In the last few days I played around with a local npm registry mirror, and
I went through some code from the NPM tool and related utility modules.
I found out that the current HTTP API exposed from the npm registry is too
tied to the CouchDB HTTP API, especially regarding authentication,
+1 Different non-couchdb implementations already exist, but npm can change protocol at any point of time (npm v1.3.19), and all these tools need to be changed accordingly. I'd much rather see npm own protocol rather than couchdb. It feels like a classic example of a vendor locking right now.
I will try to flesh out a more detailed description of what I expect
(theoretically) from the HTTP API exposed by an npm registry. That
will be only my personal point of view, but I hope that it will help
to start a productive discussion with the community.
2014-02-06 Alex Kocharin