npm is Massive - NodeSource

The NodeSource Blog

You have reached the beginning of time!

npm is Massive

Reposted from Medium

Did you know that npm is the largest package ecosystem ever? And in the world of JavaScript and Node.js, npm is Massive. npm is so Massive, so Badass, that we don’t even bother to capitalize it. npm is Massive, both in terms of its scale and its importance to the Node community.

npm is the default package manager for Node.js. It was initially created to help developers manage files, metadata and dependencies for their JavaScript applications. Born as an open source project in 2009, npm features a package registry that enables developers to manage open source code as a service over the internet.

Q. What does npm look like?

NPM

A. It looks like this according to the NodeSource design team. Check the new N|Sight visualization of npm (interactive design by Hugh Kennedy).

Since its creation, the role of npm has expanded to fulfill the broader needs of the JavaScript and Node.js developer community to include management of front-end web applications, mobile applications and other JavaScript development tools and frameworks.

Registry: Massive

As of this writing, there are over 155 thousand packages in the public npm repository. Over 5 thousand were added last week. npm served up 1.5 BILLION downloads last month. Even the most jaded among us have to be a little impressed by this type of scale.

But the sheer size also brings with it the challenge of working nimbly with the registry. This requires a few parsing tricks that many find useful:

  • Filter out packages without a supporting readme file, they really are an essential element.
  • Filter out packages without a license field in the package.json file. Unlicensed packages are unavailable for commercial use without permission.
  • Filter out packages without a linked GitHub repository with the original source. Without that, it’s difficult to review or submit improvements.
  • Look for accompanying test scripts. Not every package will have one, but it’s a good indicator that it has withstood scrutiny by the community.

There are other options that enterprise Node shops can take advantage of besides the public npm registry. npm, Inc. provides a hosted service for registering private npm modules that are only visible to you or other paid subscribers that you share them with. npm Enterprise runs behind your firewall to help meet compliance needs around privacy and storage, particularly for deployable bundles.

Dependencies

Looking beyond the sheer size of the repository, one of the crucial roles of npm is to manage dependencies for Node.js modules. As modularity is one of the core design principles of Node development, we’ve seen that Node modules tend to multiply (Massively) — and by extension, so do the dependencies between modules. This has resulted from both the increasing availability of packages and the increasing popularity of writing smaller, modular components.

npm can significantly assist an organization as the number of Node packages increases, especially via the use of the npm scoped packages feature. It provides insight into code and dependencies being published, used and deployed throughout.

NodeSource and npm

NodeSource sees npm as an integral tool for Node development, rapid project evolution, and Node-style code modularization. It enables easy sharing of code with minimal overhead for developers. It provides seamless access to both internal and external Node packages. It provides good options for secure and stable deployment of Node projects, isolated from the public registry.

NodeSource offers training in npm from an introductory course in Node Fundamentals, to an intermediate course that focuses specifically on npm, to advanced npm concepts in our multi-day DevOps training.

npm pervades any successful Node.js organization or project. Its common mission with the Node and Javascript communities and common open source heritage and ethos with Node.js make it an essential part of a world class Node strategy.

Truly Massive.

Introducing N|Sight

At NodeSource, we think that being able to visualize a problem is key to solving it. You can talk about how geographically distributed your team is, or you can show it. This is why we have created NodeSource N|Sight, a series of visualizations that show off the power and beauty of Node. Through N|Sight, we are going to create and share other visualizations from time to time that can tell a story more clearly and memorably than a thousand words on the subject.

Understanding npm” is the first in the series of N|Sight visualizations. We hope you enjoy viewing it as much as we did creating it. If there is something you’d like to see visualized, hit us up on Twitter (@nodesource) with #visualizethis.

“npm” and “The npm Registry” are owned by npm, Inc. All rights reserved.

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free