JSJ 266 NPM 5.0 with Rebecca Turner
JavaScript Jabber20 Juni 2017

JSJ 266 NPM 5.0 with Rebecca Turner

On today’s episode of JavaScript Jabber, Charles Max Wood and panelist Joe Eames chat with Rebecca Turner, tech lead for https://www.npmjs.com/, a popular Javascript package manager with the worlds largest software registry. Learn about the newly released NPM 5 including a few of the updated features. Stay tuned![1:58] Was the release of node JS 8 tied to NPM5?
- Features in NPM5 have been in planning for 2 years now.
- Planned on getting it out earlier this year.
- Node 8 was coming out and got pushed out a month.
- Putting NPM5 into Node 8 became doable.
- Pushed really hard to get NPM5 into https://nodejs.org/en/blog/release/v8.0.0/ so that users would get NPM5 and updates to NPM5.
[2:58] Why would it matter? NPM doesn’t care right?
- Right you can use NPM5 with any version of node.
- Most people don’t update NPM, but upgrade Node.
- So releasing them together allowed for when people updated Node they would get NPM 5.
[3:29] How does the upgrade process work if you’re using NVM or some node version manager?
- Depends. Different approaches for each
- NVM gets a fresh copy of Node with new globals. NVM5 and Node 8 are bundled.
- For some, If you manually upgrade NVM you’ll always have to manually. It will keep the one you manually upgraded to.
[4:16] Why NPM 5?
- It’s night and day faster.
- 3 to 5 times speed up is not uncommon.
- Most package managers are slow.
- NPM 5 is still growing. Will get even faster.
[5:18] How did you make it faster?
- The NPM’s cache is old. It’s very slow. Appalling slow.
- Rewrote cache
- Saw huge performance gains
[5:49] What is the function of the cache?
- Cache makes it so you don’t have to reinstall modules from the internet.
- It has registry information too.
- It will now obey http headers for timing out cache.
[6:50] Other things that made it faster?
- Had a log file for a long time. It was called https://docs.npmjs.com/cli/shrinkwrap.
- NPM 5 makes it default.
- Renamed it to packagelog.json
- Exactly like shrinkwrap package file seen before
- In combo with cache, it makes it really fast.
- Stores information about what the tree should look like and it’s general structure.
- It doesn’t have to go back and learn versions of packages.
[7:50] Can you turn the default Packagelog.json off?
- Yes. Just:
- Set packagelog=false in the npmrc
[8:01] Why make it default? Why wasn’t it default before?
- It Didn’t have it before. Shrinkwrap was added as a separate project enfolded in NPM and wasn’t core to the design of NPM.
- Most people would now benefit from it. Not many scenarios where you wouldn’t want one.
- Teams not using the same tools causes headaches and issues.
[9:38] Where does not having a lock show up as a problem?
- It records the versions of the packages installed and where NPM put them so that when you clone a project down you will have exactly the same versions across machines.
- Collaborators have the exact same version.
- Protects from issues after people introduce changes and patch releases.
- NPM being faster is just a bonus.
- Store the sha512 of the package that was installed in the glock file so that we can verify it when you install. It’s Bit for bit what you had previously.
[11:12] Could you solve that by setting the package version as the same version as the .Json file?
- No. That will lock down the versions of the modules that you install personally, not the dependancies, or transitive dependancies.
- Package log allows you to look into the head of the installer. This is what the install looks like.
[12:16] Defaulting the log file speed things up? How?
- It doesn’t have to figure out dependences or the tree which makes it faster.
- Shrinkwrap command is still there, it renames it to shrinkwrap but shrinkwrap cannot be published.
- For application level things or big libraries, using shrinkwrap to lock down versions is popular.
[13:42] You’ve Adopted specifications in a ROC process. When did you guys do that?
- Did it in January
- Have been using them internally for years. Inviting people into the process.
- Specifications
- Written in the form of “Here is the problem and here are the solutions.”
- Spec folder in NPM docs, things being added to that as they specify how things work.
- Spec tests have been great.
[14:59] The update adds new tools. Will there be new things in registry as well?
- Yes.
- Information about a package from registry, it returns document that has info about every version and package json data and full readme for every version.
- It gets very large.
- New API to request smaller version of that document.
- Reduces bandwidth, lower download size, makes it substantially faster.
- Used to be hashed with sha1, With this update it will be hashed with sha512 as well as sha1 for older clients.
[16:20] Will you be stopping support for older versions?
- LTS version of NPM was a thing for a while. They stopped doing that.
- Two models, people either use whatever version came with Node or they update to the latest.
- The NPM team is really small. Hard to maintain old NPM branches.
- Supports current versions and that’s pretty much it.
- If there are big problems they will fix old versions. Patches , etc.
[17:36] Will there ever be problems with that?
- Older versions should continue to work. Shouldn’t break any of that.
- Can’t upgrade from 0.8.
- It does break with different Node version
- Does not support Node versions 0.10 or 0.12.
[18:47] How do you upgrade to NPM?
- sudo npm install -gmpm
- Yes, you may not need sudo. depend on what you’re on.
[19:07] How long has it been since version 4?
- Last October is when it came out.
[19:24] Do you already have plans for version 6?
- Yes!
- More releases than before coming up.
- Finally deprecating old features that are only used in a few packages out of the whole registry.
- Running tests on getting rid of things.
[20:50] Self healing cache. What is it and why do we want it?
- Users are sometimes showing up where installs are broken and tarbols are corrupted.
- This happens sometimes with complicated containerization setups makes it more likely. It’s unclear where the problem actually is.
- https://www.npmjs.com/package/cacache - content addressable cache. Take the hash of your package and use it to look up address to look it up in the cache.
- Compares the Tarbol using an address to look it up in the cache.
- Compares to see if it’s old. Trashes old and downloads updated one.
- Came out with the cache. Free side effect of the new cache.
[23:14] New information output as part of the update?
- NPM has always gave back you the tree from what you just installed.
- Now, trees can be larger and displaying that much information is not useful.
- User patch - gives you specifically what you asked for.
- Information it shows will be something like: “I installed 50 items, updated 7, deleted 2.”
[24:23] Did you personally put that together?
- Yes, threw it together and then got feedback from users and went with it.
- Often unplanned features will get made and will be thrown out to get feedback.
- Another new things ls output now shows you modules that were deduped. Shows logical tree and it’s relationships and what was deduped.
[25:27] You came up to node 4 syntax. Why not go to node 8?
- To allow people with just node 4 be able to use NPM.
- Many projects still run Node 4. Once a project has been deployed, people generally don’t touch it.
[26:20] Other new features? What about the File Specifier?
- File specifier is new. File paths can be in package json, usually put inside pointing to something inside your package.
- It will copy from there to your node modules.
- Just a node module symlink.
- Much faster. Verifiable that what’s in your node modules matches the source. If it’s pointing at the right place it’s correct. If not, then it’s not.
- Earlier, sometimes it was hard to tell.
[27:38] Anything else as part of the NPM 5 release? Who do you think will be most affected by it?
- For the most part, people notice three things:
- 1st. no giant tree at the end
- 2nd. Much faster
- 3rd. Package lock.
[28:14] If it’s locked, how do you update it?
- Run npm installer and then npm update
- Used to be scary, but works well now.
- Updates to latest semver, matches semver to package json to all node modules.
- Updates package lock at the same time
- Summary in Git shows what’s changed.
[28:59] Did Yarn come into play with your decisions with this release?
- The plans have been in play for a long time for this update.
- https://yarnpkg.com/en/ inclusion of similar features and the feedback was an indicator that some of the features were valuable.
[29:53] Other plans to incorporate features similar to yarn?
- Features are already pretty close.
- There are other alternative package managers out there.
- PMPM interesting because when it installs it doesn’t copy all the files. It c

Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Avsnitt(735)

175 JSJ Elm with Evan Czaplicki and Richard Feldman

175 JSJ Elm with Evan Czaplicki and Richard Feldman

02:27 - Evan Czaplicki IntroductionTwitter GitHubPrezi 02:32 - Richard Feldman IntroductionTwitter GitHubNoRedInk02:38 - Elm @elmlang04:06 - Academic Ideas05:10 - Functional Programming, Functional Reactive Programming & Immutability16:11 - ConstraintsFaruk AteşModernizrThe Beauty of ConstraintsTypes / Typescript24:24 - Compilation27:05 - Signals start-app36:34 - Shared Concepts & Guarantees at the Language Level43:00 - Elm vs React 47:24 - IntegrationPortslunr.js52:23 - Upcoming Features54:15 - TestingElm-Test elm-check56:38 - Websites/Apps Build in ElmCircuitHub58:37 - Getting Started with ElmThe Elm Architecture Tutorial Elm Examples59:41 - Canonical Uses?01:01:26 - The Elm Community & ContributionsThe Elm Discuss Mailing ListElm user group SFStack Overflow ?The Sublime Text PluginWebStorm Support for Elm?Codagrunt-elm gulp-elmExtras & ResourcesEvan Czaplicki: Let's be mainstream! User focused design in Elm @ Curry On 2015 Evan Czaplicki: Blazing Fast HTML: Virtual DOM in ElmPicks The Pragmatic Studio: What is Elm? Q&A (Aimee) Elm (Joe) Student Bodies (Joe) Mike Clark: Getting Started With Elm (Joe) Angular Remote Conf (Chuck) Stripe (Chuck) Alcatraz versus the Evil Librarians (Alcatraz, No. 1) by Brandon Sanderson (Chuck) Understanding Comics: The Invisible Art by Scott McCloud (Evan) The Glass Bead Game: (Magister Ludi) A Novel by Hermann Hesse (Evan) The Design of Everyday Things: Revised and Expanded Edition by Don Norman (Richard) Rich Hickey: Simple Made Easy (Richard) NoRedInk Tech Blog (Richard)Special Guests: Evan Czaplicki and Richard Feldman. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

