NPM is VC-backed which just makes me nervous

node package manager Show more

if you're thinking of starting a business, like you've got some startup-worthy IP, start a cooperative instead! marshal resources directly from users, contributors, and supporters. it'll be slower going than pulling a million-dollar A round, but you won't have creepy vultures expecting you to flip everything you've made for a buck.

NPM and package managers Show more

NPM and package managers Show more

NPM and package managers Show more

@garbados we just revisited the way they handled left-pad yesterday and it was good for business but chilling for creators’ rights

@jasonscheirer oh, i don't think i followed that story. reading up on it now...

@garbados I think that we should put some serious thought into how to structure this, there are a few people on here who have been working on distributed networking things that may be worth something.

@inmysocks i have been thinking about it from an architectural perspective, and i'm familiar with most of NPM's infra stack, such that given enough time I could produce a Dat-backed NPM-like package manager and tooling to support such an ecosystem. by namespacing packages to keypair identities, we skip the commons problems that NPM has to moderate.

cc @audrey (pursuant to your comment)

@fabianhjr @inmysocks @audrey i gotta give this a try. ssb has a lot of cool git tech.

@garbados @inmysocks @audrey yeah, and most people there are coop-libre tech folk; it is a nice niche.

@fabianhjr @garbados @inmysocks @audrey

Great thread. Still reading it.

A question: have you considered to avoid #JavaScript / #WASM as a way to remove any form of control from the companies that actually control their development?

It's like building on the sand.

@garbados When you talk about Dat, are you referring to

@garbados @inmysocks I’m thinking about this, and it seems like there’s still that other dimension of trust and governance. How do we minimize risk for users in a distributed system? I’m wondering if there are different needs when it comes to code infrastructure vs personal data. But I might be digging into the npm stuff a little more next week, would like to get a better sense of how this all works with the existing tooling.

@audrey @garbados I think that the trust and risk part is mostly a cultural thing and I have no idea how to solve the problem of trust. But from a tech standpoint git already has some distributed trust built in with the hashes. I think that something similar would work.

Trust in signing releases is one of the very few times when something like makes sense to me.

@audrey @garbados I think that a web of trust type system may work here. You find people who you trust to audit code, they say that code is good or not and who they trust and you can get a distributed consensus about if a signing key is trustworthy or not.

@inmysocks @audrey observing public dependency trees can go a long way to generating implicit trust webs -- projects with many dependents can be considered trusted to some degree, in that the projects you trust apparently trust them. this skips any hassle of manually setting up the trust web.

@garbados @inmysocks And that loops us back to the initial topic, which is that it’s not just the size of the depended-on project, but also its financing and governance that sways us (not heckling, I think this is all really interesting)

@audrey @garbados unfortunately the social aspects of this are much more complex and harder to handle than the technical side.
I don't know how to proceed with it other than to make the system and try it out.

@ekaitz_zarraga @audrey @garbados it seems almost like that is what blockchain technology was created for.....

@inmysocks @audrey @garbados yeah, it's one of its usecases, but there are other options to solve the same problem. Like organisations that own the servers and are backed by people... like NPM but not being a company. I don't really like to trust anyone but unlike bitcoin people I understand *sometimes you have to*, and that's not necessarily bad.


I and some comrades did this in Portland circa 2003. After reading the relevant parts of the Oregon Statutes we decided to incorporate as a non-profit. Non-profit because any surplus above expenses would go to higher wages/bonuses, reinvested in the coop, or savings. None went to an "owner" for being an owner. Our custom-written articles of incorporation we got legal opinion that they were compliant.

@Voline can you share those docs? FeelTrain made their operating agreement public and it's been really helpful to folks organizing tech coops


I would love to. But I don't have a web page of my own at the moment. How do you recommend?

@Voline github gist, or even a link, maybe? if you’d like, i could give you my email 🤷‍♀️


I'm having a brain cramp. What's the name of that PDF-sharing document site? Cloud something ...

@garbados Or a not-for-profit without equity capital (but not a charity) if that’s possible in your jurisdiction.

That’s how we set up @indie in the UK and it’s the same setup we’re going to have for the organisation now that we’re in Ireland (company limited by guarantee, not shares).

That separates ownership from control. No one owns in the traditional sense as there’s no equity to sell but Laura and I control it.

@aral @garbados @indie In my case I started ElenQ as an autonomous worker (i don't really know the term in english) so I'm the company itself. The real name of the company is Ekaitz Zarraga.
That's cool because nobody can buy me (still)... and in the future I can change to be a coop and stay pure.
But also even if I could be bought (which is not the case anyway) all the tech done until the moment is free so anyone can fork me as a company (and I'd love to see that happening tbh).

@aral @garbados @indie Also, I don't really care about the way a company is registered, that's not really important. First, we need companies to have ethics.

I know many coops here that are not ethical at all and they are slaving people and firing them before 2 years to avoid having to make them part of the company. So, the formal shape of the company is not really important.

If companies have some ethics, they'll probably choose to be a real coop, or whatever it fits better their ethics.


> as an autonomous worker (i don't really know the term in english) so I'm the company itself

"sole proprietor"

@aral I would love any pointers on this for Ireland. Where are you based?

@krozruch Cork. Ask your accountant/company formation org for a company limited by guarantee (there’s also info online about the structure). @laura can tell you who we’re using (we’re still in the process).

@aral @laura Thank you! Hoping to take a look at Cork and Galway sometime this year. My folk are both from the West of Ireland (Mayo & Donegal). I was born in Britain, have lived in Prague for years, and we're thinking of relocating to Ireland.

@krozruch @laura Neat! Well, it’s really lovely here. Let us know if you do decide to move :)

NPM and package managers Show more

NPM and package managers Show more

NPM and package managers Show more

NPM and package managers Show more

NPM and package managers Show more

Sign in to participate in the conversation

A Mastodon instance for cats, the people who love them, and kindness in general. We strive to be a radically inclusive safe space. By creating an account, you agree to follow our CoC below.

Instance Administration

  • Woozle: Supreme Uberwensch, general support, web hostess
  • Charlotte: tech support, apprentice in warp-drive arcana (aka Mastomaintenance)
  • ash: backend stuff, gay crimes

The Project: