Freedom from NPM. Happy 4th

3 pointsposted 15 hours ago
by vasusen

4 Comments

vasusen

15 hours ago

We moved our SDK off public npm onto a private registry we host.

Our customers mainly use Donobu's SDK to run their end-to-end tests in CI/CD, with AI self-healing and triage. It was unlicensed but on public npm on purpose, so `npm i` just worked.

NPM registry has had a rough year. When we looked at alternatives, we realized self-hosting packages is not that hard anymore. Our customers continue using `npm i`. They just add a .npmrc pointing at our registry; reusing their existing Donobu API key for auth was a nice bonus.

.npmrc was the only thing needed:

  @donobu:registry=https://api.donobu.com/npm/
  //api.donobu.com/npm/:_authToken=${DONOBU_API_KEY}

popalchemist

14 hours ago

Why is it unlicensed? That seems insane.

vasusen

14 hours ago

It was for use by our paid customers in CI/CD. We did not want large companies to use it as is without a contract from us.

popalchemist

13 hours ago

Then why are you posting about it here, if it is only for use by people who are already your customers? By the way, this response is baffling, you still need a license, otherwise anyone adopting your software is exposed legally. Your lack of awareness about that tells me you're young and inexperienced.