@garbados Theoretically we could just use NPM solely with individually-hosted git repos and git versioning. Beyond linking to other people’s repos, encouraging a culture of forking and only using your own forks would make the system less fragile (this is what I try to do in my projects). The NPM tool supports decentralised use via git. The problem seems to be overcoming the convenience of centralised package hosting. Not sure how a p2p protocol like DAT would fix that particular issue.
@aral that’s how Go does it: every dependency is a git repo. gx uses ipfs addresses the same way. the specific advantage of distributing packages over a peer mesh is bandwidth and redundancy: rather than downloading from one source, you torrent it from many. this relieves individuals of the investments NPM has to make in their infra to support all that traffic. in a p2p architecture, traffic just makes the network stronger.
This is my personal Mastodon.