How to Use IPFS to Fix NPM
23 Mar 2016Last night and this morning, everyone is talking about how one developer took down big number of large JavaScript projects by removing his modules from NPM.
People always talk about how NPM is a single point of failure. “boy, if NPM is gone, we’ll be in big trouble”. Usually the concern is about NPM having problems, or NPM (the company) going evil. We don’t usually think about one package disappearing like what happened yesterday.
There’s a lot to be said about what happened, and decry the irony of Open Source depending on one company. But, I’m not gonna talk about this. Let’s move directly to one possible solution.
One solution is to use IPFS to refer to packages instead of file names and URLs that point to a location.
IPFS (InterPlanetary File System, a not-great name by the admission of its creator) is a proposed distribution protocol for addressing content (creating URLs) that points to content using their signature rather than their location. The signature (the file name) is unique and depends on the content.
Once a package is created, it gets uploaded to any site, and people can copy it.
If you ask the network for a certain signature, it’ll get you that file from wherever is closer to you. It uses a distributed hash table (DHT) to find where to find the content.
Content can still be referred to using a human-friendly name using IPNS (a DNS for IPFS) and (later) Namecoin.
Neocities (the CMS/blog hosting services) is already working to add IPFS support. By the way, this last link is an IPFS link. So, an implementation is already out there and can be tested.
This way, if you decide to put out a release of a package, you don’t have to maintain its hosting forever. As long as someone else is hosting a copy, people will get it. As long as someone has a copy of the file, they can re-upload it (offer it on the network) and it’ll be offered using the same name.
If you decide to remove your code repository, you aren’t breaking anyone’s code.
This way, people decide to put their content online package by package and release by release. You can’t go back and remove old stuff you already released.
awesome-ipfs has some great resources.
Here’s a good talk on the motivations and ideas for IPFS
Update: Last December, David Dias did a demo on one way IPFS could be used to mirror NPM. Here’s a video of the talk, and his blog post on the topic.