Azer has contributed awesome modules to the community, but such a move _obviously_ messes with a bunch of people who previously didn't trust npm, but Azer. Npm works fine. There might be issues with it, but the reason builds are failing right now is that he decided to unpublish all of them - in a move that feels very kneejerky, despite him claiming that it's the opposite.
If this had been actually in the interest of the community (because he thinks that npm isn't acting in our interest), he'd give people a fair warning. I could have lived with a "Hey, this was my experience, it sucked, I'll unpublish things in 30 days. Please update your dependencies." We know how to deprecate things gracefully.
Ironically, this demonstrates the same realization that he had, that when you depend on someone's modules, it is their "private land" too, and when they want to do something rash, they can do it and you will suffer consequences, unexpected and possibly undeserved.
It's the same issue we all experience, trusting people and institutions and finding out that that sometimes that trust can be violated.
> Ironically, this demonstrates the same realization that he had, that when you depend on someone's modules, it is their "private land" too, and when they want to do something rash, they can do it and you will suffer consequences, unexpected and possibly undeserved.
> but the reason builds are failing right now is that he decided to unpublish all of them
If builds are failing, it's because people did not set things up correctly to account for the fact that npm can and will go down or not be reachable. There are well known, well established practices for handling this. Frankly, if this affects your builds, you probably have bigger issues to address.
How does a 30-day notice work unless you have a way of reaching out to people using your modules? It just seemed so unrealistic that even 1% of people would actually see such a notice before things start to fall apart.
You bake deprecation notices into npm, to be displayed during install. He has more than 3m installs a month, if he really wanted to, he could have easily display a giant "npm sucks" banner during every single install. Same message, but it wouldn't immediately hurt people who trusted his modules.
Our build system eats deprecation notices with eggs for its breakfast. While I'm sure that they exist, I've never worked with a developer who paid much attention to deprecation notices unless they were looking to actively update a module.
I highly doubt if most continuous build/delivery systems actually have a person looking at the build output to take some action. That’s why, centralized build systems should not just let the packages disappear but unfortunately that’s not the reality. This is also the reason why there are languages like Go out there that do not rely on centralized package management.
If this had been actually in the interest of the community (because he thinks that npm isn't acting in our interest), he'd give people a fair warning. I could have lived with a "Hey, this was my experience, it sucked, I'll unpublish things in 30 days. Please update your dependencies." We know how to deprecate things gracefully.