2 Sep 20151h 9min

174 JSJ npm 3 with Rebecca Turner and Forrest Norvell

174 JSJ npm 3 with Rebecca Turner and Forrest Norvell

Don’t miss out! Sign up for Angular Remote Conf! 02:28 - Forrest Norvell IntroductionTwitter GitHub02:37 - Rebecca Turner IntroductionTwitter GitHub Blog03:05 - Why npm 3 Exists and Changes in npm 2 => 3DebuggingLife Cycle OrderingDeduplication08:36 - Housekeeping09:47 - Peer Dependency ChangesThe Singleton Pattern15:38 - The Rewrite Process and How That Enabled Some of the Changes Coming OutCJ Silverio: Npm registry deep dive @ Oneshot Oslo 22:50 - shrinkwrapping 27:00 - Other Breaking Changes?Permissions30:40 - Tiny Jewels33:24 - Why Rewrite?36:00 - npm’s Focus on the Front EndBower npm Roadmap 42:04 - Transitioning to npm 342:54 - Installing npm 344:11 - Packaging with io.js and Node.js 45:16 - Being in BetaPicks Slack List (Aimee) Perceived Performance Fluent Conf Talks (Aimee) Paul Irish: How Users Perceive the Speed of The Web Keynote @ Fluent 2015 (Aimee) Subsistence Farming (AJ) Developer On Fire Episode 017 - Charles Max Wood - Get Involved and Try New Things (Chuck) Elevator Saga (Chuck) BrazilJS (Forrest) NodeConf Brazil (Forrest) For quick testing: `npm init -y`, configure init (Forrest) Where Can I Put Your Cheese? (Or What to Expect From npm@3) @ Boston Ember, May 2015 (Rebecca) Open Source & Feelings Conference (Rebecca) bugs [npm Documentation] (Rebecca) docs [npm Documentation] (Rebecca) repo [npm Documentation] (Rebecca)Special Guests: Forrest Norvell and Rebecca Turner. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

26 Aug 201556min

173 JSJ Online Learning with Gregg Pollack

173 JSJ Online Learning with Gregg Pollack

Check out Angular Remote Conf! 02:55 - Gregg Pollack IntroductionTwitter GitHubEnvy Labs@envylabsCode School@codeschool  Starter Studio05:19 - Code SchoolRails for ZombiesTry Ruby 06:49 - Course ContentCode School Angular.js CoursesBreaking the Ice with Regular ExpressionsThe Fundamentals of Design09:42 - Plots & Storylines11:40 - Code School vs Pluralsight 14:09 - Structuring CoursesFrontend vs BackendBuilding Blocks of Express.jsReal-Time Web with Node.js  Security & SandboxingabecedaryMocha18:21 - JavaScript.com Try jQuery Contributing to JavaScript.comLet Us KnowTry JavaScriptResources22:47 - Designing Exercises & ChallengesabecedaryChai30:31 - The Future of Online LearningThinkfulBloc.ioAirPairHackHands Smarterer34:01 - Teaching Best PracticesPicks Mr. Robot (Gregg) #ILookLikeAnEngineer (Aimee) Why we Need WebAssembly An Interview with Brendan Eich (Aimee) Raspberry Pi 2 Model B (AJ) Periscope (Chuck)Special Guest: Gregg Pollack. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

