Everything else in our world is built to a quality standard. Why can’t our code be as well?

How to Improve Code Quality on npm.

Code quality on npm swings, hard. While it is undoubtable that npm contains some packages which are exemplar of the best code in the world, others packages are completely hacks. There might be security flaws, a lack of documentation, or everyones favorite: breaking changes which don’t increment the major version number. The problems systemic with many npm packages goes on and on to the point of insanity.

Code quality on npm swings, hard.

This isn’t npm’s fault, but rather the community it has created. Yet, in some ways, all of these problems could be a good thing. It allows the community to perform wild experiments and distribute them across the world. However, those wild experiments often cost the community when someone comes along looking to build a business critical service and she has five “wild experiment” packages which could be used. Instead of picking one which could be a huge liability, the best answer—time and time again—is sadly to just create your own package (have you looked for a data validation package recently?).

Wild Experiments

Well, it would totally break backwards compatibility. Most of the packages hosted on npm would likely be invalidated by the new checks. In addition, quality checks would prohibit “wild experiment” packages, which keep the community healthy, from ever being shared.

Plausibility

To discuss plausibility (in an implementation context) let us ask, what are some of the checks npm might choose to require of a package before it gets published? Here’s a list of things I’d like:

  1. Required documentation for all public facing features. Using JSDoc presumably.
  2. 90% code coverage of tests or better. This ensures that the package does what it says it does.
  3. Package has a license.
  4. Pull requests get merged and issues get addressed.

Product engineer at Airtable. Previously Facebook. @calebmer on Twitter

Product engineer at Airtable. Previously Facebook. @calebmer on Twitter