npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

peer-npm

v0.1.2

Published

A peer-to-peer substitute for npm.

Downloads

38

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nofflenoffle

Keywords

peernpmdistributedofflinedecentralizednodepackagemanagerswarm

Readme

peer-npm

an npm-compatible registry backed by peer-to-peer networks

NOTE: Very unstable and mad science-y. Use at your own discretion.

WHY would someone want something like this?

  • I want an easy way to use/publish/install packages when I'm offline
  • I want to be able to install/share packages /w my friends over LAN
  • I want my packages to be available & resistant to censorship & network failure
  • I want a fail-safe in case npm Inc ever goes away or is seized by the government
  • I want a package manager whose backend is 100% permissively open source

Usage

To be used just like vanilla npm, but with a subset of commands: install, remove, and publish.

USAGE:

  peer-npm i, install [-S] [-D]

    Works like `npm install`. Accepts a peer-npm package name to install from
    the swarm.

  peer-npm publish

    Works like `npm publish`. Publish the current package to the swarm.
    Generates a new keypair if one is not already present.

Getting started

Install

With npm installed, run

$ npm install --global peer-npm

Join the swarm

In another window run

$ peer-npm daemon

so that you can download packages from others and share the ones you publish.

Publish a module to the swarm

Let's grab a package from github and try to publish it:

$ cd /tmp

$ git clone https://github.com/noffle/resync-srt

$ cd resync-srt

$ npm install

$ peer-npm publish
+ resync-srt_hyperdrive_c5abee5fd496620499c3d203f15c95d24a51d16ec05dea4a8ab2c88368c296b9
Published 3.1.0

resync-srt is now in the swarm! The name of the package is made of three parts, concatenated by underscores: the package name, the peer network its shared on, and the public key of the publisher.

Install a swarm dependency

Let's make a new package that depends on resync-srt:

$ cd /tmp
$ mkdir foobar
$ cd foobar

$ npm init

# you'll want to use the package name generated from the last step
$ peer-npm install --save resync-srt_hyperdrive_c5abee5fd496620499c3d203f15c95d24a51d16ec05dea4a8ab2c88368c296b9

If you look in your package.json you'll see a new section called swarmDependencies. This lets peer-npm know what packages you depend on in the swarm, but in a way that keeps vanilla npm working.

In fact, you can have a package in both swarmDependencies and regular dependencies. Using peer-npm won't break your package for non-peer-npm users.

How does it work?

peer-npm pretends to be an npm registry, but running on your local machine. When you run peer-npm daemon it runs this registry (and also does the peering logic).

peer-npm install is mostly a wrapper for something like npm install --registry=http://localhost:9000.

When you publish or try to install a package, peer-npm looks at its name to decide whether it is a package from the central npm registry, or from the swarm.

npm packages have a name like field-trip, whereas swarm packages have a name like field-trip_hyperdrive_79cf7ecc9baf627642099542b3714bbef. The part after the name is the public key of the author. This makes packages resiliant against impersonation or malicious peers.

peer-npm can work with different peer networks; right now there is only a hyperdrive driver, which is the default.

When you run peer-npm install it will find other peers with the packages you want and download them, recursively down the dependency tree. Similarly, when you run peer-npm publish, the new package's key is shared amongst other peer-npm peers for future discovery.

IRC

Come hang out in #peer-npm on Freenode to help test and develop!

License

ISC