interplanetary-package-manager
Advanced tools
An NPM compatible distributed package manager tool for Javascript dependencies.
this will not be usable until I register all of the npm modules in ippm-registry and port registry-mirror into the app to backup the packages. This currently runs off of test packages
Package managers like npm are great tools for developers. ippm is an attempt to improve a system like npm with distribution of data, registry, and control. The need for such improvements is as follows:
There has been a recent example case of one developer put under legal pressures to remove a dependecy thus inspiring him to remove another dependency of many popular javascript modules. The removal of the package caused damage to many dependent systems which caused the central authority of npm to controversally reinstate the removed package without permission. With ippm upgrades to npm, the permission to packages in is the public key of the owner and not a large corporation.
ippm packages are distributed with IPFS rather than stored in a data center. Currently ippm uses a set of servers with @daviddias npm-registry mirror to help seed the packages until a more robust system of distributed payment (filecoin) is implemented.
ippm uses the ethereum blockchain to maintain that permissions over packages are distributed. ippm uses the ippm-registry to accomplish this
Free as in freedom, there are still going to be financial costs needed to run this. Currently there is a miner fee for publishing packages, public or private cost the same. There is also a need to support the nodes hosting your files on ipfs. The metrics for that have not been worked out yet.
ippm private repositories can be created by encrypting the data before hashing with ipfs. In the future an ecryption option will be provided in a private repository function. This feature is free for individual and production use cases.
npm i ippm
install ippm globaly to use ippm from any location or run from /src/cli/bin.js
npm i ippm -g
TODO: Build symlink capability in ippm
Run a local go or js-ipfs node and cli
TODO:
ipfs get hash
cd hash
./install
ippm init
OPTIONS:
-f, --force
DESCRIPTION
nppm init will create the package.json file in the same format as npm packages
so that installing with ippm will remain compatible.
ippm install <name> <options>
ARGUMENTS:
-name <string> 'the name of the package to be installed'
OPTIONS:
-p, --repo 'the path to an ipfs repo'
DESCRIPTION
ippm install will create a js-ipfs node (optionally supply a repo location) and
connect via web3 RPC to a geth client test net. Install checks a smart contract
for the latest ipfs hash of the module to be installed. All modules are currently
installed under 'node_modules'
ippm publish <name>
ARGUMENTS:
-folder <string> 'location of a folder with a package.json file'
DESCRIPTION
ippm publish looks in the current directory (optionally provide a different directort)
for a package.json file. It will hash the directory and publish the version number
with the hash and package name in the smart contract registry
ippm version <name>
ARGUMENTS:
-name <string> 'name of the package version you are checking'
DESCRIPTION
ippm version looks at the ethereum block chain to find the associated ipld hash for the
supplied package name. The latest version is then grabbed from the array of version history
contained in the ipld object.
http://localhost:8080/ipfs/QmSGXf6KXUZFUspCArTnLeYWm8dRK8cYiahcD8rLcbeY6b
There is a web application from ippm-registry to view and publish packages. This currently needs to have the correct ipld hash supplied to the web client.
You can download the web client via the ipfs hash or go to the ippm-registry repo and build it from source.
TODO: Make web client publishing/permissions/accounts easy to use.
Each node in the blockchain list will store a registry for the IPPM packages in IPLD format. Here a "link" is an IPLD link to the content of the module.
Example: ipfs-unixfs-engine module
registered hash: QmbzSwZYjFTLNu2qN8rw4Htkte6wFdjFNTSLJeuWf4rGbV
{
"name": "ipfs-unixfs-engine",
"versions": [
{
"version": "^0.10.0",
"link": {"/": "Qmd2Zgzua4atXuqZRTMsMGekDxSftkgNwZxofT9tA6PW47"},
"owner": "0x87357c51c98ab021708cc769965117efbfdec5f6"
}
]
}
FAQs
a distributed npm
The npm package interplanetary-package-manager receives a total of 0 weekly downloads. As such, interplanetary-package-manager popularity was classified as not popular.
We found that interplanetary-package-manager demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.