One of the main reasons you'd want to install a package is to

use pre existing code.

There's no need to reinvent the wheel or do a lot of

difficult time consuming programming when you can install a nodule and

utilize it in your node.js application.

But where do you go to get an idea of whats available to use in your code?

The first place you should look is the npm web site.

On the home page we have the most commonly installed packages.

Popularity is one indicator of a good or at least useful package.

We have express here, which is a web framework.

We have gulp and grunt.

Two different build systems.

Interestingly enough we have npm too.

Npm itself is an npm package.

There are over 150,000 packages to choose from, and

it may or may not be obvious which one to choose.

Let's look at a real world example.

Say I was wanting to build a web site where I wanted to encrypt passwords.

I know there's a popular hashing function or a way to encrypt strings called bcrypt.

So let's search for that package.

Now the first two packages are bcrypt and

bcrypt-nodejs which one would I choose when I'm developing an application?

I'm going to open up each one in a new tab.

Here's a couple of things to look for

Popularity isn't always an indicator of which package you should install.

At the moment selfie sticks are popular.

It doesn't mean I should buy one.

I'll still look awkward for using one.

But if it was a popularity contest, bcrypt would have already won.

But there are other factors to look at.

There's the version number and the number of releases.

Bcrypt is on version 0.8.3 and has had 27 releases,

whereas bcrypt-nodejs is on 0.0.3 and it's only had three releases.

The bcrypt package seems to be more active.

Let's check out how many issues are logged against the projects and

how many pull requests.

Bcrypt has less.

That coupled with the more frequent releases, and see it says two months ago

rather than two years ago seems to indicate to me that the bcrypt package

is being released a heck of a lot quicker with book fixes more frequently.

If I am encrypting passwords I want a less book prone library.

I can also see at a glance that the test for bcrypt are passing, I don't need to

download it and test it myself I have more confidence that this works whereas there's

no where to see at a glance that bcrypt-nodejs is actually being tested.

Finally lets look at the GitHub projects themselves.

The bcrypt package has more watches,

stars, and forks than bcrypt-nodejs.

These are more indicators of popularity and

an active participation by the community.

Down here on the bcrypt-nodejs readme,

it does have a build passing image indicating that there are tests, but

they haven't published this to the npm web site, which is a shame.

Looking at the contributors on each project, bcrypt has more than bcrypt.js.

More eyes looking over code can only be a good thing.

You don't have to start on mpm.js.com, you can use your favorite search engine too.

I'd use a similar way to determine which package I'd use.

I'm going to search for bcrypt and node.

The result is the bcrypt GitHub repository.

The second result is the less popular bcrypt-nodejs on npm.

Thirdly there's the bcrypt.js npm page two.

That looks slightly more popular than bcrypt-nodejs on the npm site.

It's had more releases, and it's only got three open issues.

I doubt that all three of these projects by bcrypt,

bcrypt.js and bcrypt-node js.

So for my project I'd probably pick bcrypt.

That doesn't mean that bcrypt is necessarily any better than the other

packages, but by a quick glance at the popularity figures, the number of

issues open, and the number of contributors, it's a good place to start.