Of all the problems with NPM, it being centralized is the last of them imo.
Having experienced the mess that is go's decentralized dependency management, I'm not sure why anyone would want to replicate it.
Putting aside security, availability and mutability is a massive problem, anyone can stop hosting their module, or worse, change an existing published module at any time.
Why not take some inspiration from maven central, and run a central repo that actually provides some validation on the quality of and consistency of published artifacts.
> Why not take some inspiration from maven central, and run a central repo that actually provides some validation on the quality of and consistency of published artifacts.
Because then it would be hard to have a new hot framework every day.
Putting aside security, availability and mutability is a massive problem, anyone can stop hosting their module, or worse, change an existing published module at any time.
Why not take some inspiration from maven central, and run a central repo that actually provides some validation on the quality of and consistency of published artifacts.