I'd just like to say on behalf of npm that Microsoft's handling of this incident was A+. As soon as we alerted them to the issue they were all hands on deck and did a rollback.
We've been really pleased that Microsoft chose to put their @types packages into the npm registry rather than a separate, closed system, and in general happy with Microsoft's support of node and npm. We're confident we can make the new features of VSCode work, we just need to work with Microsoft to tweak the implementation a little.
This was an honest mistake on their part, and we caught it in time that there was very little impact visible to any npm users.
Fun fact: at its peak, VSCode users around the world were sending roughly as many requests to the registry as the entire nation of India.
From my outside perspective, it doesn't seem like a mistake on their part at all. Later in the thread you say this accounted for 10% of traffic, mostly 404s. This is (i assume) a hell of a lot of requests, but given npm's position as developer infrastructure, I don't think they could have reasonably expected to melt it. It would have been good of them to give a heads up, but I don't think I'd start assigning blame to the Code team.
Can you elaborate on what the issue is and how you want it to be fixed? Is it just something like rate-limiting requests or something more fundamental?
So one day they switched their entire user base to rely on a 3rd party free service without any load testing or heads up? What could possibly go wrong?
As one of the folks on the front-lines helping patch this, I certainly have no hard feelings; and I'm excited to be able to support this feature properly
... also ... not going to lie, this was the first time we've gotten to test several of the checks and balances we have in the npm registry which I was jazzed about :)
Thanks, Benjamin, Laurie and everyone else for mitigating this, it feels great to know when the community chimes in together for such highly unanticipated scenarios.
On that note, however, respectfully I believe that features which have the potential of hitting the registry so bad should first be beta tested on a private registry and moved on to the high traffic serving CDNs of npm.
And 10% of the daily traffic is from India??? Whoa, every day is a school day.
If I were on the Azure team I'd be offering tons of free credit to npmjs.org to get them to use Azure. Azure coming to the rescue would be the perfect ending to this story for Microsoft.
I don't think most organizations could relaunch their infrastructure on a totally different stack at the drop of a dime. And if it was really a "throw more servers at it" problem then it wouldn't really matter who was hosting them, would it?
CDNs don't usually cache 404s. VSCode was looking for @types packages for any and every npm package its users were using. Packages that had a type description caused no issue, but most packages don't, so we had a > 1000% spike in 404s. Our workaround before MS did the rollback was to cache 404s for @types packages specifically, and it was effective enough that the registry never really went down.
It is a real foreign feeling being exposed to such an actively and well run project. Every time I see a new release on HN I get a little "wow, that time of the month again." Even this rollback was indicative of how fast they move.
I wonder if any warning was given to npm that they would be getting this potentially huge new source of traffic. It doesn't seem to be mentioned anywhere.
Eh, NPM is a pretty core service and both sides probably should have done things a bit differently. I don't neccessarily think vscode needed to reach out to NPM to let them know they were going to be consuming their public API. Both teams appear to be in communication as a result however-- which is good.
This will likely lead to more fault tolerant systems on both projects and hopefully more collaboration & features in the future.
We've asked you twice before not to do this, so we have to ban this account. We're happy to unban accounts if you email us at [email protected] and we believe you'll not do this in the future.
I'd love to use VSCode but can't until they or someone else rolls out a dockblockr extension that works for php as I'm mostly tied to Laravel right now, and my company requires docblocks and they are not fun to write by hand.
[+] [-] seldo|9 years ago|reply
We've been really pleased that Microsoft chose to put their @types packages into the npm registry rather than a separate, closed system, and in general happy with Microsoft's support of node and npm. We're confident we can make the new features of VSCode work, we just need to work with Microsoft to tweak the implementation a little.
This was an honest mistake on their part, and we caught it in time that there was very little impact visible to any npm users.
Fun fact: at its peak, VSCode users around the world were sending roughly as many requests to the registry as the entire nation of India.
[+] [-] thedaniel|9 years ago|reply
From my outside perspective, it doesn't seem like a mistake on their part at all. Later in the thread you say this accounted for 10% of traffic, mostly 404s. This is (i assume) a hell of a lot of requests, but given npm's position as developer infrastructure, I don't think they could have reasonably expected to melt it. It would have been good of them to give a heads up, but I don't think I'd start assigning blame to the Code team.
[+] [-] Arnavion|9 years ago|reply
Edit: Answered at https://news.ycombinator.com/item?id=12861118
[+] [-] ec109685|9 years ago|reply
[+] [-] Fifer82|9 years ago|reply
[+] [-] paulftw|9 years ago|reply
[+] [-] BenjaminCoe|9 years ago|reply
... also ... not going to lie, this was the first time we've gotten to test several of the checks and balances we have in the npm registry which I was jazzed about :)
[+] [-] raisedadead|9 years ago|reply
On that note, however, respectfully I believe that features which have the potential of hitting the registry so bad should first be beta tested on a private registry and moved on to the high traffic serving CDNs of npm.
And 10% of the daily traffic is from India??? Whoa, every day is a school day.
[+] [-] mavsman|9 years ago|reply
[+] [-] CaveTech|9 years ago|reply
[+] [-] KayL|9 years ago|reply
[+] [-] Arnavion|9 years ago|reply
[+] [-] sync|9 years ago|reply
[+] [-] seldo|9 years ago|reply
[+] [-] markatkinson|9 years ago|reply
[+] [-] akfish|9 years ago|reply
[+] [-] hyperliner|9 years ago|reply
[+] [-] manojlds|9 years ago|reply
[+] [-] eugeneionesco|9 years ago|reply
[+] [-] PudgePacket|9 years ago|reply
[+] [-] vonklaus|9 years ago|reply
This will likely lead to more fault tolerant systems on both projects and hopefully more collaboration & features in the future.
[+] [-] antrion|9 years ago|reply
[+] [-] eugeneionesco|9 years ago|reply
[+] [-] meira|9 years ago|reply
[deleted]
[+] [-] sctb|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] andyburke|9 years ago|reply
[+] [-] _pmf_|9 years ago|reply
[+] [-] gremlinsinc|9 years ago|reply
[+] [-] winsome|9 years ago|reply
[+] [-] smarx007|9 years ago|reply
http://usejsdoc.org/about-getting-started.html
[+] [-] z3t4|9 years ago|reply
[+] [-] hiou|9 years ago|reply
I'm not sure I would call my feature "great" if it could have brought down npm.
[+] [-] cerebellum42|9 years ago|reply
The feature was so great that npmjs couldn't keep up with it, it was yuuuuuge!