and the future

of JavaScript

NEJS Conf, 2018-07-27

Read these slides on your device:

Who is this guy?

Laurie Voss

COO & co-founder, npm Inc.


What are we talking about?

Part 1:

What you should know about npm

npm and the future of JavaScript

Part 2:

What npm knows about you

npm and the future of JavaScript


Part 3:

The future of JavaScript

npm and the future of JavaScript

npm is popular

Part 1: what you should know about npm

JavaScript is enormously popular

Top 5 languages on GitHub

by number of pull requests opened

npm is the package manager for all JavaScript

  • 93% in the browser
  • 70% on the server
  • 44% on mobile devices
  • 6% on embedded platforms


But npm is especially for web developers

97% of the code in a modern web app comes from npm

npm is super fast now

Upgrade right now!

npm install npm -g

Wait, is it faster

than yarn?

npm 6

locks by default

npm 6

saves by default

3. npm ci will double the speed of your builds

npm ci

You can use

anywhere you used to use

npm install

and it will be twice as fast

npm Security

A bunch of new features

npm 6 has 2FA:

two-factor auth

Secure your npm account in 30 seconds:

npm Quick Audits

Just run npm install!

npm Quick Audit stats

  • 3.5 million scans per week
  • 51% vulnerable
  • 37% high
  • 11% critical


npm audit

Just run in your current project:

npm audit

npm audit fix

Just run in your current project:

npm audit fix


npm audit fix --force

for the adventurous


npx create-react-app

Try it out!

Other new npm stuff

  • Everybody gets a @scope!
  • Organizations are free!
  • Run scripts will save you time!
  • npm init can standardize setup for you!
  • Other stuff, probably!
  • Maybe you should read our blog!
  • Or follow us on Twitter: @npmjs!

npm is a company that sells good and services that you will find useful

Part 2:

What npm knows about you

  • 1.5 billion log events per day
  • 16,000+ survey responses

Part 2A: demographics

Please stand up!

(If you can't stand up, raise a hand)

Sit down if you don't match the description.

Stay standing if you

use npm

Stay standing if you

write JavaScript that runs in browsers

Stay standing if you

write JavaScript

at work

Stay standing if you

are concerned about security of open source code

Stay standing if you

mostly taught yourself JavaScript

Stay standing if you

also write PHP or Java sometimes

Stay standing if you

work at a company that isn't considered a "tech company"

Stay standing if you

started using npm less than 2 years ago

Stay standing if you

use webpack

Stay standing if you

use babel

Stay standing if you

work on a React app

Stay standing if you

use TypeScript

So we know some stuff about you

npm is for websites you build at work

npm users don't always write JavaScript

Java 30%
PHP 30%
Python 30%
.NET 19%
Go 10%
C++ 10%
Ruby 9%
C 5%
Swift 5%
Rust 3%

The programming language you pick is determined by the libraries available

Users pick JavaScript because of npm

Large ecosystem of libraries 67%
Increased developer productivity 57%
Language features 46%
Improved developer satisfaction 43%
Reduced development costs 35%
Large, experienced developer pool 35%
Ease of developer onboarding 33%
Increased application performance 25%
It’s not my choice 15%

npm users are concerned about security

  • 77% are concerned
  • 52% said current tools aren't adequate

npm Enterprise can help your security

npm users

also use Yarn

npm 6

is safer than Yarn

npm recommends using npm

Yarn to npm migration tool:

A user journey from Yarn back to npm:

npm users are mostly new

  • 25% have been using JavaScript < 2 years
  • 51% have been using npm < 2 years

People are still learning about npm!

npm users work

at every size of company

npm users work in every industry

Only 45% of npm users describe themselves as "in tech"

Part 2B:

the tools we use

I am about to make you angry

with graphs

Growth in context

Everything in npm grows

Share of registry

Front end frameworks

Frameworks never die; they only fade away


60% of npm users say they use React


Is it stealing React's thunder?



Angular is seeing fewer downloads,

please don't yell at me about it.


The comeback kid


The next big thing?

So what should I pick?

I'll tell you at the end.

The React ecosystem

React Router

React is a triumph of modular design





What on earth...?

RxJS has non-React uses

I guess that's it?


Back-end frameworks




Ironically, they're not happy with us at all.


This looks weird

Next.js since relaunch

Team A / Team B


Everyone would like less tooling

Better documentation 75%
Less configuration 49%
Faster 48%
More features 43%
Better defaults 40%
Fewer separate tools 36%

What tools do we use?

Web frameworks 85%
Transpilers 74%
Linters 69%
Bundlers 67%
CSS preprocessing 58%
Testing/automation 58%


Express 60%
React 58%
jQuery 49%
Angular 40%
Electron 24%
Vue 24%
Koa 8%
Backbone 7%
Preact 6%
Hapi 5%
Next 5%
Meteor 5%
Ember 4%


Babel 65%
TypeScript 46%
CoffeeScript 5%
Elm 3%
ClojureScript 2%

46% of npm users are using TypeScript


ESLint 72%
JSLint 17%
JSHint 15%
Standard 7%
Sonar 5%

So about ESLint...

The ESLint Credentials Harvester


npm Security

in action


Take JavaScript security seriously



Webpack 79%
Browserify 20%
Rollup 10%


Mocha 50%
Jasmine 33%
none 21%
Jest 19%
QUnit 5%
Tape 5%

Splitting developers by experience

Best practices come with experience

Security is associated with experience

Part 3:

the future of JavaScript

Learning from history:

nothing last forever

jQuery, we barely knew ye.

Front-end frameworks

Ill-advised prediction

Modularity drives all

Ill-advised prediction

Will React be reusable enough to last?

Ill-advised prediction

A good collection of modules is self-perpetuating

Ill-advised prediction

What about that slowdown in React?

Ill-advised prediction

What should I do?

Pick React.

Ill-advised prediction

Pick Angular

Ill-advised prediction

Pick Vue

Ill-advised prediction

Pick Ember

Ill-advised prediction

Pick Next.js

Ill-advised prediction

Pick GraphQL

Ill-advised prediction

You will be bundling, transpiling and linting for quite some time

Ill-advised prediction

Use TypeScript

Ill-advised prediction

What happens to npm in the future?

npm is not only JavaScript

and it hasn't been for some time

WASM is coming

WASM is already here

npm is for the web

The future looks fun

The web will remain under construction

Thank you!


These slides

Talk to me

npm and the future of JavaScript

By seldo

npm and the future of JavaScript

  • 4,624