19 Aug 201533min

172 JSJ NodeSchool with Jason Rhodes

172 JSJ NodeSchool with Jason Rhodes

Check out Angular Remote Conf! 02:22 - Jason Rhodes IntroductionTwitter GitHub BlogSparkPostNodeSchool@nodeschool GitHub: NodeSchoolcharmCityJS@charmcityjs 03:46 - NodeSchoolJason Rhodes: A Story About NodeSchool and Community Building at CascadiaJS 2014Jason Rhodes: NodeSchool Trying Node AND Contributing @ Empire Node 201406:05 - “Workshopper(s)”07:13 - How Meetups Run (Format), Target Audience11:09 - Pair Programming and Peer Learning14:34 - Starting a NodeSchool Chapter15:53 - Implementing Diversity18:07 - Mentoring and Mentorship20:49 - Time Commitment and Effort24:02 - Appealing to All Experience Levels of Attendees26:48 - The NodeSchool Community30:45 - Being a Member of an Open Source CommunityPicks Better Off Ted (Joe) Cat Exercise Wheel (Aimee) That Conference (Joe) primitive.io (Joe) React Rally (Aimee) Falcor YouTube Playlist (Aimee) javascriptjabber.com/15minutes (Chuck) Entreprogrammers Retreat 2015  (Chuck) Love Letter (Jason) charmCityJS (Jason) Mad Max: Fury Road (Jason)Special Guest: Jason Rhodes. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

12 Aug 201541min

171 JSJ Babel with Sebastian McKenzie

171 JSJ Babel with Sebastian McKenzie

02:28 - Sebastian McKenzie IntroductionTwitter GitHub Blog02:53 - Babel (Pronunciation Clarification)05:56 - HistoryLearn ES2015 - Babel09:14 - The State of Babel09:59 - Babel and the TC39 Process11:54 - Features That Can’t Be TranspiledWeak Maps and Proxies    13:45 - Readability and Performance OutputTraceur18:12 - Plugin Architecture19:58 - ES6/2015 Feature ImplementationBlockscopingLabelsExceptionsDestructuring25:49 - The Birth of Babel26:45 - Babel vs Traceur28:08 - Future Babel FeaturesCode OptimizationMinificationLinting30:15 - The Status of ES2015 and ES201631:01 - Browser Support35:03 - Marketing 35:59 - TypeScript 37:24 - Babel Development and LaborPicks Primitive.io (Joe) Armada: The Novel by Ernest Cline (Joe) How to Win Friends & Influence People by Dale Carnegie (AJ) Web Security Warriors Podcast (AJ) Nodevember (Aimee) The Hitchhiker's Guide to the Galaxy by Douglas Adams (Dave) Yellowstone National Park (Dave) React Rally (Dave) Iterativ: AngularJS Kurs (Chuck) Hire Thom Parkin! (Chuck) The Martian by Andy Weir (Sebastian) Five Guys Burgers and Fries (Sebastian)Special Guest: Sebastian McKenzie . Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

5 Aug 201547min

170 JSJ RabbitMQ with Derick Bailey

170 JSJ RabbitMQ with Derick Bailey

Check out RailsClips!   02:38 - Derick Bailey Introduction Twitter GitHub BlogEntreprogrammers RabbitMQ: Patterns for Applications by Derick Bailey 03:36 - RabbitMQrequest-response Messaging Pattern 05:22 - Synchronous/Asynchronous; Chronological/Non-Chronological 10:33 - Why Do JS Devs Care About RabbitMQ? 12:10 - RabbitMQ and Complexity 14:04 - RabbitMQ’s Model Pub/Sub - RedisEnterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions by Gregor Hohpe Exchanges, Queues, and Bindings 22:15 - Event Emitters, Organizing Your Code Documentation 31:18 - Service Busses & Monitoring Systems NServiceBus 32:58 - How do you decide you need a messaging system? 36:40 - When Applications Crash… 39:24 - Event Sourcing Kafka 44:05 - Fault Tolerance/Failure Cases “Just let it fail” 50:21 - Putting RabbitMQ in Place SchedulingLong Wait vs Short Wait 58:28 - Formatting Your Messages RabbitMQ: Patterns for Applications by Derick Bailey 01:04:13 - “Saga” (Workflow) 01:05:10 - RabbitMQ For DevelopersUse code JSJABBER for 20% off the bundle! Picks W3Schools (AJ)1984 by George Orwell (AJ) The edit button on the MDN page (AJ)[YouTube] W3Schools is just... Better (AJ)The Go Programming Language (AJ)[YouTube] Go Programming: Learn the Go Programming Language in One Video (AJ)hackthe.computer (AJ)Maze Algorithm (AJ)A* Algorithm (AJ)React Rally (Jamison)Web Design: The First 100 Years (Jamison)Evan Czaplicki: Let's be mainstream! User focused design in Elm @ Curry On Prague 2015 (Jamison)Paracord (Chuck)Soto Pocket Torch (Chuck)Exploring ES6: Upgrade to the next version of JavaScript by Dr. Axel Rauschmayer (Derick)Small World (Derick)Star Wars Darth Bane Trilogy (Derick)LEGO Star Wars The Empire Strikes Back Slave I Set #75060 (Derick)Special Guest: Derick Bailey. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

