It's not accurate to say that Fastly is hosting the registry; Fastly are providing CDN services to our registry -- a globally distributed cache -- for which we're very grateful.
As for the download counts, per Twitter ( https://twitter.com/npmjs/status/422823647619710976 ), we removed the download counts because our original solution for those counts (keeping them in CouchDB) wasn't scaling. I am literally, as we speak, working on the replacement system to restore download counts.
And Isaac's LinkedIn title is a joke. I hope that's obvious.
One thing I'm a tad annoyed by - this deal was being put together simultaneously with the "scalenpm" crowdfunding drive. A shoutout to the supporters of that drive would have been nice...
Quite true. Even though I didn't donate, I wonder why they went for crowdfunding while they were going raising VC funding. I would expect (partial) refunds.
Yea. This is really odd. What in the world is going on? Since when is a package manager something you can monetize? I knew about the plans to monetize node, but didn't realize it was going to involve mucking around with npm. This is concerning.
It's also kind of funny that Meteor.JS by contrast got $11.2m in funding. And NPM the underpinning technology which has further reaching economic benefits only receives $2.6m. I know it's a bit apple and oranges, but four times the value? The valuation of software is surrealism.
I understand the fact that it can be fairly expensive to run a large, popular module site such as npm and rubygems. What I'm curious about is how they intend to monetize npm, and how it affect users, if it does. Typically, VCs hope to get a return on their investment.
>The future is large, but I can pretty much guarantee that paying for access to open source modules is not ever going to happen. Not because it's evil (though, I believe is), but because it's stupid. It's just not a good model, and it's not hard to see why. No one wants to pay it, and rather than deliver value, you're making people go elsewhere. It is a case of the orchard selling lumber, burning down your value in order to get a short-term gain that can never expand.
>Many companies have been literally begging for me to figure out a way to take their money and add some features to npm. None of this impacts what any of you are currently doing, and in fact, it helps you, because it requires building additional high-availability systems that are robust enough for the next 10x increase we face.
>Like I said, all that is currently free will remain free, and all that is currently flaky will improve. There'll be some new stuff you can pay for if you want to use it, but if you're happy with the current status quo, you can just take it easy and maybe eventually get a job where you use npm for work stuff also :)
- Isaac Schlueter
The messaging so far is that they don't intend for anything to change for typical users of npm, and that they'll make money with stuff like enterprise-level support. But I think it's still a bit in the air.
GitHub is another example of a company that caters to the open source community while still having a business plan.
Right now npm is at the core of every project using node.js, and businesses have more complex needs than open source projects. One such need would be having a private registry. You don't want to have your production build chain depending on packages that could be replaced by the author at any point in time. The current wisdom if you want protection from that is to run your own npm server, but why do that when you can just have the guys that do this exclusively do it for you?
This makes sense because there are business needs that don't overlap much with the open source world that they can sell, the same way GitHub does. GitHub was successful because they got the programming world using them for their open source projects, and after dominating over that market, those programmers took the service and recommended it to their employers, because that was the tool everyone was using.
Npm falls in the same business area, where the programming community is already using them, and businesses have other needs from them, that they currently cannot provide.
It would be nice for npm to put up a monetization blog post to clear up the confusion.
Enterprise offerings (support levels, private repositories, etc.) seem to be the most obvious. I could see many companies being interesting in an npm-style infrastructure for their non-OSS modules. Overall, this is interesting and will set a precedent going forward.
Privately run 'open source' code repositories are not what the open web should run on.
I would say that this marks the beginning of the end for npm as anything viable for front-end code repositories and probably for anything related to node.
I propose an open-source alternative for front-end JavaScript libraries and dependency management.
Anyone calling for npm modules and browserify to rule the day for front-end JS should question their opinions on the matter.
I don't know. I think it's fine if a private company that is maintaing the registry also wants to monetize parts of it. They are after all expending considerable effort and resources, and they're doing nothing to stop others from hosting registries.
What would be nice is decentralization — because these registries are so similar to link shorteners I am wondering what a peer to peer registry system would look like a la DNS...
