Date: Tue, 20 Jun 2017 10:00:00 +0000
<div class="trix-content"> <div>On today’s episode of JavaScript Jabber, Charles Max Wood and panelist Joe Eames chat with Rebecca Turner, tech lead for <a href="https://www.npmjs.com/">NPM</a>, a popular Javascript package manager with the worlds largest software registry. Learn about the newly released NPM 5 including a few of the updated features. Stay tuned!</div><div>[1:58] Was the release of node JS 8 tied to NPM5?</div><ul> <li>Features in NPM5 have been in planning for 2 years now.</li> <li>Planned on getting it out earlier this year.</li> <li>Node 8 was coming out and got pushed out a month.</li> <li>Putting NPM5 into Node 8 became doable.</li> <li>Pushed really hard to get NPM5 into <a href="https://nodejs.org/en/blog/release/v8.0.0/">Node 8</a> so that users would get NPM5 and updates to NPM5.</li> </ul><div>[2:58] Why would it matter? NPM doesn’t care right?</div><ul> <li>Right you can use NPM5 with any version of node.</li> <li>Most people don’t update NPM, but upgrade Node.</li> <li>So releasing them together allowed for when people updated Node they would get NPM 5.</li> </ul><div>[3:29] How does the upgrade process work if you’re using NVM or some node version manager?</div><ul> <li>Depends. Different approaches for each</li> <li>NVM gets a fresh copy of Node with new globals. NVM5 and Node 8 are bundled.</li> <li>For some, If you manually upgrade NVM you’ll always have to manually. It will keep the one you manually upgraded to.</li> </ul><div>[4:16] Why NPM 5?</div><ul> <li>It’s night and day faster.</li> <li>3 to 5 times speed up is not uncommon.</li> <li>Most package managers are slow.</li> <li>NPM 5 is still growing. Will get even faster.</li> </ul><div>[5:18] How did you make it faster?</div><ul> <li>The NPM’s cache is old. It’s very slow. Appalling slow.</li> <li>Rewrote cache</li> <li>Saw huge performance gains</li> </ul><div>[5:49] What is the function of the cache?</div><ul> <li>Cache makes it so you don’t have to reinstall modules from the internet.</li> <li>It has registry information too.</li> <li>It will now obey http headers for timing out cache.</li> </ul><div>[6:50] Other things that made it faster?</div><ul> <li>Had a log file for a long time. It was called <a href="https://docs.npmjs.com/cli/shrinkwrap">shrinkwrap</a>.</li> <li>NPM 5 makes it default.</li> <li>Renamed it to packagelog.json</li> <li>Exactly like shrinkwrap package file seen before</li> <li>In combo with cache, it makes it really fast.</li> <li>Stores information about what the tree should look like and it’s general structure.</li> <li>It doesn’t have to go back and learn versions of packages.</li> </ul><div>[7:50] Can you turn the default Packagelog.json off?</div><ul> <li>Yes. Just:</li> <li>Set packagelog=false in the npmrc</li> </ul><div>[8:01] Why make it default? Why wasn’t it default before?</div><ul> <li>It Didn’t have it before. Shrinkwrap was added as a separate project enfolded in NPM and wasn’t core to the design of NPM.</li> <li>Most people would now benefit from it. Not many scenarios where you wouldn’t want one.</li> <li>Teams not using the same tools causes headaches and issues.</li> </ul><div>[9:38] Where does not having a lock show up as a problem?</div><ul> <li>It records the versions of the packages installed and where NPM put them so that when you clone a project down you will have exactly the same versions across machines.</li> <li>Collaborators have the exact same version.</li> <li>Protects from issues after people introduce changes and patch releases.</li> <li>NPM being faster is just a bonus.</li> <li>Store the sha512 of the package that was installed in the glock file so that we can verify it when you install. It’s Bit for bit what you had previously.</li> </ul><div>[11:12] Could you solve that by setting the package version as the same version as the .Json file?</div><ul> <li>No. That will lock down the versions of the modules that you install pers... Support this podcast at — https://redcircle.com/javascript-jabber/donations Advertising Inquiries: https://redcircle.com/brands Privacy & Opt-Out: https://redcircle.com/privacy