29 Juli 20151h 21min

169 JSJ Property-based Testing (QuickCheck) with Zach Kessin

169 JSJ Property-based Testing (QuickCheck) with Zach Kessin

02:20 - Zach Kessin IntroductionTwitter GitHub Zach's BooksParrotJavaScript Jabber: Episode #057: Functional Programming with Zach KessinTesting Erlang With Quickcheck Book04:00 - Mostly Erlang Podcast 05:27 - Property-based Testing (QuickCheck)07:22 - Property-based Testing and Functional Programmingjsverify 09:48 - Pure FunctionsShrinking18:09 - Boundary Cases20:00 - Generating the Data23:23 - Trending Concepts in JavaScript32:33 - How Property-based Testing Fits in with Other Kind of Testing35:57 - Test FailuresPanel Nolan Lawson: Taming the asynchronous beast with ES7 (Aimee) Nodevember (Aimee) Hipster Sound (Jamison) Om Next by David Nolen (Jamison) Gallant - Weight In Gold (Jamison) React Rally (Jamison) Better Off Ted (Joe) Armada: A Novel by Ernest Cline (Joe) Testing Erlang With Quickcheck Book (Zach) Parrot Universal Notification Interface (Zach) The Famine of Men by Richard H. Kessin (Zach)Special Guest: Zach Kessin. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

22 Juli 201545min

168 JSJ The Future of JavaScript with Jafar Husain

168 JSJ The Future of JavaScript with Jafar Husain

03:04 - Jafar Husain IntroductionTwitter GitHubNetflixTC3903:29 - The Great Name Debate (ES6, ES7 = ES2015, ES2016!!)05:35 - The Release CycleWhat This Means for Browsers08:37 - Babel and ECMAScript 09:50 - WebAssembly 13:01 - Google’s NACL 13:23 - Performance > Features?ES6 Feature Performance (JavaScript Weekly Article) Features Implemented as Polyfills (Why Bother?)20:12 - TC39 24:22 - New FeaturesDecoratorsPerformance Benefit?28:53 -Transpilers34:48 - Object.observe() 37:51 - Immutable Types 45:32 - Structural Types47:11 - Symbols48:58 - Observables52:31 - Async Functionsasyncawait57:31 - Rapid Fire Round - When New Feature Will Be Released in ES2015 or ES2016let - 15for...of - 15modules - 15destructuring - 15promises - 15default function argument expressions - 15asyncawait - 16Picks ES6 and ES7 on The Web Platform Podcast (AJ) Binding to the Cloud with Falcor Jafar Husain (AJ) Asynchronous JavaScript at Netflix by Jafar Husain @ MountainWest Ruby 2014 (AJ) Let's Encrypt on Raspberry Pi (AJ) adventures in haproxy: tcp, tls, https, ssh, openvpn (AJ) Let's Encrypt through HAProxy (AJ) Mandy's Fiancé's Video Game Fund (AJ) The Murray Gell-Mann Amnesia Effect (Dave) The Majority Illusion (Dave) [Egghead.io] Asynchronous Programming: The End of The Loop (Aimee) Study: You Really Can 'Work Smarter, Not Harder' (Aimee) Elm (Jamison) The Katering Show (Jamison) Sharding Tweet (Jamison) The U.S. Women's National Soccer Team (Joe) mdn.io (Joe) Aftershokz AS500 Bluez 2 Open Ear Wireless Stereo Headphones (Chuck) Autonomy, Mastery, Purpose: The Science of What Motivates Us, Animated (Jafar) Netflix (Jafar) quiescent (Jafar) Clojurescript (Jafar)Special Guest: Jafar Husain. Support this podcast at — https://redcircle.com/javascript-jabber/donationsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

15 Juli 20151h 17min

Populärt inom Business & ekonomi

framgangspodden
badfluence
varvet
rss-jossan-nina
rss-borsens-finest
bathina-en-podcast
uppgang-och-fall
svd-tech-brief
avanzapodden
rss-kort-lang-analyspodden-fran-di
fill-or-kill
dynastin
kapitalet-en-podd-om-ekonomi
borsmorgon
rss-borslunch
rss-dagen-med-di
rikatillsammans-om-privatekonomi-rikedom-i-livet
lastbilspodden
borslunch-2
rss-veckans-trade