
But a JS package, a collection of many historical _and_ recent revisions? How will this work? When practically every other spork has a flaw that lets something dribble down chins, can we be assured the technical aspects are as fine as the social slogans?
(and no, I am not defending NPM - I think they sporked the durian quite tine thank you)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
