and the future
of JavaScript
NEJS Conf, 2018-07-27
Read these slides on your device:
Who is this guy?
Laurie Voss
COO & co-founder, npm Inc.
@seldo
What are we talking about?
Part 1:
What you should know about npm
npm and the future of JavaScript
Part 2:
What npm knows about you
npm and the future of JavaScript
(Creepy!)
Part 3:
The future of JavaScript
npm and the future of JavaScript
npm is popular
Part 1: what you should know about npm
JavaScript is enormously popular
Top 5 languages on GitHub
by number of pull requests opened
npm is the package manager for all JavaScript
- 93% in the browser
- 70% on the server
- 44% on mobile devices
- 6% on embedded platforms
Β
But npm is especially for web developers
97% of the code in a modern web app comes from npm
npm is super fast now
Upgrade right now!
npm install npm -g
Wait, is it faster
than yarn?
npm 6
locks by default
npm 6
saves by default
3. npm ci will double the speed of your builds
npm ci
You can use
anywhere you used to use
npm install
and it will be twice as fast
npm Security
A bunch of new features
npm 6 has 2FA:
two-factor auth
Secure your npm account in 30 seconds:
npm Quick Audits
Just run npm install!
npm Quick Audit stats
- 3.5 million scans per week
- 51% vulnerable
- 37% high
- 11% critical
Yikes!
npm audit
Just run in your current project:
npm audit
Learn more:
npm audit fix
Just run in your current project:
npm audit fix
or
npm audit fix --force
for the adventurous
npx
npx create-react-app
Try it out!
Other new npm stuff
- Everybody gets a @scope!
- Organizations are free!
- Run scripts will save you time!
- npm init can standardize setup for you!
- Other stuff, probably!
- Maybe you should read our blog!
- Or follow us on Twitter: @npmjs!
npm is a company that sells good and services that you will find useful
Part 2:
What npm knows about you
- 1.5 billion log events per day
- 16,000+ survey responses
Part 2A: demographics
Please stand up!
(If you can't stand up, raise a hand)
Sit down if you don't match the description.
Stay standing if you
use npm
Stay standing if you
write JavaScript that runs in browsers
Stay standing if you
write JavaScript
at work
Stay standing if you
are concerned about security of open source code
Stay standing if you
mostly taught yourself JavaScript
Stay standing if you
also write PHP or Java sometimes
Stay standing if you
work at a company that isn't considered a "tech company"
Stay standing if you
started using npm less than 2 years ago
Stay standing if you
use webpack
Stay standing if you
use babel
Stay standing if you
work on a React app
Stay standing if you
use TypeScript
So we know some stuff about you
npm is for websites you build at work
npm users don't always write JavaScript
| Java | 30% |
|---|---|
| PHP | 30% |
| Python | 30% |
| .NET | 19% |
| Go | 10% |
| C++ | 10% |
| Ruby | 9% |
| C | 5% |
| Swift | 5% |
| Rust | 3% |
The programming language you pick is determined by the libraries available
Users pick JavaScript because of npm
| Large ecosystem of libraries | 67% |
|---|---|
| Increased developer productivity | 57% |
| Language features | 46% |
| Improved developer satisfaction | 43% |
| Reduced development costs | 35% |
| Large, experienced developer pool | 35% |
| Ease of developer onboarding | 33% |
| Increased application performance | 25% |
| Itβs not my choice | 15% |
npm users are concerned about security
- 77% are concerned
- 52% said current tools aren't adequate
npm Enterprise can help your security
npm users
also use Yarn
npm 6
is safer than Yarn
npm recommends using npm
Yarn to npm migration tool:
A user journey from Yarn back to npm:
npm users are mostly new
- 25% have been using JavaScript < 2 years
- 51% have been using npm < 2 years
People are still learning about npm!
npm users work
at every size of company
npm users work in every industry
Only 45% of npm users describe themselves as "in tech"
Part 2B:
the tools we use
I am about to make you angry
with graphs
Growth in context
Everything in npm grows
Share of registry
Front end frameworks
Frameworks never die; they only fade away
React
60% of npm users say they use React
Preact
Is it stealing React's thunder?
Angular
Angryler
Angular is seeing fewer downloads,
please don't yell at me about it.
Ember
The comeback kid
Vue
The next big thing?
So what should I pick?
I'll tell you at the end.
The React ecosystem
React Router
React is a triumph of modular design
Flux
Redux
MobX
RxJS
What on earth...?
RxJS has non-React uses
I guess that's it?
GraphQL
Back-end frameworks
Koa
Sails
Hapi
Ironically, they're not happy with us at all.
Next.js
This looks weird
Next.js since relaunch
Team A / Team B
Tooling
Everyone would like less tooling
| Better documentation | 75% |
|---|---|
| Less configuration | 49% |
| Faster | 48% |
| More features | 43% |
| Better defaults | 40% |
| Fewer separate tools | 36% |
What tools do we use?
| Web frameworks | 85% |
|---|---|
| Transpilers | 74% |
| Linters | 69% |
| Bundlers | 67% |
| CSS preprocessing | 58% |
| Testing/automation | 58% |
Frameworks
| Express | 60% |
|---|---|
| React | 58% |
| jQuery | 49% |
| Angular | 40% |
| Electron | 24% |
| Vue | 24% |
| Koa | 8% |
| Backbone | 7% |
| Preact | 6% |
| Hapi | 5% |
| Next | 5% |
| Meteor | 5% |
| Ember | 4% |
Transpilers
| Babel | 65% |
|---|---|
| TypeScript | 46% |
| CoffeeScript | 5% |
| Elm | 3% |
| ClojureScript | 2% |
46% of npm users are using TypeScript
Linters
| ESLint | 72% |
|---|---|
| JSLint | 17% |
| JSHint | 15% |
| Standard | 7% |
| Sonar | 5% |
So about ESLint...
The ESLint Credentials Harvester
π±
npm Security
in action
π
Take JavaScript security seriously
π
Bundlers
| Webpack | 79% |
|---|---|
| Browserify | 20% |
| Rollup | 10% |
Testing
| Mocha | 50% |
|---|---|
| Jasmine | 33% |
| none | 21% |
| Jest | 19% |
| QUnit | 5% |
| Tape | 5% |
Splitting developers by experience
Best practices come with experience
Security is associated with experience
Part 3:
the future of JavaScript
Learning from history:
nothing last forever
jQuery, we barely knew ye.
Front-end frameworks
Ill-advised prediction
Modularity drives all
Ill-advised prediction
Will React be reusable enough to last?
Ill-advised prediction
A good collection of modules is self-perpetuating
Ill-advised prediction
What about that slowdown in React?
Ill-advised prediction
What should I do?
Pick React.
Ill-advised prediction
Pick Angular
Ill-advised prediction
Pick Vue
Ill-advised prediction
Pick Ember
Ill-advised prediction
Pick Next.js
Ill-advised prediction
Pick GraphQL
Ill-advised prediction
You will be bundling, transpiling and linting for quite some time
Ill-advised prediction
Use TypeScript
Ill-advised prediction
What happens to npm in the future?
npm is not only JavaScript
and it hasn't been for some time
WASM is coming
WASM is already here
npm is for the web
The future looks fun
The web will remain under construction
Thank you!
@seldo
These slides
Talk to me