Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
In this video, we'll take a look at the different kind of methods you can use to find an npm package or Node.js module.
Choosing a Package
There are a number of indicators that you can use to determine which package to use.
- Popularity on npm – the number of downloads
- Release Date – the more recent the better
- Number of Releases – the more frequent the better
- Passing Tests - if there's tests passing
- Number of Open Issues – the less the better
- Popularity on GitHub – The more Stars, Forks and Watches the better
- Number of Contributors on GitHub – more eyes on the code the better
-
0:00
One of the main reasons you'd want to install a package is to
-
0:03
use pre existing code.
-
0:06
There's no need to reinvent the wheel or do a lot of
-
0:09
difficult time consuming programming when you can install a nodule and
-
0:13
utilize it in your node.js application.
-
0:16
But where do you go to get an idea of whats available to use in your code?
-
0:21
The first place you should look is the npm web site.
-
0:24
On the home page we have the most commonly installed packages.
-
0:29
Popularity is one indicator of a good or at least useful package.
-
0:34
We have express here, which is a web framework.
-
0:36
We have gulp and grunt.
-
0:41
Two different build systems.
-
0:43
Interestingly enough we have npm too.
-
0:48
Npm itself is an npm package.
-
0:52
There are over 150,000 packages to choose from, and
-
0:57
it may or may not be obvious which one to choose.
-
1:00
Let's look at a real world example.
-
1:03
Say I was wanting to build a web site where I wanted to encrypt passwords.
-
1:08
I know there's a popular hashing function or a way to encrypt strings called bcrypt.
-
1:14
So let's search for that package.
-
1:18
Now the first two packages are bcrypt and
-
1:20
bcrypt-nodejs which one would I choose when I'm developing an application?
-
1:25
I'm going to open up each one in a new tab.
-
1:36
Here's a couple of things to look for
-
1:39
Popularity isn't always an indicator of which package you should install.
-
1:44
At the moment selfie sticks are popular.
-
1:47
It doesn't mean I should buy one.
-
1:49
I'll still look awkward for using one.
-
1:51
But if it was a popularity contest, bcrypt would have already won.
-
1:57
But there are other factors to look at.
-
2:00
There's the version number and the number of releases.
-
2:06
Bcrypt is on version 0.8.3 and has had 27 releases,
-
2:11
whereas bcrypt-nodejs is on 0.0.3 and it's only had three releases.
-
2:18
The bcrypt package seems to be more active.
-
2:21
Let's check out how many issues are logged against the projects and
-
2:25
how many pull requests.
-
2:33
Bcrypt has less.
-
2:37
That coupled with the more frequent releases, and see it says two months ago
-
2:42
rather than two years ago seems to indicate to me that the bcrypt package
-
2:47
is being released a heck of a lot quicker with book fixes more frequently.
-
2:52
If I am encrypting passwords I want a less book prone library.
-
2:57
I can also see at a glance that the test for bcrypt are passing, I don't need to
-
3:02
download it and test it myself I have more confidence that this works whereas there's
-
3:07
no where to see at a glance that bcrypt-nodejs is actually being tested.
-
3:15
Finally lets look at the GitHub projects themselves.
-
3:25
The bcrypt package has more watches,
-
3:30
stars, and forks than bcrypt-nodejs.
-
3:35
These are more indicators of popularity and
-
3:38
an active participation by the community.
-
3:41
Down here on the bcrypt-nodejs readme,
-
3:44
it does have a build passing image indicating that there are tests, but
-
3:48
they haven't published this to the npm web site, which is a shame.
-
3:52
Looking at the contributors on each project, bcrypt has more than bcrypt.js.
-
3:58
More eyes looking over code can only be a good thing.
-
4:02
You don't have to start on mpm.js.com, you can use your favorite search engine too.
-
4:06
I'd use a similar way to determine which package I'd use.
-
4:10
I'm going to search for bcrypt and node.
-
4:16
The result is the bcrypt GitHub repository.
-
4:20
The second result is the less popular bcrypt-nodejs on npm.
-
4:26
Thirdly there's the bcrypt.js npm page two.
-
4:31
That looks slightly more popular than bcrypt-nodejs on the npm site.
-
4:41
It's had more releases, and it's only got three open issues.
-
4:50
I doubt that all three of these projects by bcrypt,
-
4:56
bcrypt.js and bcrypt-node js.
-
5:01
So for my project I'd probably pick bcrypt.
-
5:05
That doesn't mean that bcrypt is necessarily any better than the other
-
5:08
packages, but by a quick glance at the popularity figures, the number of
-
5:13
issues open, and the number of contributors, it's a good place to start.
You need to sign up for Treehouse in order to download course files.
Sign up