Designing package namespacing for a new language (Coi)

Name: Designing package namespacing for a new language (Coi)
Availability: InStock
Author: io_eric

by io_eric·Feb 18, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●●BangerZero to OneBig BrainWizardry

New language, not framework: compiles to WASM with no virtual DOM, 40% smaller than Svelte.

Strengths

•Fine-grained reactivity eliminates VDOM overhead; compiler generates surgical DOM updates directly from WASM.
•Type safety at compile-time catches bugs before runtime; strict checking across props, state, and platform APIs.
•Thoughtful package namespacing design; author publicly wrestled with ecosystem naming problems others ignore.

Weaknesses

•Early-stage ecosystem; only 521 stars, limited third-party libraries compared to React/Vue/Svelte.
•Documentation sparse; examples exist but learning curve steeper than established frameworks with mature tutorials.

Post Description

Hey HN, I'm building Coi, a component-based language that compiles to WASM, JS, CSS and HTML with O(1) reactivity (no virtual DOM).

I just shipped a built-in package manager, but the interesting part wasn't the implementation, it was all the ecosystem design questions I'd never thought about as a user of package managers.

The problem I kept circling: how do you handle naming? Global names like auth or json seem fine until someone squats them. First-come-first-served creates perverse incentives. Reputation systems are easy to game early on. I went back and forth for longer than I'd like to admit.

I went through a few approaches:

Blocklist common names: reserve things like auth, json, http so people are forced into more specific names. Feels clean in theory, but who decides the list? And it doesn't really scale, someone will always find the next generic name you didn't think to block.

Go's approach: just use GitHub URLs directly as the package identifier. No registry needed, no naming wars. I liked the elegance of it, but in practice it's awful to actually write and read. Nobody wants import github.com/someone/thing/v2/pkg/util in their source files.

Tiered names: short names are hard to get, long names are open. Claiming json requires vetting, but json-schema-validator you can grab freely. The friction is proportional to how valuable the name is, nobody squats my-very-specific-http-retry-client because there's no payoff. I liked this one, but you still need to define the threshold and then you're back to needing governance :( just a smaller version of it.

Scoped names: ended up here. Everything is @someorg/http-client. Boring, proven, sidesteps squatting without needing governance infrastructure I don't have. npm figured this out the hard way so I don't have to :)

The registry itself is GitHub-based, metadata is JSON, submissions are PRs, validation runs through CI. Only one package in the registry right now (mine), but getting add/install/upgrade working end-to-end changed how the project feels. It went from "compiler experiment" to something with an actual ecosystem shape.

Curious how others have thought about this, especially early-stage ecosystems where you have no reputation signals yet. Did anyone solve the naming problem better than "just use scopes"?

Coi: https://github.com/io-eric/coi