It was already consolidated. The vast majority of public npm packages are already hosted on Github. The dependency on them has been there since the beginning.
Yes, indeed - and the dependency is literally right there on the technical level. For years, you've been able to specify a version of a package as a github repo's branch HEAD.
The big problem is that lots of Node.js modules don't push their tags, so there are issues on lots of repos begging maintainers to push their Git tags so that we don't have to use the npm registry.
JavaScript is an interpreted language -- as long as you're only downloading source code from the registry there's really no reason to use a registry instead of the plain old Git repository.
A common issue I've had with using Git repos directly as Node.js modules, is that many projects are transpiled/built before publishing to NPM. Depending on specifics of that build process, it may not work out of the box (or at all) from a node_modules folder.
With NPM acquired by GitHub, I can imagine them "filling in some steps" by leveraging the fairly new Actions feature, so that repos can provide built artifacts, the same ones as published on NPM. The deeper integration will be an interesting development to watch.
Repos have been able to provide artifacts since forever ago; they just don’t sit in the tree. While you can commit from an action, I’m not sure that’s a great idea.
You're right, artifacts in GitHub repos have been around a long time. I suppose what I was missing was a way to point to a specific built artifact (like a tar.gz from a release) as a dependency, from package.json. As far as I know, it's not possible yet with npm. I can imagine that will be covered somehow with deeper integration of GitHub and the NPM package repository.
Thank you, learned something new - from none other than the founder of npm! :) Congratulations on the acquisition, bright future ahead for the whole ecosystem.
How is a convenience feature a dependency? The same command exists as "gitlab:username/repo" variant. The GH variant just happens to be the unprefixed one as it has by far the biggest userbase.
Perhaps dependency was the wrong term, but my point is what you said - they've built it in as a convenience feature precisely because it's such a common usecase - a better way to say it might be they're inseparably linked tools / tightly coupled even on the technical level.
