This course will be retired on April 9, 2022. We recommend "npm Basics" for up-to-date content.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
In this video, we'll take a look at the different kind of methods you can use to find an npm package or Node.js module.
Choosing a Package
There are a number of indicators that you can use to determine which package to use.
- Popularity on npm – the number of downloads
- Release Date – the more recent the better
- Number of Releases – the more frequent the better
- Passing Tests - if there's tests passing
- Number of Open Issues – the less the better
- Popularity on GitHub – The more Stars, Forks and Watches the better
- Number of Contributors on GitHub – more eyes on the code the better
One of the main reasons you'd
want to install a package is to
0:00
use pre existing code.
0:03
There's no need to reinvent the wheel or
do a lot of
0:06
difficult time consuming programming
when you can install a nodule and
0:09
utilize it in your node.js application.
0:13
But where do you go to get an idea of
whats available to use in your code?
0:16
The first place you should
look is the npm web site.
0:21
On the home page we have the most
commonly installed packages.
0:24
Popularity is one indicator of a good or
at least useful package.
0:29
We have express here,
which is a web framework.
0:34
We have gulp and grunt.
0:36
Two different build systems.
0:41
Interestingly enough we have npm too.
0:43
Npm itself is an npm package.
0:48
There are over 150,000
packages to choose from, and
0:52
it may or
may not be obvious which one to choose.
0:57
Let's look at a real world example.
1:00
Say I was wanting to build a web site
where I wanted to encrypt passwords.
1:03
I know there's a popular hashing function
or a way to encrypt strings called bcrypt.
1:08
So let's search for that package.
1:14
Now the first two packages are bcrypt and
1:18
bcrypt-nodejs which one would I choose
when I'm developing an application?
1:20
I'm going to open up
each one in a new tab.
1:25
Here's a couple of things to look for
1:36
Popularity isn't always an indicator
of which package you should install.
1:39
At the moment selfie sticks are popular.
1:44
It doesn't mean I should buy one.
1:47
I'll still look awkward for using one.
1:49
But if it was a popularity contest,
bcrypt would have already won.
1:51
But there are other factors to look at.
1:57
There's the version number and
the number of releases.
2:00
Bcrypt is on version 0.8.3 and
has had 27 releases,
2:06
whereas bcrypt-nodejs is on 0.0.3 and
it's only had three releases.
2:11
The bcrypt package seems
to be more active.
2:18
Let's check out how many issues
are logged against the projects and
2:21
how many pull requests.
2:25
Bcrypt has less.
2:33
That coupled with the more frequent
releases, and see it says two months ago
2:37
rather than two years ago seems to
indicate to me that the bcrypt package
2:42
is being released a heck of a lot
quicker with bug fixes more frequently.
2:47
If I am encrypting passwords I
want a less bug prone library.
2:52
I can also see at a glance that the test
for bcrypt are passing, I don't need to
2:57
download it and test it myself I have more
confidence that this works whereas there's
3:02
no where to see at a glance that
bcrypt-nodejs is actually being tested.
3:07
Finally lets look at the GitHub
projects themselves.
3:15
The bcrypt package has more watches,
3:25
stars, and forks than bcrypt-nodejs.
3:30
These are more indicators
of popularity and
3:35
an active participation by the community.
3:38
Down here on the bcrypt-nodejs readme,
3:41
it does have a build passing image
indicating that there are tests, but
3:44
they haven't published this to
the npm web site, which is a shame.
3:48
Looking at the contributors on each
project, bcrypt has more than bcrypt.js.
3:52
More eyes looking over code
can only be a good thing.
3:58
You don't have to start on mpm.js.com, you
can use your favorite search engine too.
4:02
I'd use a similar way to
determine which package I'd use.
4:06
I'm going to search for bcrypt and node.
4:10
The result is the bcrypt
GitHub repository.
4:16
The second result is the less
popular bcrypt-nodejs on npm.
4:20
Thirdly there's
the bcrypt.js npm page two.
4:26
That looks slightly more popular
than bcrypt-nodejs on the npm site.
4:31
It's had more releases, and
it's only got three open issues.
4:41
I doubt that all three of
these projects by bcrypt,
4:50
bcrypt.js and bcrypt-node js.
4:56
So for
my project I'd probably pick bcrypt.
5:01
That doesn't mean that bcrypt is
necessarily any better than the other
5:05
packages, but by a quick glance at
the popularity figures, the number of
5:08
issues open, and the number of
contributors, it's a good place to start.
5:13
You need to sign up for Treehouse in order to download course files.
Sign up