| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by lmm 370 days ago

Maven is incredibly well designed (and ironically gets nothing but hate for it), it's probably the hidden reason Java is so successful.

Why does Maven exist, without the commercial compromises of NPM? Probably because Java has the well-funded, well-supported, but non-profit and community-oriented Apache foundation, which is something extremely rare and precious (and probably at least partly a lucky result of Java's complicated legal history).

(JS has plenty of great utility libraries. The problem is that its package management is excessively centralised and not managed terribly well)

1 comments

oftenwrong 369 days ago

The operators of Maven Central deserve a lot of credit for their good stewardship. Unlike the NPM registry, Maven Central does not permit anyone to unpublish packages. Unlike the NPM registry, Maven Central requires verification of domain or forge account ownership to claim a namespace. These are good practices, and anyone seeking to create a central package registry would do well to at least consider this. Maven Central is currently operated by SonaType, but it has changed hands a few times. This article covers its history: https://www.sonatype.com/blog/the-history-of-maven-central-a...

Additionally, it is standard practice in the Java world, which is more "corporate" or "enterprise-y", for better and for worse, to have organisations operate their own internal package registries / mirrors. Even if you unpublished a major package from Maven Central, many organisations would be completely unaffected because they retain archived copies of all of their dependencies.

lmm 369 days ago

All that is true, but I think the fact that Maven has supported multiple repos and proxy repos for decades is a significant factor. SonaType deserve credit for being good stewards, but it's also relevant that they have had real competition (e.g. jFrog ran a similar public repository until recently) and if they did ever behave badly then for many organisations it would be a 1-line change in their Maven config to switch, which creates rather different dynamics compared to NP, PyPi etc..