So this reads to me that they're simply not going to update the ability to use GIT. Right now you can point to a repo or specific branch / tag but it doesn't read any of the versioning like bower does, so it can't handle versioning properly. If they updated the use of GIT you could completely eliminate the need for this feature.<p>That kinda rubs me the wrong way; it feels like they're trying to force this monetization as they've had plenty of us from the community wanting better GIT support for this very reason.<p>Honestly npm isn't a very complex piece of software, you could even replace it with bower if you want git with versions. I wonder if any competitors are going to spring up who can simply iterate faster. I won't even get started on their login system, ugh.
We're already using "private" modules, by hosting them in a private git repo. NPM can install from these, e.g., git+ssh://user@server:Account/Repo.git, without problems. I'm not sure what value this would add for us, and the URL doesn't sell me well on it.
IMHO, tying language's defacto package management's capabiity to a single company's business model may hurts node.<p>No other language does this. you have all the same capability for propretary package with RubyGem/Python/Nuget, even Ubuntu allow you to add third party package repository.<p>It gives me the clue that npm may no longer improve, or many improvement will be "premium" feature.<p>I hope someone fork npm and add ability to parse semver from tag for github repo.
Everything looks pretty awesome, except the payment model.<p>I'm a little surprised they didn't go with a model similar to GitHub:
- Payment plans with X number of private modules, or $1/month per private module
- Unlimited paying/non-paying collaborators for private modules (perhaps only read access for non-paying)<p>With npm's model all my collaborators will have to pay for npm private modules as well.
Does anyone know whether the open source NPM implementation allows me to implement and host my own private repository system without forking npm? Or is npm (and thus node and iojs) hard-tied to npm, Inc's proprietary offering for private modules?
The Python equivalent to this is to simply place your source release tarballs on a simple private web / filesystem directory:<p><pre><code> pip install --find-links http://dist.example.com/packages/
</code></pre>
This also makes it simple to mirror all requirements locally for more reliable installs.<p>I wish I could do the same with npm.
If anyone is wonder the pricing like me just head to the home page: "publish unlimited private modules for just $7/month".<p>Here's a question: people with read-only access (to my private packages) have to be paid users too?
I'm fearful of where this monetization is going. Part of what I like about npm is that everything is free, from the dinky little packages that do one thing really well, to the monumental ones that provide a host of functionality.<p>I would hate if NPM went the way of wordpress plugins, where every stupid little plugin costs $5 to access.
I recently got interested in nodejs. However, then I discovered that:<p>1. It doesn't support threads (facilitating structural sharing of large data-structures between parallel tasks, which cannot be done using ordinary processes).<p>2. The module-loading mechanism ("require()") natively doesn't support delayed loading, which is needed when loading from within a browser. Yes, there is the "browserify" package, but, come on, something as basic like this should be supported out of the box. Especially considering the fact that there is a "http" module hardwired inside nodejs (why isn't this a separate npm module, btw?)<p>3. To make my own privately held modules and install them properly, I have to run a npm server? This seems like an awful lot of work for something as basic as this. Ok, so now I can use the cloud for this, but come on, I should be able to do this just from within the filesystem, like e.g. git does it.<p>For people interested, one can use the package "sinopia" for hosting your own private modules. It seems to be a pretty decent package, but be aware that the authentication settings out of the box are completely insecure.