Isaac Schlueter has been quite active in the Node.js community, having been involved in development of both Node.js and its io.js fork. The creator of Npm (node package manager) and the CEO of Npm Inc., Schlueter recently spoke with InfoWorld Editor at Large Paul Krill about the status of io.js, Npm, and what his company is up to these days.
InfoWorld: Forrester Research in a recent report about enterprise JavaScript and Node.js cites challenges, including the io.js fork. "This type of change in low-level platform software is unheard of in the enterprise, but it's a precursor to the new norm in the development world," Forrester said. What is your company's perspective on io.js?
Schlueter: I've been very involved with the fork, with the advisory board at Joyent. My take on it really is that we're almost done. I think that the process is working. I think that the advisory board was designed to try and figure out what the issues were and provide a forum for solving those problems, and the io.js fork really got us some very good, tangible evidence of the best way to move forward, and we're moving forward.
InfoWorld: When you say "we're almost done," what do you mean by that? That the fork is going away?
Schlueter: My personal hope is that we can merge these two projects. That's been my goal all along. I think the goal of most of the people involved with io.js is to use this fork as a way to pull the Node.js project in a direction that we want it to go. It's been very effective. I think the results really speak for themselves. We've been able to iterate in parallel while Joyent and IBM and Microsoft and a bunch of other companies are looking at the corporate need. Io.js was able to focus on addressing the community needs and the needs of the project from a technical point of view, but we were able to tackle both of these things in parallel.
I don't think this is actually as much of a hazard as a lot of folks have read it as. I think from outside it looks like, "Oh, there's this big split. We have to pick which team we're on." But inside, it's all the same people, and we all want to make the same kind of forward progress. For various legal reasons, we couldn't call it Node because we're doing a different thing and there are U.S. PTO laws around how you can use a trademark without losing the trademark, and none of us want to see that trademark go away, either.
It's not as dramatic as it looks, I think, from the outside. I don't know if it's correct to say that the fork will be going away, but I think at some point we will say mission accomplished, and we'll merge these two projects back together.
InfoWorld: Were you one of the proponents of the io.js fork? Are you one of the guys who put it through?
Schleuter: I was one of the guys. I'm still on the io.js technical committee. I was one of the founding members of the fork, I guess. I was one of the people really pushing for it, and there have definitely been moments along this process where it's been frustrating, and that's kind of how things go, but I'm very, very pleased with how it's actually worked out. I'm still on the Joyent Node advisory board as well.
InfoWorld: What is your company, Npm Inc., offering at this point?
Schlueter: We have an enterprise product, which is an inside-the-firewall version of the Npm registry for use by one company. We're opening the doors for our hosted private module service, which we're calling Npm Private Module. That allows you to publish modules like you do with open source modules, but you can restrict who has access.
InfoWorld: Could you give an overview of what is a Node package module and why it's important?
Schlueter: This is actually one of the things that from the outside might not be obvious, but from the experience of a Node developer, is really the killer feature of Node, and it's one of the big reasons why it's taken off like it has.
The module system allows you to write very nicely isolated bits of code. In most package ecosystems, if you have anywhere in your dependency tree, if you have two different copies of something that conflict with one another, that will cause a problem, and you'll have to go and stop your development and deal with it.
As it turns out, that little bit of friction, of dependency, makes it much more difficult to write small, isolated pieces of code that do one thing really well because you can't iterate in parallel. With Node and Npm, the approach that we took actually isolates your self-dependency tree, so if you end up with two things that conflict, you're totally fine. You'll have two copies sitting on your desk.
In that kind of a system where you have a lot of these small dependencies and you tend to end up with these large dependency graphs, it's really important to have good tooling that will manage and organize that for you. That's what Npm is. It's a package manager for JavaScript.
InfoWorld: Could you maybe name a function or two of what an Npm package can do, a couple of key functions they're providing?
Schlueter: The packages themselves do basically everything that you would do with Node. There are connectors to every kind of database you can imagine, there are packages that are used to do command-line things, to build your front end applications. There are packages that do basic reusable bits of code.
InfoWorld: What's next for your company?
Schlueter: We raised money, so we're hiring like gangbusters. We are looking for folks to fill out the team and keep building these features. With the enterprise product, we've proven the model that companies are willing to pay for additional security and privacy and that's the business model. My plan is to keep delivering enterprise features for money in a way that the open source community is being served for free.