web 3.0 needs a javascript package manager

Javascript has gotten huge with Web 2.0 techniques. Libraries like jQuery, Scriptaculous, etc. etc. have helped redefine the role of Javascript from being a rag-tag script-kiddie language to becoming a viable platform for the web, competing with the likes of Flex and Silverlight. Javascript is getting serious attention from Google (ala V8) as a serious language with serious compiler design. In short, it's a glorious time to be using Javascript on the web.

So while the iron of Javascript infrastructure is hot, I have an idea for the next generation of the web:

the time has come for a javascript package manager.

No, I'm not talking about javascript loaders like jspkg or sprockets (although those are awesome efforts). I'm talking about a real package manager like Debian. Let me describe the growing problem and why I think a package manager might be a good solution.

The Problem:

Different sites require certain versions of scripts to run. Right now, site maintainers do this by downloading a copy of the library to serve from their site. This is fine if the site is simple and self-contained, but if you add several portlets to your site (a couple ad-rotators, some captchas, social site scripts), pretty soon you run the risk of accidentally including several copies of the same library in your page, all from different domains.

This sops up an enormous amount of bandwidth. Rich pages routinely download 1-2 Mb per page load... this is only going to get worse.

The Solution:

What we need is a package manager for Javascript like Debian's APT or Ruby's rubygems. Some way that the page can say "I need so-and-so version of this Javascript library in order to run." Then the browser can manage these javascripts in a secure cache -- if you have already retreived the version required, good. If not, then the browser will get a copy for you. The browser only gets new javascript if the page contains an updated version dependency. Furthermore, if a library depends on another library, the version dependency tree can be managed and sub-libraries can be automatically loaded once and only once.

Because the browser would be taking a more active role in managing scripts for separate domains in the same store, some work along the lines of Chrome needs to be done to make sure that script execution across multiple site clients remains secure and robust. Chrome is already leading the way on this, so I think it's doable.

A robust, integrated package management system for browsers would reduce bandwidth costs and at least double or triple the loading speed of AJAX web applications. That's something everyone would like.