I'm kept wondering how the whole npm structure will look like. At the bottom of npmjs.org it states: 'Powered by Joyent', but Nodejitsu ran the 'Scale npm' donation campaign to get funds to scale the public npm registry. But Nodejitsu acquired IrisCouch and now offers private npm services.
And now izs starts a new company npm inc. that will, well, who knows. But he's former Joyent who power npm, so will running npm transfer to npm inc.? But how does Nodejitsu or the 300K that they raised with their campaign fit into this picture?
I wrote the original version of the npm registry in a day or two on top of CouchDB. I built it quickly and didn't think much about scale.
Isaacs continued to improve and maintain that code. At one point he even wrote up an open standard for generic js package registries for CommonJS but they didn't seem to care (they were too busy arguing about promises).
At the time I wrote the initial code I was employed at CouchOne and we had a small CouchDB hosting platform operated by Jason Smith which is where we ran the registry free of charge. Later on, after CouchOne was aquired by Membase and became Couchbase, it decided to break off the hosting company and give/sell it to Jason Smith, which became IrisCouch.
IrisCouch continued to run the registry for free for several years. They had no venture funding and limited resources but they provided this service for our community anyway. They announced a product for enterprise (hosted) NPM but as far as I know it wasn't really marketed or sold. Last year IrisCouch was acquired by Nodejitsu.
Nodejitsu continued to host the registry for free. Some time last year the infrastructure hit a breaking point, mostly around CouchDB. Remember, I wrote this in a weekend when less than a hundred node packages existed. Many of the semantics from me and Isaacs' initial "prototype" persisted until just a few weeks ago. For instance, this single database held all the package binaries, for every version of a package, attached to the document for that package.
Once the registry started to have serious stability issues a few things happened. Isaacs started to work on ways to improve the reliability by changing how the registry worked and Nodejitsu sought community support for keeping the current registry up. At some point Isaacs also decided it would be best if he worked on NPM full time and built NPM Inc.
In the early days we weren't thinking about 58K modules, that was just crazy, we were just figuring out the simplest way to store a couple packages the node community was writing. Since founding this company Isaacs has already managed to re-write the way the registry works to fit the kind of load we have now.
Nodejitsu is now free of the financial burden that was dragging them down as well and Isaacs' new infrastructure can keep the registry up more cheaply than the previous system and more reliably.
1. Why are people happy about this? They did a crowd funding round taking common people's money, gave them squat, then took Investor money and gave them a share. (Would make me mad if I was part of the crowd)
2. What is the business model? In what world does PIP or any other package manager have a revenue stream? Ads? Spyware? There are no good models for this.
3. Does anyone else think that having a company title of Supreme Emporer is a sign that this is not a founder focused on community?
I'd say we bounce and use something else, but I did that a long time ago, so I can only suggest everybody else make like an external node. (a leaf ;-) )
Exactly. Which is why I am actively gearing up to switch to Dart and (back to) Python as soon as is even painfully feasible. I am also sick to death of all the socio-political posturing and other narcisspewage surrounding the so-called node/npm "culture".
Going to be watching Nginx and other deals very closely as far as their long-term health.
I could take a giggly pot-shot at web development in general by proposing that they want to monetize node.js via a browser-base service to live one's entire developer life, but I'm in serious agreement with others' concerns that there's something ultimately harmful in VC money getting confused, panicky, and deciding to GSM (Google Mobile Services) the licensing of new code or come up with some ridiculous contributor licensing agreement like what I'm hearing about Ubuntu.
Take heed, FOSS communities don't negotiate except on an endless table that runs from one side of the universe to the other.
Soon there will be a new node.js package manager to compete with npm but it will be supported by a non-profit foundation rather than a private profit-driven company.
This npm inc. is one of the dumbest startup ideas that I have ever come across. Kudos to the founders for managing to hack the VCs, but VCs that dumb ain't gonna be around for long.
I'm a huge fan of Node.js, but I'm getting an uneasy feeling about all the different changes and things happening. I still haven't made up my mind if it's a justified feeling or not.
So... someone enlighten me here; why does a project like npm need funding at all? If projects like GCC, which are far more complex, can subsist via contributions and donations alone, so what makes npm, a package manager, different?
