Nice work of the PouchDB authors. But one point still angers me:
> There are still plenty of thorny issues with scopes, such as the fact that npm organizations are not free for open-source yet, meaning we would have to register a single pouchdb account and share it among all the contributors
W T F. Please don't tell me that the entire JS ecosystem (given that pretty much everyone except Ionic has shifted to exclusive npm usage, except Ionic which apparently needs bower IN ADDITION to npm, which is ridiculous enough on its own) depends on an entity that may very well decide it needs to monetize and screw over all people who were stupid enough to put node_modules inside .gitignore?!
It's crazy enough that everyone and their dog relies on GitHub for hosting the source code, but at least GitHub can be replaced by a simple "git remote set origin ... && git push". I don't see ANY such replacement possibility for npm.
Have people not learned ANYTHING about "single points of failure", especially after the leftpad desaster??
(Author here.) Actually it's fairly easy to swap out npm for another package manager. Under the hood, npm is just CouchDB, meaning you can replicate from npm by simply clicking the "replicate" button in CouchDB's Futon UI. There are also plenty of npm-like alternative implementations, such as Sinopia, local-npm, Nexus, etc. You can also just `npm pack`, host the tarball, and `npm install` from the tarball.
For better or worse, npm is the package manager for JavaScript – it won. We definitely need to be vigilant to make sure npm (the company) doesn't add proprietary features that lock us in to their service, but that's another reason the PouchDB team didn't choose scoped packages – it doesn't play very nicely with the rest of the npm-esque ecosystem, due to not being part of the main CouchDB changes feed (as well as other issues). Although, I'm told by npm folks that many of those issues with scoped packages have been fixed, and they're working on fixing the remaining ones.
> We definitely need to be vigilant to make sure npm (the company) doesn't add proprietary features that lock us in to their service, but that's another reason the PouchDB team didn't choose scoped packages
And thank you for this. I have the feeling that not many people explicitly take failures into account these days.
> There are still plenty of thorny issues with scopes, such as the fact that npm organizations are not free for open-source yet, meaning we would have to register a single pouchdb account and share it among all the contributors
W T F. Please don't tell me that the entire JS ecosystem (given that pretty much everyone except Ionic has shifted to exclusive npm usage, except Ionic which apparently needs bower IN ADDITION to npm, which is ridiculous enough on its own) depends on an entity that may very well decide it needs to monetize and screw over all people who were stupid enough to put node_modules inside .gitignore?!
It's crazy enough that everyone and their dog relies on GitHub for hosting the source code, but at least GitHub can be replaced by a simple "git remote set origin ... && git push". I don't see ANY such replacement possibility for npm.
Have people not learned ANYTHING about "single points of failure", especially after the leftpad desaster??