and the future
of JavaScript
QCon SF, 2018-11-05
Read these slides on your device:
Who is this guy?
Laurie Voss
COO & co-founder, npm Inc.
@seldo
This talk is about you
Three parts:
-
What you should know about npm
-
What npm knows about you
-
The future of JavaScript
npm is popular
Part 1: what you should know about npm
JavaScript is enormously popular
Language popularity on GitHub, 2014-2018
Who's using npm?
- All 50 of the Fortune 50
- All 50 of the 50 biggest banks
- All 50 of the 50 biggest tech companies
- All 500 of the Fortune 500
(we checked!)
JavaScript
is the most important programming language
in the world
npm is the package manager for all JavaScript
But npm is especially for web developers
97%
of the code in a modern web app comes from npm
npm is super fast now
npm install npm -g
Why not destroy the conference wifi by upgrading right now?
Is npm faster than Yarn?
npm 6
locks by default
npm ci will double the speed of your builds
npm ci
You can use
anywhere you used to use
npm install
and it will be twice as fast
npm Security
A bunch of new features
npm 6 has 2FA:
two-factor auth
Secure your npm account in 30 seconds:
npm Quick Audits
Just run npm install!
npm Quick Audit stats
4 million scans per week
Yikes!
npm audit
Just run in your current project:
npm audit
Learn more:
npm audit fix
Just run in your current project:
npm audit fix
or
npm audit fix --force
for the adventurous
Security has become central to npm Inc.
Use npm because npm is safer than Yarn
Yarn to npm migration tool:
A user journey from Yarn back to npm:
BREAKING NEWS: Company recommends own product.
npm is a company that sells good and services that you will find useful
npm Organizations
Private packages and security for teams
npm Enterprise
A full-featured private registry for your company.
npm Security
is worth paying for
Part 2:
What npm knows about you
- 1.5 billion log events per day
- 16,000+ survey responses
Part 2A: demographics
Please stand up!
(If you can't stand up, raise a hand)
Sit down if you don't match the description.
Stay standing if you
use npm
Stay standing if you
write JavaScript that runs in browsers
Stay standing if you
write JavaScript
at work
Stay standing if you
are concerned about security of open source code
Stay standing if you
mostly taught yourself JavaScript
Stay standing if you
also write PHP or Java sometimes
Stay standing if you
work at a company that isn't considered a "tech company"
Stay standing if you
started using npm less than 2 years ago
Stay standing if you
use webpack
Stay standing if you
use babel
Stay standing if you
work on a React app
Stay standing if you
use TypeScript
So we know some stuff about you
npm users don't always write JavaScript
The programming language you pick is determined by the libraries available
Devs pick JavaScript because of npm
npm users are concerned about security
- 77% are concerned
- 52% said current tools aren't adequate
Part 2B:
the tools we use
I am about to make you angry
with graphs
Growth in context
Everything in npm grows
Share of registry
Front end frameworks
Frameworks never die; they only fade away
React
60% of npm users say they use React
Angular
Angryler
Angular is seeing fewer downloads,
please don't yell at me about it.
Ember
The comeback kid
Vue
The next big thing?
The React ecosystem
React Router
React is a triumph of modular design
Flux
Redux
React Hooks
Coming soon to a repo near you
GraphQL
RxJS
Get Hannah to explain!
Back-end frameworks
Koa
Sails
Hapi
Next.js
This looks weird
Team B / Team A
Tooling
What tools do we use?
Transpilers
46% of npm users are using TypeScript
Say what?!
Source: npm user survey, 2017/2018
Linters
So about ESLint...
The ESLint Credentials Harvester
😱
npm Security
in action
😊
Take JavaScript security seriously
😐
Testing
Splitting developers by experience
Best practices come with experience
Security is associated with experience
Part 3:
the future of JavaScript
Learning from history:
nothing last forever
jQuery, we hardly knew ye.
Learn GraphQL
Ill-advised prediction
Use TypeScript
Ill-advised prediction
What happens to npm in the future?
npm is not only JavaScript
and it hasn't been for some time
WASM is coming
WASM is already here
Bundling and transpiling are hard to get rid of
Ill-advised prediction
Transpilation
is bad news
for JavaScript
Node + JavaScript: merge or die
The best framework is always the one with the most users.
Use React
Ill-advised prediction
Libraries either die
or transcend
- Backbone died
- jQuery is part of every browser
Standards bodies are bad at inventing things
Make JSX
part of JavaScript
We already did and it was called E4X
Can React transcend?
npm install react-color
What about that slowdown in React?
Can React components hit critical mass?
Frameworks adopting React would force
browsers to act
What about web components?
Web components would be great if they worked but they don't, yet.
Don't @ me.
We can raise the web to a new level
Don't be afraid
Web developers will always have a job
A bigger web
is a better web
npm is for the web
The future looks fun
The web will remain under construction
We can do this
@seldo
These slides are available right now
Now would be a good time to follow me on Twitter
npm ❤️ you
npm and the future of JavaScript, QConf SF
By seldo
npm and the future of JavaScript, QConf SF
- 6,105