
Introducing PouchDB custom builds - nolanl
https://pouchdb.com/2016/06/06/introducing-pouchdb-custom-builds.html
======
mschuster91
Nice work of the PouchDB authors. But one point still angers me:

> There are still plenty of thorny issues with scopes, such as the fact that
> npm organizations are not free for open-source yet, meaning we would have to
> register a single pouchdb account and share it among all the contributors

W T F. Please don't tell me that the entire JS ecosystem (given that pretty
much everyone except Ionic has shifted to exclusive npm usage, except Ionic
which apparently needs bower IN ADDITION to npm, which is ridiculous enough on
its own) depends on an entity that may very well decide it needs to monetize
and screw over all people who were stupid enough to put node_modules inside
.gitignore?!

It's crazy enough that everyone and their dog relies on GitHub for hosting the
source code, but at least GitHub can be replaced by a simple "git remote set
origin ... && git push". I don't see ANY such replacement possibility for npm.

Have people not learned ANYTHING about "single points of failure", especially
after the leftpad desaster??

~~~
nolanl
(Author here.) Actually it's fairly easy to swap out npm for another package
manager. Under the hood, npm is just CouchDB, meaning you can replicate from
npm by simply clicking the "replicate" button in CouchDB's Futon UI. There are
also plenty of npm-like alternative implementations, such as Sinopia, local-
npm, Nexus, etc. You can also just `npm pack`, host the tarball, and `npm
install` from the tarball.

For better or worse, npm is the package manager for JavaScript – it won. We
definitely need to be vigilant to make sure npm (the company) doesn't add
proprietary features that lock us in to their service, but that's another
reason the PouchDB team didn't choose scoped packages – it doesn't play very
nicely with the rest of the npm-esque ecosystem, due to not being part of the
main CouchDB changes feed (as well as other issues). Although, I'm told by npm
folks that many of those issues with scoped packages have been fixed, and
they're working on fixing the remaining ones.

~~~
mschuster91
> We definitely need to be vigilant to make sure npm (the company) doesn't add
> proprietary features that lock us in to their service, but that's another
> reason the PouchDB team didn't choose scoped packages

And thank you for this. I have the feeling that not many people explicitly
take failures into account these days.

