npm weekly #171: JavaScript is the most important programming language in the world plus exciting news about tink

VIDEO: The world’s most important programming language

If you only take away two things from this edition of the weekly, let them be these: first, if you weren’t at FinJS in New York last month to see Laurie Voss talk about npm, watch this video to see his talk.

Second, if you’re in London next week, you can catch Laurie at FinJS on Tuesday. He’ll be speaking at Sway Lounge in Holborn, and you can reserve your ticket for free! If you can’t make it to the talk but you want to meet with us between Monday-Thursday, you can schedule a meeting here.

What packages should we track this year?

Which packages do you think we should track this year as part of our State of JavaScript Frameworks research? Add yours now!

Open source JavaScript is taking over software development

Over 97% of professional JavaScript developers now rely on open source code. Learn how large teams seamlessly combine proprietary code and OSS and automatically protect against security vulnerabilities.

Learn more about npm Enterprise »

What we’re reading: Small Focused Modules

We really enjoyed this quick read from frequent npm module author Sindre Sorhus that popped up last month. If three minutes is too long a read, check out the tl;dr at the top and you’ll get the gist. Small modules FTW! Corner

Earlier this week, Kat Marchán wrote a great update on tink: State of the Unwinder for the #development channel of If you haven’t joined the official npm forum and you’re interested in what’s going on with tink, head to and sign up to get involved ASAP.

We’re hiring a Senior Security Engineer who will work with the npm Security team to make the npm ecosystem a safer, more secure environment. We’re also looking for the right person to join the Marketing team as a Growth Marketer. Head to and fill out your application right now.

Recommended package: Envup

Earlier this fall, Luke Harris was busy building a tool that lets you define some environment variables and even automate them without publishing your sensitive details into git. Now you can use that tool when you install Envup. Enjoy!

Empower your team to collaborate more securely

1 in 4 developers don’t use code review or other security methods to evaluate their code. npm Orgs with automatic vulnerability scanning ensures best practices and secure collaboration.

Learn More »

October has come to an end and with it, Inktober

October flew right on by, but Chris Dickinson was able to capture most of it for Inktober. If you missed any of his original artwork on Twitter, check out this roundup from one of our favorite artists.