- Original Address: at The Economics of Package Penalty for Management
- Original author: ceejbot
- Translation from: Nuggets Translation Project
- Permalink article: github.com/xitu/gold-m...
- Translator: Baddyo
- Proofreaders: LanceZhu , MarchYuanx
npm economic situation - the lower half
Translator's Note:
- This article is the 2019 CJ Silverio in JSConf EU in the lower half of the translated speech in Congress.
- If you have not read the upper part of this series, please read: GitHub link , Nuggets link
- Speech Video: Youtube links , Youku link
From the JavaScript level, the specification of the language is part of the public resources of our developers. It is owned by a specially established organization, which allow all JavaScript stakeholders to work together to design and build the language. TC39 committee contributed in this regard.
All open source JavaScript are also part of our public resources. Babel source code, webpack source code, TypeScript source code, as well as React, Angular - thousands of open source packages constitute JavaScript public resources belong to us. Maintains a registry of these open source packages is also JavaScript public resources. With the registry, we can share with each other in order to easily find the source code needed. JavaScript also includes naming of public resources, the development of a series of ways to update the agreement.
But now, all these , an investment gold is completely sponsored by the wind the hands of private companies.
In the last year of this conference, Node.js inventor Ryan Dahl again stage presentation. He talked about Node.js of design errors . I quote his words here.
Center module repository (or even controlled by private) is a misfortune. - Ryan Dahl
When I first heard this, I would like to center on some of the concepts and Dahl debate, but on the part of private control of what he said, I had to be convinced.
Then we talk about private control. We rely on a shared platform JavaScript code is private control. What is the meaning?
npm business strategy at the helm of a company, JavaScript is community no right to speak. That code package is deleted for any reason? Code package naming dispute how to solve? This is a controversial topic! Do you remember the left-pad event?
The event is this: left-pad is dependent on another package dependencies for, when it was suddenly removed from the npm, each dependent on the installation of Babel continuous integration build software (CI build) have collapsed. So why left-pad will suddenly deleted it? Invited me to dinner and I'll tell you! But this does not expose the business strategy that did not exist, it makes our lives better and better, but also worse.
Want packet signature feature? That may be something to hope for! This feature not give the company a revenue-generating, so you are unlikely to see it on the line. Perhaps only the fear of accidents or public outcry to make that happen.
Please note that I am here just to say code package registry . Registration center is closed source, and its business strategy beyond our control. npm scaffolding tools (cli) actually open source, but this is not the point. The API npm temporary or open source, you need to write an important building block of scaffolding are also open source, free from npm control of the company. In any case, you have a third of the people using the other to interact with clients npm. We can not think of scaffolding tools involved, because in this regard, npm companies need the community to contribute.
The reason why open source API, because the company allows it to open. We simply can not control one single cent. We can not have an impact on the API, but can not do JavaScript beneficial to ecological change.
We can not touch the management of their resources. This isolation status will continue until the economic incentive for companies to change it. You do not know what they will do with your code packet data - you never know. You can choose to trust this opaque management mechanism.
But there is no accountability there is no trust, and we as a community member Javascript, there is no way npm whereabouts of corporate accountability.
When I was npm team, I can tell myself that I trust myself, I trust the team, I know that our motives are for the good of the community. Now, this is not a convincing answer, I once this trust is wrong. There is no way you put me in charge, there is no way to prove that I am trustworthy.
Slip slip.
In short, npm is a private nature of the entity, it controls our public resources, not our developers. This must mean that it is a heinous it? No, not all. But it is also not at all good deeds. Ask whether it can be regarded as mercy to ask the wrong object.
npm company is not a charity. The possibility of zero . Even with so little possibility, also long at that moment receiving venture capital and not give it to a foundation or other forms of community ownership of the demise exhausted. Npm that the decision to become a financial tool .
I say this is completely literally.
The so-called financial instruments, money is a contract between the capital side. They can be used to create and gadgets transactions. npm companies - control of npm JavaScript ecological role and you are using every day - in the eyes of its owner can change money but a bunch of tripe nothing. They sign a contract, do a business deal.
npm company is its owner for money means with money.
When you use npm, and when you npm terms of dealing with people, you'd better keep in mind the nature of npm company. I mean, look at motivation . In this story, most people's motives are ultimately money.
All the money.
Commercial companies do not love you, even those made to make you love the products.
"Build amazing things", this is just the slogan, to let you mistaken for a financial instrument is your friend. Over the years, this ad has been very effective, is not it? Give you a hug bear mascot, give you some nice stickers, plus a red heart emoticons, you hooked, right?
npm company does not love you. It is impossible to love you. npm company just a Delaware company, just a handful of cash cow Bale.
