Key highlights of this talk:
npm is secure, popular, and fast
- With more than 10 million users and 6 billion package downloads every week, npm has become ridiculously popular.
- The stats highlight that, npm is the package manager for mainly web developers and 97% of the code in a modern web app is downloaded from npm.
Major improvements in npm 6:
npm 6 is super fast
npm is now 20% faster than npm 4, so it is time for you to upgrade! You can do that using this command:
npm install npm -g
npm 6 locks by default
This was one of the biggest changes in npm 6, which makes sure that what you have in the development environment is exactly what you put in production. This functionality is facilitated by a new file called package-lock.json . This so-called “lock file” saves information about your node_modules/ tree since the time you last edited your dependencies.
This command is similar to npm install, but is meant to be used in automated environments. It is primarily used in environments such as test platforms, continuous integration, and deployment.It can be about 2-3x faster than regular npm install by skipping certain user-oriented features.
Advances in npm security
In order to provide strong digital security, npm now has two-factor authentication (2FA). Two-factor authentication confirms your identity using two methods:
Something you know such as, your username and password
Something you have such as, a phone or tablet
Quick audits tells you whether the packages you are installing are secure or not. These security warnings will be more detailed and useful in npm 6 as compared to previous versions.
The rise and fall of frameworks
After speaking about the current status of npm, Laurie moved on to explaining what npm users are doing, which frameworks they are using, and which frameworks they are no longer interested to use.
Some predictions based on the survey
- It would be unwise to bet against React as it has tons of users and tons of modules
- Angular is a safer but less interesting choice
- Keep an eye on Next.js
- If you are looking for something new to learn, go for GraphQL
- With 46% of npm users using TypeScript for transpiling it is surely worth your attention
- WASM seems promising
This article was originally published on Packt Hub.