| ▲ | NPM website was down(status.npmjs.org) |
| 111 points by 18nleung 3 hours ago | 51 comments |
| |
|
| ▲ | iLemming 2 hours ago | parent | next [-] |
| First GitHub, now NPM? Oh no... That is happening, guys. Rise of the machines. I hope Jira is next and Slack follows. |
|
| ▲ | corvad 3 hours ago | parent | prev | next [-] |
| I wonder if this is an underlying infra issue with Azure being that Github was also having issues. |
| |
|
| ▲ | lrvick 11 minutes ago | parent | prev | next [-] |
| Whenever NPM is offline, the internet is a little safer. Keep up the good work Microsoft. Let's shoot for 100% downtime though. Thanks. |
|
| ▲ | airstrike 3 hours ago | parent | prev | next [-] |
| https://www.ebay.com/ is also down |
| |
|
| ▲ | cozzyd 3 hours ago | parent | prev | next [-] |
| That's one way to fix supply chain vulnerabilities. |
| |
| ▲ | tantalor 2 hours ago | parent | next [-] | | Can't have any vulnerabilities if you don't have a supply chain | |
| ▲ | nine_k 2 hours ago | parent | prev [-] | | More seriously, keeping a local cache of external npm packages, and a local artifact storage for internal npm packages looks like a wise thing to have done long ago. Might be cheaper in the long run. Ironically, both Nandu and Verdaccio are implemented in Tyepscript and install via npm. (Same logic obviously applies to Python packages, Docker images, etc.) | | |
| ▲ | hmokiguess 2 hours ago | parent | next [-] | | At my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions I took that for granted back then and just assumed it was standard enterprise policy | |
| ▲ | miohtama 2 hours ago | parent | prev | next [-] | | Only if we had a turn key distributed cache, like IPFS | | |
| ▲ | ibejoeb 2 hours ago | parent | next [-] | | Does IPFS support content eviction now? If not, that could go wrong really fast. You get a compromised package out there and then, I think, literally every node needs to unpin it or it remains. | | |
| ▲ | zadikian 9 minutes ago | parent [-] | | Presumably, how ever you mark a version as latest would also be how you mark one as compromised. IPFS files are immutable and keyed by hash. But this seems like overengineering. |
| |
| ▲ | cluckindan 2 hours ago | parent | prev [-] | | Waiting for the BitTorrent package manager |
| |
| ▲ | XorNot 2 hours ago | parent | prev [-] | | Caching NPM was easier when you could pull the Couchbase replicate API. Afaik that's gone and now you just have to send a bazillion http requests instead. | | |
| ▲ | nine_k 29 minutes ago | parent [-] | | Sending a bazillion http requests within your LAN, or at least your VPC, is much easier, faster, and cheaper. Both yarn and pnpm support http/2 which speeds up the bazillion requests quite a bit. |
|
|
|
|
| ▲ | normie3000 3 hours ago | parent | prev | next [-] |
| Well it is owned by github. |
| |
| ▲ | cute_boi 3 hours ago | parent [-] | | which is owned by microslop | | |
| ▲ | rvz 2 hours ago | parent [-] | | ...and proudly maintained by Microsoft's AI agents: Tay.ai, Zo, and Copilot. They seem to be doing a pretty good job at wrecking both GitHub and npm at the same time. |
|
|
|
| ▲ | hexasquid 2 hours ago | parent | prev | next [-] |
| Hold the jokes until we're sure this isn't an `.unwrap()` |
|
| ▲ | squarefoot 2 hours ago | parent | prev | next [-] |
| Ebay is also down.
https://www.isitdownrightnow.com/ebay.com.html |
|
| ▲ | corvad 2 hours ago | parent | prev | next [-] |
| Fixed as of 22:30 UTC. Hope there's a postmortem. |
|
| ▲ | dabinat 2 hours ago | parent | prev | next [-] |
| Tailscale too: https://status.tailscale.com/ |
|
| ▲ | saadn92 3 hours ago | parent | prev | next [-] |
| ha, github is down too |
|
| ▲ | idoxer 2 hours ago | parent | prev | next [-] |
| Works for me, could be region related |
|
| ▲ | dmitrygr an hour ago | parent | prev | next [-] |
| libc is still working just fine, as is the linux kernel. Mayhaps having 2000 dependencies on 3000 packages from 4000 unvetted sources was a mistake afterall? |
|
| ▲ | simjnd 2 hours ago | parent | prev | next [-] |
| https://npmx.dev is not |
|
| ▲ | xmprt 3 hours ago | parent | prev | next [-] |
| With all the github instability, I wonder if Cloudflare or some other provider is going to look into providing a similar service. |
| |
| ▲ | dllrr 2 hours ago | parent | next [-] | | Cloudflare artifacts?? https://developers.cloudflare.com/artifacts/ | | |
| ▲ | xmprt 11 minutes ago | parent [-] | | I mean more like a full git competitor. Gitlab exists but more competition is generally better for the consumer and it looks like Github's lead is starting to falter with all these incidents. |
| |
| ▲ | sofixa 2 hours ago | parent | prev [-] | | GitLab is right there. And overall provides a better product than GitHub, if nothing else on these two points: * You can actually have an organisational structure (folders/namespaces), and projects can be moved around with automatic redirects. Also, inheritance of access controls, variables between the namespaces * GitLabCI is organised in a way that makes supply chain attacks less of a risk. GitHub Actions takes the NPM/JS approach, where every step is an action, one you usually need to get off someone, with shoddy versioning, tons of transient dependencies, etc. In GitLabCI you can have templates, but you don't have to use an external template for every bit. It's shell scripting on top of containers, so you can have custom container images with your stuff, or custom scripts, or templates that bundle it all. | | |
| ▲ | justinclift 2 hours ago | parent | next [-] | | GitLab also limits the size of PRs/MRs, which makes it Unfit for Purpose. :( :( :( Its a problem they know about, but have no plan to fix before 2027. | | |
| ▲ | irishcoffee 2 hours ago | parent [-] | | I mean, the PR limit is like a million characters. I would also reject a PR of a million characters. That’s bananas. | | |
| ▲ | justinclift an hour ago | parent [-] | | Not sure about that "million characters", but we've been bitten by it in our production systems. :( Thus, we're moving off GitLab. | | |
|
| |
| ▲ | fontain 2 hours ago | parent | prev [-] | | All of those features are supported by GitHub in some form, e.g: Organizations can now belong to Enterprises. | | |
| ▲ | dijksterhuis an hour ago | parent [-] | | tree based directory structure stuff is available on gitlab’s free tier — so are all the permissions inheritance for groups etc. so, while you’re technically right, these features are apparently paywalled heavily on github. ime you get more features on gitlab for the same price (or less). i switched fully two years ago and im not going back. |
|
|
|
|
| ▲ | naikrovek 2 hours ago | parent | prev | next [-] |
| Oh no. At least nothing of value is affected. :) |
|
| ▲ | cute_boi 3 hours ago | parent | prev [-] |
| microslop slops are down. |
| |
