NPM stands for Node Package Manager. It is a package manager for the JavaScript programming language. It is used to install, share, and manage code packages that are used in JavaScript projects. It helps developers to easily find, share, and reuse code with other developers from around the world. It also helps maintain the versioning of libraries, making sure that everyone is using the same version of the code.
Levelling up Monorepos with npm Workspaces
DevOps.js Conf 2022DevOps.js Conf 2022
33 min
Levelling up Monorepos with npm Workspaces
Top Content
NPM workspaces help manage multiple nested packages within a single top-level package, improving since the release of NPM CLI 7.0. You can easily add dependencies to workspaces and handle duplications. Running scripts and orchestration in a monorepo is made easier with NPM workspaces. The npm pkg command is useful for setting and retrieving keys and values from package.json files. NPM workspaces offer benefits compared to Lerna and future plans include better workspace linking and adding missing features.
Yarn: From Design to Implementation
DevOps.js Conf 2024DevOps.js Conf 2024
28 min
Yarn: From Design to Implementation
Today we'll discuss the evolution and implementation of YARN, which focuses on determinism and stability. YARN Modern was re-architected to support projects with multiple packages and embraced Monorepos. YARN 2 improved workspace implementation, codebase partitioning, and stability. Dependency resolution and linking in YARN are handled by different resolvers and fetchers. YARN has a plugin system, a constraint engine, and a redesigned website. It prioritizes compatibility, performance, testing, and contributions to other projects.
Package Management in Monorepos
DevOps.js Conf 2024DevOps.js Conf 2024
19 min
Package Management in Monorepos
This Talk discusses pain points and effective package management in monorepos, including the use of hoisted or isolated layouts and the challenges of working with peer dependencies. It introduces the tool Bit, which addresses these issues and handles dependency management and version control. Bit enables automatic installation and management of dependencies, supports multiple versions of a peer dependency, and seamlessly updates components across different environments.
Publishing TS Libraries for Fun and Profit
TypeScript Congress 2023TypeScript Congress 2023
31 min
Publishing TS Libraries for Fun and Profit
Mark Erickson discusses the complexities of publishing TypeScript libraries, including considerations like build artifact file formats, package exports, and different user environments. He shares his experiences with ESM support and interop with other module formats, and the challenges faced in migrating Redux to TypeScript. Erickson highlights the importance of understanding file formats and module types, and the insights gained from discussions with the TypeScript team. He also emphasizes the need for better tools and documentation in the ecosystem for publishing and maintaining TypeScript libraries.
Package-based Monorepos - Speed Up in Under 7 Minutes
JSNation 2023JSNation 2023
9 min
Package-based Monorepos - Speed Up in Under 7 Minutes
The Talk discusses speeding up MonrayBus in a pmpm workspace by organizing packages and considering dependencies. It covers installing and configuring the nx package, including choosing cacheable scripts. The nx-graph command is introduced for analyzing dependencies and optimizing the build process.
Finding, Hacking and fixing your NodeJS Vulnerabilities with Snyk
JSNation 2022JSNation 2022
99 min
Finding, Hacking and fixing your NodeJS Vulnerabilities with Snyk
WorkshopFree
Matthew Salmon
Matthew Salmon
npm and security, how much do you know about your dependencies?Hack-along, live hacking of a vulnerable Node app https://github.com/snyk-labs/nodejs-goof, Vulnerabilities from both Open source and written code. Encouraged to download the application and hack along with us.Fixing the issues and an introduction to Snyk with a demo.Open questions.
Build Web3 apps with React
React Summit 2022React Summit 2022
51 min
Build Web3 apps with React
WorkshopFree
Shain Dholakiya
Shain Dholakiya
The workshop is designed to help Web2 developers start building for Web3 using the Hyperverse. The Hyperverse is an open marketplace of community-built, audited, easy to discover smart modules. Our goal - to make it easy for React developers to build Web3 apps without writing a single line of smart contract code. Think “npm for smart contracts.”
Learn more about the Hyperverse here.
We will go over all the blockchain/crypto basics you need to know to start building on the Hyperverse, so you do not need to have any previous knowledge about the Web3 space. You just need to have React experience.
Security Controls in the JavaScript Supply Chain
JSNation 2022JSNation 2022
28 min
Security Controls in the JavaScript Supply Chain
This talk discusses the security challenges in the JavaScript ecosystem, including supply chain security, lock file tampering, and arbitrary command execution. It highlights the risks of blind upgrades and hidden comments in code. The talk also covers dependency confusion attacks and the importance of establishing a threat model for node applications.
The Secret Life of Package Managers
Node Congress 2022Node Congress 2022
9 min
The Secret Life of Package Managers
npm install can be a mysterious process, but understanding how package managers work is essential. NPM solved problems like large node_modules, circular dependencies, and multiple instances of the same package. Managing package versions and conflicts is crucial for consistency across projects. Alternative approaches to package management, like PNPM and Yarn2, provide insights into the hidden complexities of package managers.
What's New in npm?
DevOps.js Conf 2021DevOps.js Conf 2021
26 min
What's New in npm?
Welcome to my talk on what's new in the NPM CLI. NPMv7 introduced many new capabilities, including installing peer dependencies by default. npm v7 also introduced support for workspaces, allowing the definition of projects within your root project. The NPM team is continuously improving the CLI with weekly releases and is working on exciting features in collaboration with GitHub. NPM is not an acronym for Node Package Manager, and the CLI will continue to improve with the support of the growing team.