TL;DR: Plug 'N Play is a good idea.
.pnp.js is a bad idea.
.pnp.json would be a better idea.
To preface this, I think Plug 'N Play is a great idea. My concerns come from the dependency analysis side. My day job is building analysis tools at FOSSA, and I've worked with a lot of package managers while building the FOSSA CLI.
is much harder to analyse than
There should be a method to access the Plug 'n Play API in a language-agnostic way without requiring a Node.JS runtime.
At FOSSA, we do dependency analysis in a variety of environments. We need to provide results reliably across these environments, including environments where Node.JS is not available. This use case is surprisingly common for us:
... read the whole story at github.com.