[+] [-] mmaster5|12 years ago|reply
Back in July he must've seen this coming because he switched the npm license from MIT to the more restrictive Artistic 2.0: https://github.com/npm/npm/commit/c32391b1efd70a861cebc77e0c...
He's already taken away the download numbers on npmjs.org, so maybe he intends to sell the "analytics" back to the community.
The guy calls himself a Supreme Emporer on his LinkedIn.
[+] [-] seldo|12 years ago|reply
As of five days ago ( http://blog.npmjs.org/post/75707294465/new-npm-registry-arch... ) we are hosting the registry ourselves; it was previously hosted by Nodejitsu (who still operate a downstream mirror).
As for the download counts, per Twitter ( https://twitter.com/npmjs/status/422823647619710976 ), we removed the download counts because our original solution for those counts (keeping them in CouchDB) wasn't scaling. I am literally, as we speak, working on the replacement system to restore download counts.
And Isaac's LinkedIn title is a joke. I hope that's obvious.
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] al2o3cr|12 years ago|reply
[+] [-] nbody|12 years ago|reply
[+] [-] deelowe|12 years ago|reply
[+] [-] 1qaz2wsx3edc|12 years ago|reply
All that said, I love them both dearly.
[+] [-] IbJacked|12 years ago|reply
[+] [-] nawitus|12 years ago|reply
>Many companies have been literally begging for me to figure out a way to take their money and add some features to npm. None of this impacts what any of you are currently doing, and in fact, it helps you, because it requires building additional high-availability systems that are robust enough for the next 10x increase we face.
>Like I said, all that is currently free will remain free, and all that is currently flaky will improve. There'll be some new stuff you can pay for if you want to use it, but if you're happy with the current status quo, you can just take it easy and maybe eventually get a job where you use npm for work stuff also :) - Isaac Schlueter
https://groups.google.com/forum/#!topic/npm-/pkMs24w7a4Q
[+] [-] sheetjs|12 years ago|reply
- paid private repositories on npm or a parallel system (think github)
- paid internal npm servers with support (think github enterprise)
- statistics that used to be available, like download counts (think imgur pro)
[+] [-] semiel|12 years ago|reply
[+] [-] etler|12 years ago|reply
Right now npm is at the core of every project using node.js, and businesses have more complex needs than open source projects. One such need would be having a private registry. You don't want to have your production build chain depending on packages that could be replaced by the author at any point in time. The current wisdom if you want protection from that is to run your own npm server, but why do that when you can just have the guys that do this exclusively do it for you?
This makes sense because there are business needs that don't overlap much with the open source world that they can sell, the same way GitHub does. GitHub was successful because they got the programming world using them for their open source projects, and after dominating over that market, those programmers took the service and recommended it to their employers, because that was the tool everyone was using.
Npm falls in the same business area, where the programming community is already using them, and businesses have other needs from them, that they currently cannot provide.
It would be nice for npm to put up a monetization blog post to clear up the confusion.
[+] [-] neovive|12 years ago|reply
[+] [-] couradical|12 years ago|reply
You can run Nagios/RHEL for free, but support/custom built/easy drop and go is where you get into serious money.
[+] [-] btd|12 years ago|reply
[+] [-] williamcotton|12 years ago|reply
I would say that this marks the beginning of the end for npm as anything viable for front-end code repositories and probably for anything related to node.
I propose an open-source alternative for front-end JavaScript libraries and dependency management.
Anyone calling for npm modules and browserify to rule the day for front-end JS should question their opinions on the matter.
[+] [-] graetzer|12 years ago|reply
[+] [-] wprl|12 years ago|reply
What would be nice is decentralization — because these registries are so similar to link shorteners I am wondering what a peer to peer registry system would look like a la DNS...
[+] [-] janjongboom|12 years ago|reply
And now izs starts a new company npm inc. that will, well, who knows. But he's former Joyent who power npm, so will running npm transfer to npm inc.? But how does Nodejitsu or the 300K that they raised with their campaign fit into this picture?
