10 Things
You Didn't Know About
Reactathon, 2018-09-08
Read these slides on your device:
Who is this guy?
Laurie Voss
COO & co-founder, npm Inc.
@seldo
What are we talking about?
- What npm knows about you
- What you should know about npm
But I use Yarn!
npm recommends you use npm
Breaking news: company recommends own product!
I am not here
to bash Yarn
It's hard to bash something so warm and fuzzy.
10 N things
You Didn't Know About npm
npm: pretty popular
Part 1: what npm knows about you
Our sources of data
- 1.5 billion log events per day
- 16,000+ survey responses
npm users are mostly new
npm is the package manager for all JavaScript
JavaScript is enormously popular
Top 5 languages on GitHub
by number of pull requests opened
But npm is especially for web developers
97%
of the code in a modern web app comes from npm
Share of Registry
How we measure popularity at npm.
Absolute vs. Relative
60% of npm users use React
Preact
React Router
React is a triumph of modular design
Flux
Redux
Transpilers
46% of npm users are using TypeScript
Say what?!
Part 2: what you should know about npm
Team A / Team B
npm is super fast now
npm install npm -g
Why not destroy the conference wifi by upgrading right now?
Is npm faster than Yarn?
npm 6
locks by default
Yarn to the rescue
Lock files prevent unexpected changes
Oh, and they make everything a lot faster.
npm 6 saves
by default
There was never a good reason for this not to be the default. Our bad.
npm ci will
double the speed of your builds
npm ci
You can use
anywhere you used to use
npm install
and it will be twice as fast
npm is safer now
A bunch of new features
npm 6 has 2FA:
two-factor auth
Secure your npm account in 30 seconds:
npm Quick Audits
Just run npm install!
React apps are vulnerable to security issues
Recent security alerts:
- react-svg: XSS
- react-marked-markdown: XSS
React users are directly targeted by malicious packages
npm Quick Audit stats
3.5 million scans per week
Yikes!
npm audit
Just run in your current project:
npm audit
Learn more:
npm audit fix
Just run in your current project:
npm audit fix
or
npm audit fix --force
for the adventurous
Use npm because npm is safer than Yarn
Yarn to npm migration tool:
A user journey from Yarn back to npm:
BREAKING NEWS: Company recommends own product.
npm.community
will help you out
npx will save you time
npx <any package name>
will instantly run that package for you,
no need to install.
npm init understands "create" syntax
npm init react-app
yarn create react-app
is the same as
Coming soon:
npm workspaces
npm is a company that sells good and services that you will find useful
All the other stuff
- Everybody gets a scope!
- Organizations are free!
- Run scripts will save you time!
- npm init can standardize setup for you!
npm ❤️ React
@seldo
These slides are available right now
Now would be a good time to follow me on Twitter