an npm-compatible registry backed by peer-to-peer networks
NOTE: Very unstable and mad science-y. Use at your own discretion.
To be used just like vanilla
npm, but with a subset of commands:
USAGE:peer-npm i, install [-S] [-D]Works like `npm install`. Accepts a peer-npm package name to install fromthe swarm.peer-npm publishWorks like `npm publish`. Publish the current package to the swarm.Generates a new keypair if one is not already present.
With npm installed, run
$ npm install --global peer-npm
In another window run
$ peer-npm daemon
so that you can download packages from others and share the ones you publish.
Let's grab a package from github and try to publish it:
$ cd /tmp$ git clone$ cd resync-srt$ npm install$ peer-npm publish+ resync-srt_hyperdrive_c5abee5fd496620499c3d203f15c95d24a51d16ec05dea4a8ab2c88368c296b9Published 3.1.0
resync-srt is now in the swarm! The name of the package is made of three
parts, concatenated by underscores: the package name, the peer network its
shared on, and the public key of the publisher.
Let's make a new package that depends on
$ cd /tmp$ mkdir foobar$ cd foobar$ npm init# you'll want to use the package name generated from the last step$ peer-npm install --save resync-srt_hyperdrive_c5abee5fd496620499c3d203f15c95d24a51d16ec05dea4a8ab2c88368c296b9
If you look in your
package.json you'll see a new section called
swarmDependencies. This lets
peer-npm know what packages you depend on in
the swarm, but in a way that keeps vanilla
In fact, you can have a package in both
swarmDependencies and regular
peer-npm won't break your package for non-
peer-npm pretends to be an npm registry, but running on your local machine.
When you run
peer-npm daemon it runs this registry (and also does the peering
peer-npm install is mostly a wrapper for something like
npm install --registry=http://localhost:9000.
When you publish or try to install a package,
peer-npm looks at its name to
decide whether it is a package from the central npm registry, or from the swarm.
npm packages have a name like
field-trip, whereas swarm packages have a name
field-trip_hyperdrive_79cf7ecc9baf627642099542b3714bbef. The part after
the name is the public key of the author. This makes packages resiliant against
impersonation or malicious peers.
peer-npm can work with different peer networks; right now there is only a
hyperdrive driver, which is the
When you run
peer-npm install it will find other peers with the packages you
want and download them, recursively down the dependency tree. Similarly, when
peer-npm publish, the new package's key is shared amongst other
peer-npm peers for future discovery.
Come hang out in
#peer-npm on Freenode to help test and develop!