and the future
of JavaScript
JSConf US, 2018-08-21
Read these slides on your device:
Who is this guy?
Laurie Voss
COO & co-founder, npm Inc.
@seldo
This talk is about you
Three parts:
-
What you should know about npm
-
What npm knows about you
-
The future of JavaScript
npm is popular
Part 1: what you should know about npm
JavaScript is enormously popular
Top 5 languages on GitHub
by number of pull requests opened
npm is the package manager for all JavaScript
But npm is especially for web developers
97%
of the code in a modern web app comes from npm
npm is super fast now
npm install npm -g
Why not destroy the conference wifi by upgrading right now?
Is npm faster than Yarn?
npm 6
locks by default
3. npm ci will double the speed of your builds
npm ci
You can use
anywhere you used to use
npm install
and it will be twice as fast
npm Security
A bunch of new features
npm 6 has 2FA:
two-factor auth
Secure your npm account in 30 seconds:
npm Quick Audits
Just run npm install!
npm Quick Audit stats
3.5 million scans per week
Yikes!
npm audit
Just run in your current project:
npm audit
Learn more:
npm audit fix
Just run in your current project:
npm audit fix
or
npm audit fix --force
for the adventurous
Use npm because npm is safer than Yarn
Yarn to npm migration tool:
A user journey from Yarn back to npm:
BREAKING NEWS: Company recommends own product.
npm is a company that sells good and services that you will find useful
Part 2:
What npm knows about you
- 1.5 billion log events per day
- 16,000+ survey responses
Part 2A: demographics
Please stand up!
(If you can't stand up, raise a hand)
Sit down if you don't match the description.
Stay standing if you
use npm
Stay standing if you
write JavaScript that runs in browsers
Stay standing if you
write JavaScript
at work
Stay standing if you
are concerned about security of open source code
Stay standing if you
mostly taught yourself JavaScript
Stay standing if you
also write PHP or Java sometimes
Stay standing if you
work at a company that isn't considered a "tech company"
Stay standing if you
started using npm less than 2 years ago
Stay standing if you
use webpack
Stay standing if you
use babel
Stay standing if you
work on a React app
Stay standing if you
use TypeScript
So we know some stuff about you
npm users don't always write JavaScript
The programming language you pick is determined by the libraries available
Devs pick JavaScript because of npm
npm users are concerned about security
- 77% are concerned
- 52% said current tools aren't adequate
npm Enterprise can help your security
Part 2B:
the tools we use
I am about to make you angry
with graphs
Growth in context
Everything in npm grows
Share of registry
Front end frameworks
Frameworks never die; they only fade away
React
60% of npm users say they use React
Angular
Angryler
Angular is seeing fewer downloads,
please don't yell at me about it.
Ember
The comeback kid
Vue
The next big thing?
The React ecosystem
React Router
React is a triumph of modular design
Flux
Redux
GraphQL
Back-end frameworks
Koa
Sails
Hapi
Next.js
This looks weird
Team A / Team B
Tooling
What tools do we use?
Transpilers
46% of npm users are using TypeScript
Say what?!
Linters
So about ESLint...
The ESLint Credentials Harvester
😱
npm Security
in action
😊
Take JavaScript security seriously
😐
Testing
Splitting developers by experience
Best practices come with experience
Security is associated with experience
Part 3:
the future of JavaScript
Learning from history:
nothing last forever
jQuery, we hardly knew ye.
Use React
Ill-advised prediction
If people start re-using React modules, React will live forever
What about web components?
Web components would be great if they worked but they don't, yet.
Don't @ me.
What about that slowdown in React?
The best framework is always the one with the most users.
What if not React?
"I can't use React because Facebook kicked my puppy!"
- Angular has huge corporate backing
- Vue has a lot of growth momentum
- Ember has a bit of both
- I like Next.js
Learn GraphQL
Ill-advised prediction
You will be bundling, transpiling and linting for quite some time
Ill-advised prediction
Use TypeScript
Ill-advised prediction
What happens to npm in the future?
npm is not only JavaScript
and it hasn't been for some time
WASM is coming
WASM is already here
npm is for the web
The future looks fun
The web will remain under construction
Thank you!
@seldo
These slides are available right now
Now would be a good time to follow me on Twitter