npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cowpen

v0.0.1

Published

Dependency manager utilizing IPFS

Downloads

4

Readme

cowpen

CLI for publishing immutable NPM packages/NodeJS modules

cowpen logo

What is this?

This is my attempt to solve some issues with NPM by using an immutable filesystem called IPFS. IPFS guarantees that whatever you downloads, will match with the hash you use to download that thing. cowpen is applying this to NodeJS modules.

It's mostly about being able to store and retrieve packages in a safe way that allows you to have reproducible builds, at all times.

Problems cowpen is solving

  • Don't reinvent everything NPM already solved (don't rewrite the entire CLI)
  • Packages can never just disappears. If you pin a package, it'll be there until there is no seeds (similar to Bittorrent).
  • New versions won't change your application, ever.
  • No centralization, which means no one will force you to remove a package.
  • Don't care about politics, just about publishing and reusing other peoples code.
  • Simply how to deal with NodeJS modules in a better way.

Problems cowpen doesn't care about

  • Copyright (If you seed a package, you're responsible for the downfall of seeding it)
  • npm scripts "vulnerability" (Downloading code and executing it is literally a package managers job, we're not gonna change that)
  • Politics (We're never gonna delete your package, because we can't)

Requirements

  • NodeJS version 4 or higher
  • NPM version 3 or higher
  • IPFS version 0.3.11 or higher

cowpen might work on earlier releases of these programs but it has not been tested so we cannot guarantee anything. Please let us know if it work/doesn't work for you.

Installation & Setup

  • ipfs daemon --init --mount
  • Wait until you see Daemon is ready in output
  • npm install -g cowpen@/ipfs/IPFS-HASH-FOR-COWPEN

Wait, what's the weird @/ipfs/... thing? That's the IPFS part of cowpen.

When NPM sees a filepath as the version argument, NPM tries to "download" the module from the filesystem instead.

And in the first step, you run IPFS with the --mount argument, IPFS mounts /ipfs and /ipns to serve content from IPFS.

So with a little bit of magic, we have installed cowpen with IPFS. Simple huh?

How do I install modules with this?

You just use NPM like you're used to, but without shrinkwrap and versions being IPFS hashes instead of semvers.

You want to install a package and save it in your local project? Find out the hash (cowpen will include search in the future) and install it!

npm install --save lodash@/ipfs/Qmec32NqcZCh83t9QhrfVFnHq9eHSNr389y8z6mSvBabDp

Now it's installed, and with the hash we make sure that you always have the same version installed.

You want to install all dependencies in a project that is using cowpen?

npm install

It couldn't get any easier than this.

How do I publish a module?

Simple! Just do: (while being in the directory of the package you want to publish)

cowpen publish

And cowpen will return you the path you can use for installing your package.

If you're clever, you include this hash wherever you are doing releases, like a mailing list, Github Release or the Git tag when creating it.

That way, people who want to use your package via cowpen, can easily find it.

How do I find new packages?

Well, here is the tricky part. We haven't quite figured out searching yet, but the idea is for every user to run their own ipfs daemon, with a keybase account for verifying the publishing...

But right now, we don't really have a solution for this. Best would be for you to simply include the hash wherever you do releases currently.

Notes & Ideas

Trust

If package A publishes version 1 as ABDEF and package B publishes version 1 as ABDEF, what happens?

A package version has to published by the same peer ID as the first version was published as.

So in this case, publishing by package B would be blocked from cowpen. But what if he simple inserts the hash manually?

Rejected!

Name

What does Cowpen mean? Well, I don't know. The name is taken from a street in Bahamas.

Support / Help

If you have any questions, open a Github issue here: github.com/VictorBjelkholm/cowpen/issues/new

or feel free to contact me on Twitter here: @VictorBjelkholm

License

The MIT License (MIT)

Copyright (c) 2016 Victor Bjelkholm

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.