How to Find and Choose Packages5:17 with Andrew Chalkley
In this video, we'll take a look at the different kind of methods you can use to find an npm package or Node.js module.
Choosing a Package
There are a number of indicators that you can use to determine which package to use.
- Popularity on npm – the number of downloads
- Release Date – the more recent the better
- Number of Releases – the more frequent the better
- Passing Tests - if there's tests passing
- Number of Open Issues – the less the better
- Popularity on GitHub – The more Stars, Forks and Watches the better
- Number of Contributors on GitHub – more eyes on the code the better
One of the main reasons you'd want to install a package is to 0:00 use pre existing code. 0:03 There's no need to reinvent the wheel or do a lot of 0:06 difficult time consuming programming when you can install a nodule and 0:09 utilize it in your node.js application. 0:13 But where do you go to get an idea of whats available to use in your code? 0:16 The first place you should look is the npm web site. 0:21 On the home page we have the most commonly installed packages. 0:24 Popularity is one indicator of a good or at least useful package. 0:29 We have express here, which is a web framework. 0:34 We have gulp and grunt. 0:36 Two different build systems. 0:41 Interestingly enough we have npm too. 0:43 Npm itself is an npm package. 0:48 There are over 150,000 packages to choose from, and 0:52 it may or may not be obvious which one to choose. 0:57 Let's look at a real world example. 1:00 Say I was wanting to build a web site where I wanted to encrypt passwords. 1:03 I know there's a popular hashing function or a way to encrypt strings called bcrypt. 1:08 So let's search for that package. 1:14 Now the first two packages are bcrypt and 1:18 bcrypt-nodejs which one would I choose when I'm developing an application? 1:20 I'm going to open up each one in a new tab. 1:25 Here's a couple of things to look for 1:36 Popularity isn't always an indicator of which package you should install. 1:39 At the moment selfie sticks are popular. 1:44 It doesn't mean I should buy one. 1:47 I'll still look awkward for using one. 1:49 But if it was a popularity contest, bcrypt would have already won. 1:51 But there are other factors to look at. 1:57 There's the version number and the number of releases. 2:00 Bcrypt is on version 0.8.3 and has had 27 releases, 2:06 whereas bcrypt-nodejs is on 0.0.3 and it's only had three releases. 2:11 The bcrypt package seems to be more active. 2:18 Let's check out how many issues are logged against the projects and 2:21 how many pull requests. 2:25 Bcrypt has less. 2:33 That coupled with the more frequent releases, and see it says two months ago 2:37 rather than two years ago seems to indicate to me that the bcrypt package 2:42 is being released a heck of a lot quicker with book fixes more frequently. 2:47 If I am encrypting passwords I want a less book prone library. 2:52 I can also see at a glance that the test for bcrypt are passing, I don't need to 2:57 download it and test it myself I have more confidence that this works whereas there's 3:02 no where to see at a glance that bcrypt-nodejs is actually being tested. 3:07 Finally lets look at the GitHub projects themselves. 3:15 The bcrypt package has more watches, 3:25 stars, and forks than bcrypt-nodejs. 3:30 These are more indicators of popularity and 3:35 an active participation by the community. 3:38 Down here on the bcrypt-nodejs readme, 3:41 it does have a build passing image indicating that there are tests, but 3:44 they haven't published this to the npm web site, which is a shame. 3:48 Looking at the contributors on each project, bcrypt has more than bcrypt.js. 3:52 More eyes looking over code can only be a good thing. 3:58 You don't have to start on mpm.js.com, you can use your favorite search engine too. 4:02 I'd use a similar way to determine which package I'd use. 4:06 I'm going to search for bcrypt and node. 4:10 The result is the bcrypt GitHub repository. 4:16 The second result is the less popular bcrypt-nodejs on npm. 4:20 Thirdly there's the bcrypt.js npm page two. 4:26 That looks slightly more popular than bcrypt-nodejs on the npm site. 4:31 It's had more releases, and it's only got three open issues. 4:41 I doubt that all three of these projects by bcrypt, 4:50 bcrypt.js and bcrypt-node js. 4:56 So for my project I'd probably pick bcrypt. 5:01 That doesn't mean that bcrypt is necessarily any better than the other 5:05 packages, but by a quick glance at the popularity figures, the number of 5:08 issues open, and the number of contributors, it's a good place to start. 5:13
You need to sign up for Treehouse in order to download course files.Sign up