[+] [-] mikealAgain|12 years ago|reply
I wrote the original version of the npm registry in a day or two on top of CouchDB. I built it quickly and didn't think much about scale.
Isaacs continued to improve and maintain that code. At one point he even wrote up an open standard for generic js package registries for CommonJS but they didn't seem to care (they were too busy arguing about promises).
At the time I wrote the initial code I was employed at CouchOne and we had a small CouchDB hosting platform operated by Jason Smith which is where we ran the registry free of charge. Later on, after CouchOne was aquired by Membase and became Couchbase, it decided to break off the hosting company and give/sell it to Jason Smith, which became IrisCouch.
IrisCouch continued to run the registry for free for several years. They had no venture funding and limited resources but they provided this service for our community anyway. They announced a product for enterprise (hosted) NPM but as far as I know it wasn't really marketed or sold. Last year IrisCouch was acquired by Nodejitsu.
Nodejitsu continued to host the registry for free. Some time last year the infrastructure hit a breaking point, mostly around CouchDB. Remember, I wrote this in a weekend when less than a hundred node packages existed. Many of the semantics from me and Isaacs' initial "prototype" persisted until just a few weeks ago. For instance, this single database held all the package binaries, for every version of a package, attached to the document for that package.
Once the registry started to have serious stability issues a few things happened. Isaacs started to work on ways to improve the reliability by changing how the registry worked and Nodejitsu sought community support for keeping the current registry up. At some point Isaacs also decided it would be best if he worked on NPM full time and built NPM Inc.
In the early days we weren't thinking about 58K modules, that was just crazy, we were just figuring out the simplest way to store a couple packages the node community was writing. Since founding this company Isaacs has already managed to re-write the way the registry works to fit the kind of load we have now.
Nodejitsu is now free of the financial burden that was dragging them down as well and Isaacs' new infrastructure can keep the registry up more cheaply than the previous system and more reliably.
[+] [-] petercooper|12 years ago|reply
[+] [-] drakaal|12 years ago|reply
1. Why are people happy about this? They did a crowd funding round taking common people's money, gave them squat, then took Investor money and gave them a share. (Would make me mad if I was part of the crowd)
2. What is the business model? In what world does PIP or any other package manager have a revenue stream? Ads? Spyware? There are no good models for this.
3. Does anyone else think that having a company title of Supreme Emporer is a sign that this is not a founder focused on community?
I'd say we bounce and use something else, but I did that a long time ago, so I can only suggest everybody else make like an external node. (a leaf ;-) )
[+] [-] PyDart|12 years ago|reply
[+] [-] aivis|12 years ago|reply
[+] [-] phillmv|12 years ago|reply
Did they just hand over the keys to the node community to someone else?
[+] [-] nawitus|12 years ago|reply
Maybe they could make npm reliable for Windows with that money too.
[+] [-] defrex|12 years ago|reply
[+] [-] knappador|12 years ago|reply
I could take a giggly pot-shot at web development in general by proposing that they want to monetize node.js via a browser-base service to live one's entire developer life, but I'm in serious agreement with others' concerns that there's something ultimately harmful in VC money getting confused, panicky, and deciding to GSM (Google Mobile Services) the licensing of new code or come up with some ridiculous contributor licensing agreement like what I'm hearing about Ubuntu.
Take heed, FOSS communities don't negotiate except on an endless table that runs from one side of the universe to the other.
[+] [-] memracom|12 years ago|reply
This npm inc. is one of the dumbest startup ideas that I have ever come across. Kudos to the founders for managing to hack the VCs, but VCs that dumb ain't gonna be around for long.
[+] [-] thanpolas|12 years ago|reply
[+] [-] Oculus|12 years ago|reply
[+] [-] sktrdie|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] serkanyersen|12 years ago|reply
[+] [-] thrush|12 years ago|reply
[+] [-] jchrisa|12 years ago|reply
[+] [-] EpicEng|12 years ago|reply
[+] [-] daleharvey|12 years ago|reply
[+] [-] fiatjaf|12 years ago|reply
[+] [-] leetreveil|12 years ago|reply
[+] [-] tobyink|12 years ago|reply
[+] [-] chrisabrams|12 years ago|reply