NPM in Corporate Environments

Transcript

1. NPM in Corporate Environments

2. I’m Chris Gomez

3. First Job! 10+ years ago (2nd hire)

4. Development Environment Experience Technical Non-Technical Educational Consultancy Secure Lean Bloated

   Enterprise Empowered Remote Young Established

5. Our Team

6. Our Team • Started ~4yrs ago (~2 devs) • Replaced

   legacy app with EmberJS SPA • Overwhelmingly positive UX feedback • Claiming all other post-auth UI dev • Growing the team in every regard • Embracing progressive strategies

7. Technical Non-Technical Educational Consultant Secure Lean Bloated Enterprise Empowered Remote

   Young Established Environmental Challenges

8. Technical Non-Technical Educational Consultant Lean Empowered Remote Young Environmental Challenges

   Secure Bloated Enterprise Established

9. Environmental Challenges • Foo • Foo • Foo • Foo

   • Foo • Foo • NPM installs are “dial-up connection” slow • Foo • Foo • Foo ! ? ?

10. NPM + Corp. Proxy = • Makes metadata requests for

    every package • Makes lots of requests concurrently • Unable to resolve autoconfig (proxy.pac) • Adds latency to every request • Rate-limits concurrent connections • Intended to monitor user traffic; Not system communication NPM Corporate Proxy

11. Solutions

12. … Retry Timeout + Maxsockets Not documented!

13. • Reduce “retry” idle time • Only incurring latency overhead

    • *Maybe* faster than doing nothing • Latency overhead remains • Only as fast as your proxy • Every dev has to opt-in PROS CONS Retry Timeout + Maxsockets

14. Retry Timeout + Maxsockets Investment Reward • • • •

    •

15. Cache-min

16. • Avoid rate-limited concurrent connections • Avoid “retry” idle time

    • Minimizes network traffic overall • Crazy easy to use • Not a true “npm install” • May not be in-sync with team/prod • All devs have to opt-in • Have to micro-manage when to opt-in/out of cache • You *will* get burned PROS CONS Cache-min

17. Cache-min Investment Reward • • • • •

18. Open Source NPM Mirrors

19. • All the benefits of 
 cache-min • Centralized; Devs

    only need to set registry • Can be configured to bypass the proxy (with IT support) • Private packages (Sinopia) • Not much better than 
 cache-min • Most projects are unsupported • Requires a designated, network accessible machine PROS CONS Open Source NPM Mirrors

20. Open Source NPM Mirrors Investment Reward • • • •

    •

21. NPM Enterprise

22. • All the benefits of an OS mirror • Adds

    private packages • Replicates everything (~50GB) • 100% compliant with NPM • Straight from the horses mouth • Costs $$$ • Requires a designated, network accessible machine PROS CONS NPM Enterprise

23. NPM Enterprise Investment Reward • • • • •

24. Nexus Repository Manager

25. • All the benefits of NPM Enterprise • Supports multiple

    package managers • Adds team registries • Free to the public! • Can be upgraded to do audit packages • An easy sell for IT • Challenges your view of “enterprise” software • Requires buy-in from more departments PROS CONS Nexus Repository Manager

26. Nexus Repository Manager Investment Reward • • • • •

27. Questions?

28. Thanks for joining! [email protected] [email protected] @akxgomez