npm what it’s all about?!
If you are a veteran developer you have most likely have a strong understanding of what npm is and definitely visit npm regularly. https://www.npmjs.com/. If you are new to programming this post is intended to give you an overview and broaden your understanding. Weather you are experienced or new to npm I hope this post gives you some insight into this package manager.
npm is short for Node.js package manager. It is a package manager for the JavaScript programming language. This online database was developed by Issac Z. Schlueter. It’s initial release was on January 12, 2010. It is pretty amazing that npm originated on GitHub! You can still visit the repository and see previous commits to view its evolution which is pretty amazing and inspiring as new developer. He mentions in the following post that he built npm because he while he saw module packaging done “brilliantly” and “terribly” and although there was some good ones at the time he wanted to see if he could make something new and learn from existing packaging issues.
npm is a service that makes it easy for JavaScript developers to share their code and allows other developers to make use of code that they created. When learning web development, my teachers would joke that the internet is “barely held together”. Understanding how npm modules work really puts this into perspective as their is truth to this statement. In March 2016 there was a package that was removed from npm called left-pad which was a small amount of code but was a dependency in many popular JavaScript packages. This effectively broke the internet as JavaScript developers that were using this package were receiving an error message stating that left-pad was not available. This is a very interesting story and an article is posted below as a reference as well as a Reply All podcast episode that talks about this! npm did change their policies about unpublishing to prevent a similar event in the future.
How it Works?
npm consists of a command line client which interacts with a remote registry. This allows users to consume and distribute JavaScript modules that are available in the registry. The registry is basically a large database that contains information regarding the packages that people are sharing. When a developer decides to share their code with the world, they use the npm client to publish their code up to the registry. Once their is an entry in the registry with the published code other developers can install this package from the registry. Once a package is installed to the npm registry it is also displayed on npm’s website.
When you install these “packages” using npm install <package name> you are basically talking to the npm database and asking for code that someone else created. This code is installed and are viewable files in your node modules. See the screenshot below! It is important to remember that these files are code that other developers created. It is important to understand what you are installing and what it does. This will help you in the future should you experience an issue with any dependencies or odd bugs.
The packages found on npm do not have vetting process for submission, meaning they do not get reviewed at the time of upload to the npm registry. This is kind of scary but also is the nature of open source. They do have a community screening process, as npm relies on it’s user reports to take down packages if they violate polices by being low quality, insecure, or malicious. There are statistics on their website to assist developers in judging the quality of packages. This service is free which is why open source is so amazing!
Alternatives:
The most popular alternative is Yarn which was released by Facebook in October 2016. The most notable manager I found for javascript that is not npm or yarn is pnpm. Name is a bit confusing as it is very close to npm but you can check them out here! https://github.com/pnpm/pnpm
Hope you enjoyed this brief overview of npm and how it works! Please comment and let me know if I can add any clarity!
References:
