An NPM compatible distributed package manager tool for Javascript dependencies.
WIP: this is not production ready... see TODO for progress towards removing WIP tag
ippm packages are distributed with IPFS which content addresses files via a DHT. More information on the libp2p network stack and IPFS content addressing can be found here. Currently ippm uses a set of servers with @diasdavid npm-registry mirror to help seed the packages until a more robust system of distributed payment (filecoin) is implemented.
For now this will require a running go-ipfs daemon to download packages. See the js-ipfs branch for full js implementation.
TODO: Work on routing blocks in js-ipfs
//This is built with js-ipfs and no prior installation will be required to have a node boot up and access the network. //Optionally I would like to build a switch to run js-ipfs-api to a local go-ipfs node.
Ethereum (ETH) is the blockchain chosen for ippm. This maintains that permissions over packages are distributed as well as act as a pointer to published packages. ippm uses the ippm-registry to accomplish this.
Package managers like npm are great tools for developers. ippm is an attempt to improve a system like npm with distribution of data, registry, and control. The need for such improvements is as follows:
Left pad is an example case of one developer put under legal pressures to remove a package thus inspiring him to remove another dependency of many popular javascript modules. The removal of the package caused damage to many dependent systems which caused the central authority of npm to controversially reinstate the removed package without permission. With ippm upgrades to npm, the permission to packages is attached to the private key of the owner and not a large corporation.
Rather than stored in a data center, ippm hopes to achieve data redundancy with p2p protocols. This raises questions about how to incentivise nodes to seed packages that filecoin hopes to answer.
The modules are stored in IPFS and retrievable by their hash stored in a distributed blockchain, the hash can then be cryptographically tied to an identity. You automatically get signed and verified software packages as a default behavior.
Free as in freedom, there are still going to be financial costs to running this. Currently there is a miner fee for publishing packages, public or private cost the same. There is also a need to support the nodes seeding packages on ipfs. The metrics for that have not been worked out yet.
ippm private repositories can be created by encrypting the data before hashing with ipfs. In the future an encryption option will be provided in a private repository function. This feature is free for individual and production use cases.
- Node v4.x (LTS) or higher
- npm (but not for long)
- go-ipfs daemon (but not for long)
NPM published version of ippm requires a running go-ipfs daemon to work atm, see usage for more info.
Option 1: Git clone
git clone https://github.com/nginnever/ippm.git
cd ippm
sudo npm i -g
Option 2: npm
npm i interplanetary-package-manager
install ippm globally to use ippm from any location
npm i interplanetary-package-manager -g
or run from the project bin
cd /src/cli/bin.js
node bin.js <command>
Option 3: IPFS (coming soon!)
Run a local go or js-ipfs node and cli
ipfs get <distribution hash>
cd <distribution hash>
./install
The master branch currently requires that you run a local go-ipfs daemon in order to download packages from peers. See js-ipfs branch for the full javascript implementation.
-
Install go-ipfs - See ipfs install
-
Init a repository
ipfs init
-
Start ipfs daemon
ipfs daemon
(may need cors origin) -
Use ippm commands
example
cd YourNewPackage
ippm init
ippm install acorn-test
The libp2p and js-ipfs branchs are a complete js implementation that are close to being ready. See TODO for more information.
ippm init
OPTIONS:
-f, --force
DESCRIPTION
nppm init will create the package.json file in the same format as npm packages
so that installing with ippm will remain compatible.
ippm install <name> <options>
ARGUMENTS:
-name <string> 'the name of the package to be installed'
OPTIONS:
-p, --repo 'the path to an ipfs repo'
DESCRIPTION
ippm install will create a js-ipfs node (optionally supply a repo location) and
connect via web3 RPC to a geth client test net. Install checks a smart contract
for the latest ipfs hash of the module to be installed. All modules are currently
installed under 'node_modules'
ippm publish <name>
ARGUMENTS:
-folder <string> 'location of a folder with a package.json file'
DESCRIPTION
ippm publish looks in the current directory (optionally provide a different directory)
for a package.json file. It will hash the directory and publish the version number
with the hash and package name in the smart contract registry
ippm version <name>
ARGUMENTS:
-name <string> 'name of the package version you are checking'
DESCRIPTION
ippm version looks at the ethereum block chain to find the associated ipld hash for the
supplied package name. The latest version is then grabbed from the array of version history
contained in the ipld object.
http://localhost:8080/ipfs/QmSGXf6KXUZFUspCArTnLeYWm8dRK8cYiahcD8rLcbeY6b
There is a web application to interface with the ippm-registry where you can search, view and publish packages. This currently needs to have the correct json model as detailed below multihashed and supplied to the web client while publishing. More information can be found in ippm-registry
You can download the web client via the ipfs hash or go to the ippm-registry repo and build it from source.
Each node in the blockchain list will store a registry for the IPPM packages in IPLD format. Here a "link"
is an IPLD link to the content of the module.
Example: ipfs-unixfs-engine module
registered hash: QmbzSwZYjFTLNu2qN8rw4Htkte6wFdjFNTSLJeuWf4rGbV
{
"name": "ipfs-unixfs-engine",
"versions": [
{
"version": "^0.10.0",
"link": {"/": "Qmd2Zgzua4atXuqZRTMsMGekDxSftkgNwZxofT9tA6PW47"},
"owner": "0x87357c51c98ab021708cc769965117efbfdec5f6"
}
]
}
Feel free to drop by #ipfs and ping me (voxelot) in irc or file an issue here.
- update install algorithm
- document install algorithm
- register all of the npm modules in ippm-registry
- port registry-mirror repo format into the app
- publish the registry to the main ethereum chain
- Write js-ipfs-api switch for go-ipfs support
- Build binaries and install scripts for distribution
- add all of the nice npm symlink things
- Make web client publishing/permissions/accounts easy to use
- js-ipfs to handle both merkledag protobufs and ipld cbor objects