1. Split package-lock into a human readable file and a machine readable one. Right now it's just pain.
2. TRUSTED PACKAGES. Somebody has to assign trust. Companies or highly involved developers should become curators.
3. LIMITED Packages with reduced security risk: File Access, Network Access, package access, OS access, etc...
4. Transit npm package best-practices into a single module format. Reduce clutter and number of files in node_modules.
5. Better tagging. Allow votes on tags.
6. Add monetization links for package authors to npm (blunt) and to the CLI (subtle, e.g. 'npm pay leftpad' opens the monetarization page on npm.).
Additional ideas:
A: Buyable certificates/insurance for packages.
B: Better clone, modify & re-publish workflow
C: Integrate FAQ/Forum directly in NPM directory website. Simple downvotes/upvotes for visibility. Allow and ask for readme pull requests from npm package page.
1. Split package-lock into a human readable file and a machine readable one. Right now it's just pain.
2. TRUSTED PACKAGES. Somebody has to assign trust. Companies or highly involved developers should become curators.
3. LIMITED Packages with reduced security risk: File Access, Network Access, package access, OS access, etc...
4. Transit npm package best-practices into a single module format. Reduce clutter and number of files in node_modules.
5. Better tagging. Allow votes on tags.
6. Add monetization links for package authors to npm (blunt) and to the CLI (subtle, e.g. 'npm pay leftpad' opens the monetarization page on npm.).
Additional ideas:
A: Buyable certificates/insurance for packages.
B: Better clone, modify & re-publish workflow
C: Integrate FAQ/Forum directly in NPM directory website. Simple downvotes/upvotes for visibility. Allow and ask for readme pull requests from npm package page.