and the future
of JavaScript
Node+JS Interactive, 2018-10-10
Read these slides on your device:
Who is this guy?
Laurie Voss
COO & co-founder, npm Inc.
@seldo
This talk is about you
Three parts:
-
What you should know about npm
-
What npm knows about you
-
The future of JavaScript
npm is popular
Part 1: what you should know about npm
JavaScript is enormously popular
Top 5 languages on GitHub
by number of pull requests opened
Who's using npm?
- All 50 of the Fortune 50
- All 50 of the 50 biggest banks
- All 50 of the 50 biggest tech companies
- All 500 of the Fortune 500
(we checked!)
JavaScript
is the most important programming language
in the world
npm is the package manager for all JavaScript
But npm is especially for web developers
97%
of the code in a modern web app comes from npm
npm is super fast now
npm install npm -g
Why not destroy the conference wifi by upgrading right now?
Is npm faster than Yarn?
npm 6
locks by default
npm ci will double the speed of your builds
npm ci
You can use
anywhere you used to use
npm install
and it will be twice as fast
npm Security
A bunch of new features
npm 6 has 2FA:
two-factor auth
Secure your npm account in 30 seconds:
npm Quick Audits
Just run npm install!
npm Quick Audit stats
4 million scans per week
Yikes!
npm audit
Just run in your current project:
npm audit
Learn more:
npm audit fix
Just run in your current project:
npm audit fix
or
npm audit fix --force
for the adventurous
Use npm because npm is safer than Yarn
Yarn to npm migration tool:
A user journey from Yarn back to npm:
BREAKING NEWS: Company recommends own product.
npm is a company that sells good and services that you will find useful
Part 2:
What npm knows about you
- 1.5 billion log events per day
- 16,000+ survey responses
Part 2A: demographics
Please stand up!
(If you can't stand up, raise a hand)
Sit down if you don't match the description.
Stay standing if you
use npm
Stay standing if you
write JavaScript that runs in browsers
Stay standing if you
write JavaScript
at work
Stay standing if you
are concerned about security of open source code
Stay standing if you
mostly taught yourself JavaScript
Stay standing if you
also write PHP or Java sometimes
Stay standing if you
work at a company that isn't considered a "tech company"
Stay standing if you
started using npm less than 2 years ago
Stay standing if you
use webpack
Stay standing if you
use babel
Stay standing if you
work on a React app
Stay standing if you
use TypeScript
So we know some stuff about you
npm users don't always write JavaScript
The programming language you pick is determined by the libraries available
Devs pick JavaScript because of npm
npm users are concerned about security
- 77% are concerned
- 52% said current tools aren't adequate
npm Enterprise can help your security
Part 2B:
the tools we use
I am about to make you angry
with graphs
Growth in context
Everything in npm grows
Share of registry
Front end frameworks
Frameworks never die; they only fade away
React
60% of npm users say they use React
Angular
Angryler
Angular is seeing fewer downloads,
please don't yell at me about it.
Ember
The comeback kid
Vue
The next big thing?
The React ecosystem
React Router
React is a triumph of modular design
Flux
Redux
GraphQL
Back-end frameworks
Koa
Sails
Hapi
Next.js
This looks weird
Team A / Team B
Tooling
What tools do we use?
Transpilers
46% of npm users are using TypeScript
Say what?!
Source: npm user survey, 2017/2018
Linters
So about ESLint...
The ESLint Credentials Harvester
😱
npm Security
in action
😊
Take JavaScript security seriously
😐
Testing
Splitting developers by experience
Best practices come with experience
Security is associated with experience
Part 3:
the future of JavaScript
Learning from history:
nothing last forever
jQuery, we hardly knew ye.
Use React
Ill-advised prediction
If people start re-using React modules, React will live forever
What about web components?
Web components would be great if they worked but they don't, yet.
Don't @ me.
What about that slowdown in React?
The best framework is always the one with the most users.
Learn GraphQL
Ill-advised prediction
You will be bundling, transpiling and linting for quite some time
Ill-advised prediction
Use TypeScript
Ill-advised prediction
What happens to npm in the future?
npm is not only JavaScript
and it hasn't been for some time
WASM is coming
WASM is already here
JavaScript's position as the language
of the web
is not guaranteed
Mandatory transpilation
is a code smell
Node + JavaScript: merge or die
npm is for the web
The future looks fun
The web will remain under construction
We can do this together
@seldo
These slides are available right now
Now would be a good time to follow me on Twitter
npm ❤️ you
npm and the future of JavaScript
By seldo
npm and the future of JavaScript
- 45,965