This stuff is WIP.

Hi everyone, I was starting to flesh out the actual core proposal, the underlying infrastructure. I’ve come to terms to the fact that we mostly have only to choices here: npm and jspm.

This issue is here to help me gather actual community feedback and official roadmap statements from Appcelerator®.

Super small kickstarter

• npm (Node Package Manager) is the command line interface (CLI) to install packages for Node.js
• npm is also the central registry of packages that we all love and hate, controlled by npm Inc.
• to use the npm registry you don’t need the npm CLI
• the npm CLI can install stuff from different registries that follows the same API (the CommonJS Package Registry) and even mix them in a single project by using @scopes
• jspm is a registry agnostic package manager, and it provides out of the box support for more or less the same registries of npm plus bower
• bower is an historical error I don’t want to talk about (sorry bower guys out there)
• jspm is also a registry controlled through git
• jspm doesn’t follow npm directory structure and therefore is not a drop-in replacement
• jspm is more or less tied to SystemJS, a module loader which follows the new ES2015 Loader specification, but it can be “abstracted away” in our scenario

Eventual resolution flowchart

Is Appcelerator® going to
create their own Package
Registry APIs for pay-walled
or closed source packages?
──┬──
  │                    Is the CommonJS
  ├─╌  «Not sure…» ╌─╌ Package Registry
  │                    spec. ok to you?
  │                    ──┬──────┬──
  │                    «Yes»  «No!»
  │                      │      └─────────────────┐
  │                      ┆                        │
  │                    ╔══════════════════════╗   │
  ├────╌ «No» ╌─────╌╌ ║ Awesome!             ║   │
  │                    ║ Let’s choose between ║   │
  │                    ║ npm and jspm! Go on! ║   │
  │                    ║ Read this issue!     ║   │
  │                    ╚══════════════════════╝   │
  │                      ┆                        │
  │                      │                        │
  │                    «Yes»                      │
  │                    ──┴──                      │
  └─╌ «Of course!» ╌─╌ Can you reconsider? ╌──────┘
                       ──┬──
                       «No!»
                         │
                         ┆
                       ╔══════════════════════╗
                       ║ Ok, we’re going with ║
                       ║ jspm. Full stop.     ║
                       ╚══════════════════════╝

The reason behind this flow chart is simple: if pay-walled, closed source packages are to be downloaded through a registry that doesn’t support CommonJS Package Registry API that means that npm will not be able to download from it, and therefore download dependencies for packages that come from it.

A mixed approach is not viable, IMHO, because that would mean that some magic CLI would download not only the packages but also the packages’ dependencies, in fact duplicating npm functionality.

This is what jspm does perfectly, and supports mixed source dependencies. In other words, with jspm Appcelerator® can build their own packages infrastructure and those packages would still be able to depend on npm packages.

But using jspm comes with a cost, that I’m gonna try to highlight later.

Actual comparative stuff

Mini-survey results

To be announced. Place your answer here and here!

Community and Stability

TODO

Registries support

Legend:

• ❌ no support
• 💢 partial support
• ⭕️ full support

Notes:

1. Most packages on npm expect to have npm directory structure and install script could break.
2. While npm supports multiple registries within the same package by using @scopes they all need to follow the CommonJS Package Registry specification. Jspm on the other hand just gives you a plugin API to adhere to.
3. Npm supports aliases (custom names for packages) only when not downloaded through npm.