When I decided to start with their friends and hide in a corner whispering, as a rallying cry under a large crowd, I knew I fight an uphill battle. This family tradition npm capital fund sponsored by the popular company, my Quanma is also one of the reasons. I participated in the rise of its entire process - I also contributed. I have stood on the stage, in the face of you, parrot to say the phrase ad. I have to say, "I, CJ Silverio, love you all." That is my heartfelt words.
Now, I do not think anyone in front of you the audacity to say "npm love you" also can not be scolded. Over the past few months, npm have exhausted all the world. In fact, this should not be the case - decisions are a result of the company's operations. They made a decision, and under the double bet bet Ever since, we have come to such a field.
All this is how it happened? Why Baby Bear began blackening? Then let us tell the story, shall we?
We picked up from, uh, this time to 2018 points. All of you have benefited from free open-source JavaScript package. But you never thought of, or care about these open source packages is coming from, who is paying for these services. You only need to knock out installthe command, you have to code package automatically calls.
But the bandwidth is to spend money, someone has to come out of the money.
In this way, npm venture capitalists to spend the money to buy servers and bandwidth. The final retribution unhappy, lookout investment gold when planted into the bag as evil as Duzaimenkou creditors start knocking at the door, cleared his throat, ready with interest to ask for it back. "Ahem, we also know it? Put our money back to us." We finally see, sponsored by the venture capital company making money but nothing more. Capitalists will eventually do anything for 10 times earnings. They each make an investment should ensure that the gold master is the final winner. This business is not always earn no loss, but if you can not guarantee this security, you must have a compelling enough story to make sure you can make sure that the main gold money machine could have been afloat.
In essence, I think it is not wrong to accept the investment risk. Many companies target pull investment objectives and investors are matches, and not all investors are the same. Some investors like bait. Like Futureshape investors want to be very clear the world a better place. But more investors only care about profit. This is their starting point: to make money, to sell new patrons fattened sheep, earning ten times the profit. You took venture capital, it will grow rapidly. Either bigger or passed away.
Remember, npm company is a gold master the final say, not the developers who contribute to the open source treasure.
So npm company must be profitable, otherwise it would have fooled more investment to shattering.
Who feel that the ypm open out is a good idea of former Yahoo employees, he thought right, but he did not deliberate development after over open source, it turns out, the operating company may just have a good idea on the line, also you need a lot of blood and sweat. So in 2018, he hired a new CEO for the company he runs, and thus, Oh, something to toss. The new CEO took office first fire is to change the culture of npm - you know, that has been used as the set of cultural slogan output. After the new CEO in place, the first kick is forgiving, merciful npm culture.
The results do a public relations problem npm is obvious. We really liked to watch a community. If the master was a saint, that I might not be standing here. But I still could, because even a decent leader in this position, there are a lot of issues need to be resolved.
This is where the problem lies.
Public registry - all open source packages are indexed and stored in a place - is part of concern to everyone. This registry a great drain on the budget npm, and at the same time , investors think this is a profitable place. It controls all JavaScript development projects, because all JavaScript development projects as its voluntary agency. Data - user usage data - and profitable place. Each package-lock files are stored in the Amazon cloud storage somewhere, full of interesting data blocks on user preferences. It is also a powerful factor in API design influence. npm company no reason to reduce the number of client makes a request to the server when you install code package, because these requests could yield valuable data.
Npm registry is a burden. Want to keep up with continuous, almost exponential growth, we must pay the same amount of work. When I npm office, this heavy work takes up almost all of the time a small development team. Why is it so small development team? Then we do not have funding to expand the scale. Perhaps because then npm team is not good at telling funny stories to investors, potential investors who might also know that we get no money glittering program. I'm not sure in the end what is the reason. But in short, the team's only enough funds to maintain the free service of JavaScript, but unable to make a decent product to sell. Finally, venture capital is about to expire. Finally, to a pass-break.
All the money.
So, now our situation become so, npm company has not fully recognize their own destiny as a tool for some people to make money, and these people are not JavaScript developers. Maybe it will work, maybe it will go bankrupt. Maybe it will all hate our way to make money, squeeze profits from each of you a lot of valuable data user.
Now, we all know npm does not love us, do not love its people. We glared at them, but at the same installation code package still use it. I, personally, can not stride to this situation. I suspect that this situation will not last long.
In fact, the story does not have to be this trend. In the course of recent months and earlier, the starring you could have chosen a different path. But now it has become such. Holds the role of our public resources, is not worthy of our trust in the role, because it does not coincide with the original intention of these aspirations of our community members JavaScript.
How do we deal with this situation?
One answer is to not do anything, because we could not do anything anyway. Our community in 2013 had already made a choice, and one way to. We can only hope npm company's collapse, and so it really went out of business, then we tough few months time to find alternatives.
