NPM - tools you should know about

Transcript

1. NPM Tools you should know about @karoldanko 1

2. 70+ mil. Users 27+ mil. App downloads 30+ Local mutations

   2

3. 3 Goal

4. 4 1. NPM Basics 2. Dev 3. Security 4. Quality

   5. Yarn

5. 5 [wombat]

6. NPM - basics 6

7. 7 $ npm install react NPM - základy node_modules $

   npm init package.json $ npm install react -S node_modules Update package.json

8. Semver 8 2 . 4 . 1 MAJOR MINOR PATCH

   API change New feature Fix

9. Semver ranges 9 • ^2.0 • 1.0-2.0 • 1.x

10. 10 semver.npmjs.com

11. Dev 11

12. Dev tools 12 $ npm --help $ npm [command] --help

13. NPM outdated $ npm outdated Package Current Wanted Latest Location

    glob 5.0.15 5.0.15 6.0.1 test-outdated-output nothingness 0.0.3 git git test-outdated-output npm 3.5.1 3.5.2 3.5.1 test-outdated-output local-dev 0.0.3 linked linked test-outdated-output once 1.3.2 1.3.3 1.3.3 test-outdated-output 13

14. npm shrinkwrap 14 React: 15.x 15.0.8 (yesterday) 15.1.0 (today) package.json

15. npm shrinkwrap 15 "console.table": "^0.x" "console.table": { "version": "0.7.0", "from":

    "console.table@>=0.7.0", "Resolved": "https://registry.npmjs.org/console.table/ -/console.table-0.7.0.tgz" } package.json npm-shrinkwrap.json $ npm shrinkwrap

16. Npm install & git 16 $ npm install react $

    npm install git://github.com/visionmedia/express.git

17. node_modules 17 node_modules Your code

18. depcheck $ npm install --global depcheck $ depcheck Unused dependencies

    * mongoose * nodemon Unused devDependencies * coffee-script * phantomjs-prebuilt Missing dependencies * qs 18

19. Privátne npm 19 • NPM enterprise $ • npmjs.com/package/npm-register free

    private

20. Security 20

21. Security tools Snyk Nodesecurity 21

22. 22

23. Security tools • Vulnerability database > package.json analysis • Github

    integration (checks & fixes) • CLI tools • New vulnerabilities warnings (email, slack, …) 23

24. Nodesecurity.io 24 $ npm install nsp --global $ nsp check

    (+) No known vulnerabilities found

25. Snyk.io 25 $ npm install snyk --global ... $ snyk

    test ✓ Tested 225 dependencies for known vulnerabilities, no vulnerable paths found.

26. Security tools • Security = programmer's responsibility • It’s EASY

    • Easily to integrate with your CI 26

27. Quality 27

28. 28 Is it stable? Are the devs active ? When

    was the last update ? Will it last more than a year ? Will it fuck up my project ? How to check the quality ??? 400’000 modules ?!

29. Quality assurance tools Npms.io Nodecompare.com 29

30. Npms.io 30 • Evaluates packages based on ◦ Quality ◦

    Popularity ◦ Maintenance ◦ Score

31. 31

32. npmcompare.com 32 • Direct package comparison ◦ Nr. of downloads

    ◦ Nr. of pull requestov ◦ Issues ◦ … ◦ Overall points

33. 33 ...

34. Quality assurance tools 34 • Not easy to automate •

    Good module will save you time in the long run

35. Yarn 35

36. Yarn • “New kid on the block” - published on

    11.10.2016 • By Facebook • Very active development 36 $ npm install yarn --global $ yarm

37. Yarn...like NPM, but... • Lock file is default • Offline

    cache is default • Parallel download / install • Nicer outputs 37

38. Yarn...like NPM, but... • Verzia 0.20 = non-stable ? 38

39. Yarn - should I ? 39 ?

40. Otázky @karoldanko 40 [email protected]

41. Ďakujem @karoldanko 41 [email protected]