and the future

of JavaScript

QCon SF, 2018-11-05

https://slides.com/seldo/npm-future-of-javascript-qcon

Read these slides on your device:

Who is this guy?

Laurie Voss

COO & co-founder, npm Inc.

@seldo

This talk is about you

Three parts:

1. What you should know about npm

2. What npm knows about you

3. The future of JavaScript

npm is popular

Part 1: what you should know about npm

JavaScript is enormously popular

Language popularity on GitHub, 2014-2018

Who's using npm?

• All 50 of the Fortune 50
• All 50 of the 50 biggest banks
• All 50 of the 50 biggest tech companies
• All 500 of the Fortune 500

(we checked!)

JavaScript

is the most important programming language

in the world

npm is the package manager for all JavaScript

But npm is especially for web developers

97%

of the code in a modern web app comes from npm

npm is super fast now

npm install npm -g

Why not destroy the conference wifi by upgrading right now?

Is npm faster than Yarn?

npm 6

locks by default

npm ci will double the speed of your builds

npm ci

You can use

anywhere you used to use

npm install

and it will be twice as fast

npm Security

A bunch of new features

npm 6 has 2FA:

two-factor auth

http://go.npm.me/2fa

Secure your npm account in 30 seconds:

npm Quick Audits

Just run npm install!

npm Quick Audit stats

4 million scans per week

Yikes!

npm audit

Just run in your current project:

npm audit

Learn more:

http://go.npm.me/audits

npm audit fix

Just run in your current project:

npm audit fix

or

npm audit fix --force

for the adventurous

Security has become central to npm Inc.

Use npm because npm is safer than Yarn

https://mixmax.com/blog/to-yarn-and-back-again-npm

https://npm.im/deyarn

Yarn to npm migration tool:

A user journey from Yarn back to npm:

BREAKING NEWS: Company recommends own product.

npm.community

npm is a company that sells good and services that you will find useful

npm Organizations

Private packages and security for teams

npm Enterprise

A full-featured private registry for your company.

npm Security

is worth paying for

Part 2:

What npm knows about you

• 1.5 billion log events per day
• 16,000+ survey responses

Part 2A: demographics

Please stand up!

(If you can't stand up, raise a hand)

Sit down if you don't match the description.

Stay standing if you

use npm

Stay standing if you

write JavaScript that runs in browsers

Stay standing if you

write JavaScript

at work

Stay standing if you

are concerned about security of open source code

Stay standing if you

mostly taught yourself JavaScript

Stay standing if you

also write PHP or Java sometimes

Stay standing if you

work at a company that isn't considered a "tech company"

So we know some stuff about you

npm users don't always write JavaScript

The programming language you pick is determined by the libraries available

http://sns.cs.princeton.edu/docs/asr-oopsla13.pdf

Devs pick JavaScript because of npm

npm users are concerned about security

• 77% are concerned
• 52% said current tools aren't adequate

Part 2B:

the tools we use

I am about to make you angry

with graphs

Growth in context

Everything in npm grows

Share of registry

Front end frameworks

Frameworks never die; they only fade away

React

60% of npm users say they use React

Angular

Angryler

Angular is seeing fewer downloads,

please don't yell at me about it.

Ember

The comeback kid

Vue

The next big thing?

The React ecosystem

React Router

React is a triumph of modular design

Flux

Redux

React Hooks

Coming soon to a repo near you

GraphQL

RxJS

Get Hannah to explain!

Back-end frameworks

Koa

Sails

Hapi

Next.js

This looks weird

Team B / Team A

Tooling

What tools do we use?

Transpilers

46% of npm users are using TypeScript

Say what?!

Source: npm user survey, 2017/2018

Linters

So about ESLint...

The ESLint Credentials Harvester

😱

npm Security

in action

😊

Take JavaScript security seriously

😐

Testing

Splitting developers by experience

Best practices come with experience

Security is associated with experience

Part 3:

the future of JavaScript

Learning from history:

nothing last forever

jQuery, we hardly knew ye.

Learn GraphQL

Ill-advised prediction

Use TypeScript

Ill-advised prediction

What happens to npm in the future?

npm is not only JavaScript

and it hasn't been for some time

WASM is coming

WASM is already here

https://hacks.mozilla.org/2018/04/hello-wasm-pack/

Bundling and transpiling are hard to get rid of

Ill-advised prediction

Transpilation

is bad news

for JavaScript

Node + JavaScript: merge or die

The best framework is always the one with the most users.

Use React

Ill-advised prediction

Libraries either die

or transcend

• Backbone died
• jQuery is part of every browser

Standards bodies are bad at inventing things

Make JSX

part of JavaScript

We already did and it was called E4X

Can React transcend?

npm install react-color

What about that slowdown in React?

Can React components hit critical mass?

Frameworks adopting React would force

browsers to act

What about web components?

Web components would be great if they worked but they don't, yet.

Don't @ me.

We can raise the web to a new level

Don't be afraid

Web developers will always have a job

A bigger web

is a better web

npm is for the web

The future looks fun

The web will remain under construction

We can do this

https://slides.com/seldo/npm-future-of-javascript-qcon

@seldo

These slides are available right now

Now would be a good time to follow me on Twitter

npm ❤️ you