I do not like this answer.
Imagine the situation npm is a pirate company (company dedicated to the acquisition of recession and forced reform) in charge of. Such takeovers may not be interested in having a public registry to maintain the operation, you may also want to misuse of user data. We, npm users, subject to the Board's decision, and in view of the poor performance of the board of directors so far the vision into reality a lot of possibilities.
There is a more optimistic ending. A larger body mass Savior company from heaven to save our beloved among npm veering, so that our public resources revitalized. But even if the company in charge of npm very tricky, I think this is a temporary solution. Microsoft now plays a benevolent role, but they certainly would not have been the case. Google has also played a kind of role, but now alive a Microsoft countenance the kind of monopoly of the nineties.
I hope we can avoid repeating the mistakes of the past decade.
I think I agree with Ryan Dahl point of view. npm should not be privatized. I think the center of a burden will inevitably lead to private control, because the server is always a sum of overhead. If we all shared, we can Kang Zhu this burden.
This may make you feel impossible. You feel npm entrenched. A few months ago I think so, but then npm company owners do not know the reasons, a fire burned their conscience clean, all trusts, including me, who are willing to have spared no efforts conscience . It is then "pop" is heard, burned. They JavaScript community of values, of our developers so bad, they are deliberately whom! (Here with an angry gesture)
And, standing still is not my style. Do anything does not exist in my dictionary.
In addition, I would say that, despite all this happened, but I still have faith Potlatch culture. I think it is good for us to share with each other, and even if some people take advantage of this to make money, I can calmly face.
So I want to announce here. I want to share something with you today. And not just me who share a man. Chris Dickinson my colleagues and I have been doing this together.
Today I want to introduce you to Entropic, a JavaScript joint package management tool.
Entropic based on Apache 2 license, you can run only introducing your own registry.
Entropic tool with its own scaffolding, called dsthat entropy delta.
Entropic provide a new release and installation API, which greatly reduces the amount of network requests. Mounting unit is a file, rather than a heavy pack.
Entropic is a joint nature. You can use Entropic dependencies from other instances, the local instance and you will be all of your dependencies mirroring, so that the self-sufficient.
Entropic will back up your installed from the legacy package management tool for all dependencies.
Installation requirements are very simple, we have to be of the container.
You can use GitHub account login, and supports any other OAuth authentication provider.
(Play a short demo video here)
This project is just one month. We are not ready to push it into the public eye, but for early adopters developers, it is enough to make you play.
Entropic there are many features, and we have compiled a long list of features to be developed. For example, Entropic currently do not have a website. If you are interested, you can go look at GitHub repository long one issue.
What Entropic's goal is?
First of all, I would like to prove that, in addition to not do anything, we have other options. We do not have to sit in place waiting for the collapse of npm take action. Optimistic, positive number, we have the ability.
Second, Chris and I and a few others a deep understanding of open source packages registry problem to be solved, especially the scale of the problem. Our community now an urgent need for such a special experience, but few of us have an urgent need to share such experiences. We chose to share out something of value. Potlatch compliance culture: our experience as a gift a gift dwellers.
Third, I think it will eventually decline of the center, I would like out of a force in this process. Over the past decade, a decade unified integration services, but the next decade will belong to the joint of the decade. The share of joint expenses. The differentiation of the Joint centralization. The decomposition of the one-man joint. The union of our eco-handed control over the language of our own hands.
My vision is by Entropic, help us all to recapture public resources. Recapture, we are no longer venture capitalists case of the board of fish. Recapture, we can go a different way and a decision to embark on the year-end 2013. Recapture! As a large number of community developers, we have the ability to fight back. At the moment, Entropic is that we recapture ChongFengHao JavaScript public resources.
About Entropic, there is a lot to say, there are many want to do, but the time to share it with you all.
If we understand that we do not love npm - I do not love, if we understand that a private company should not have control over public resources - indeed should not, then it's time to take a step up. I firmly believe that a good developer community composed of fine, they have the amazing world of talent and will. At this critical juncture, Web's future at stake, we should not let the rules of a company to define our destiny should not allow a company to control! We recapture control of, and in order to recapture, we need to work together to improve Entropic.
We want to love this community, passed to us by themselves and others. Please be sure to treat this love.
If you find there is a translation error or other areas for improvement, welcome to Denver translation program to be modified and translations PR, also obtained the corresponding bonus points. The beginning of the article Permalink article is the MarkDown the links in this article on GitHub.
Nuggets Translation Project is a high-quality translation of technical articles Internet community, Source for the Nuggets English Share article on. Content covering Android , iOS , front-end , back-end , block chain , product , design , artificial intelligence field, etc., you want to see more high-quality translations, please continue to focus Nuggets translation program , the official micro-blog , we know almost columns .