[Cthulhu_]

The downstream distro maintainer is in the wrong IMO; if they want the source code, they can get the source code off of e.g. github and roll their own release.

That said, in old Java dependency management (i.e. Maven), you could often find a source file and a docs file alongside a compiled / binary release, so that you get the choice.

But this can also be done with NPM libs already; the package.json shipped in the distribution contains metadata, including the repository URL, which can be used to get the source.

[corbezzoli]

I had that discussion with someone before. They were under the impression that the registry is rally permanent while GitHub could go away. Aside from the platform betting, they really thought their 2012 package (and particularly its tests) would be useful in 2052. But who am I to say otherwise.

The recent HN discussion about “that one npm maintainer” confirms please hold onto the most painful ideas.

[mook]

That's a really interesting view, given that… GitHub owns npm. https://github.blog/2020-03-16-npm-is-joining-github/