Nov 29, 2019

How to rethink packages in today's open source world

Package delivery

Package registries are a notorious sore spot in software development. While they make it easy to share code, they are difficult to maintain. Recent alternatives, like Pika, offer new approaches that could pressure developers to rethink how we operate our package ecosystems.

Packages—like npm and Rust modules—have many clear benefits. Developers build apps faster with open source software and can tap into community resources, making them more productive.

Packages have many drawbacks, too. Web apps that rely heavily on imported JavaScript packages can be sluggish. Browsers must redownload packages when they are updated or any time a user visits a new app—even if multiple sites use the same packages. Moreover, universal packages are often bloated with extra code to handle legacy browsers.

Pika takes a different approach by bundling three connected developer tools.

First, Pika Code is a code editor that helps developers build and manage packages. It automatically takes care of package tooling and configuration.

Second, Pika CDN optimizes package delivery to the end user. With Pika CDN, newer apps and browsers import only the latest modules with ESM syntax, bypassing legacy code. Pika also caches and reuses packages across sites, meaning faster load times for visitors—a serious opportunity in a world where 90% of website code comes from open source packages and other third parties.

Lastly, Pika Registry, a recent addition to Pika’s toolset, hosts only modern ESM-style modules. Pika automatically formats, configures, builds, and publishes these packages to run natively on every platform.

The npm registry has been under increasing scrutiny to clean up the open source ecosystem. Projects like Pika add pressure to the existing package powerhouses to innovate more quickly or risk losing control.

To its credit, the npm community has made serious moves to combat growing concerns. New publishing rules, automated security checks, and better tooling are pushing the open source world in the right direction.

Entrenched registries like npm will be around for many, many years to come. A fresh perspective from some new competition could make for a brighter future by forcing developers to rethink package management.

Want to get more of these in your inbox?

Subscribe for weekly updates from the Software team.