We aren't a package manager. We're a registry and CDN (of sorts). Blockchain is actually a huge solution to this problem for three very notable reasons. The first is that Deno module imports are url based, and we don't want code going off the internet, as this would break the code dependent on it. Blockchain solves this because transactions (module code) are unable to be modified or deleted. This means that import links will never break, thanks to blockchain! In addition, it's unbelievably cheap to permanently store data. For reference, we've stored 17,297 files on the blockchain. For proof, you can see our wallet address and transaction history here: https://viewblock.io/arweave/address/tySYSW93nDky1sbCO56PmyE... This permanent and decentralized data storage has cost us right around 5 cents USD. Thirdly, thanks to the blockchain, the module data is completely decentralized across over 340 nodes and counting around the world. You can see the exact statistic here: https://viewblock.io/arweave Again, thanks for bringing these things up. These are great points for us to address publicly.
You might take a look at how Go implemented their module system and solves the above without blockchain or a lockfile. Simple algo, excellent engineering, built in security and integrity checking.
In the end, you will want to mirror all external dependencies (repos, git, pkg) into your own cloud.
So Demo has us specify versions at the point of import, in how many files? Is this lunacy?
I store more files on GitHub for free, how can blockchain be cheaper than that?
I have before, you can search HN for the larger perspective (many comments, by many people, on many stories) or my comment history of your like my personal take. The later may help you find the former
