1 00:00:00,600 --> 00:00:05,417 Now that we know that we can save time by using NPM to install packages that add 2 00:00:05,417 --> 00:00:08,880 functionality to our apps, we don't want to waste any 3 00:00:08,880 --> 00:00:13,270 of that time we've saved when we're searching for packages to use. 4 00:00:13,270 --> 00:00:15,852 With over a million packages available and 5 00:00:15,852 --> 00:00:18,936 many packages that offer similar functionality, 6 00:00:18,936 --> 00:00:23,250 how can developers decide on which package is right for their project? 7 00:00:24,260 --> 00:00:27,217 To ensure your projects will be reliable over time, 8 00:00:27,217 --> 00:00:31,130 it's best to pick packages that are also reliable. 9 00:00:31,130 --> 00:00:35,326 There are a few factors we can look at that will help us to choose packages that 10 00:00:35,326 --> 00:00:38,290 are up to date, and well supported. 11 00:00:38,290 --> 00:00:41,870 One way of finding out more about a package is its NPM page. 12 00:00:43,620 --> 00:00:48,260 Here we can see the latest version, the number of weekly downloads, 13 00:00:48,260 --> 00:00:50,820 instructions for using the package. 14 00:00:52,600 --> 00:00:56,250 We can even learn more by checking out a package's GitHub repository. 15 00:00:57,950 --> 00:01:00,710 Here we can find the latest issues and pull requests. 16 00:01:02,090 --> 00:01:05,087 These are ways of tracking the changes that have been made and 17 00:01:05,087 --> 00:01:07,490 need to be made on the package. 18 00:01:07,490 --> 00:01:12,087 When looking at activity on a GitHub repo, it helps to check how recent and 19 00:01:12,087 --> 00:01:14,530 frequent activity is. 20 00:01:14,530 --> 00:01:16,787 If no one has made a contribution in a while, 21 00:01:16,787 --> 00:01:18,740 the project may have been abandoned. 22 00:01:19,850 --> 00:01:24,850 You can also take into account how many people have watched or start a repo. 23 00:01:26,630 --> 00:01:29,998 One tool for password management is hashing, or 24 00:01:29,998 --> 00:01:34,600 converting the format of a password before storing it. 25 00:01:34,600 --> 00:01:38,380 Let's say we're searching for a package to help us hash user passwords for 26 00:01:38,380 --> 00:01:39,040 our own app. 27 00:01:40,370 --> 00:01:45,049 A developer friend of ours mentions Bcrypt as a possible solution. 28 00:01:45,049 --> 00:01:49,326 When we search on NPM, there are different options. 29 00:01:49,326 --> 00:01:52,874 One is Bcrypt and another is Bcryptjs. 30 00:01:52,874 --> 00:01:58,410 With NPM, we can check if a package has been tested and if it's up to date. 31 00:01:59,590 --> 00:02:01,985 When we examine the package for bcrypt, 32 00:02:01,985 --> 00:02:06,220 we notice that it's been marked as out of date and it's failing tests. 33 00:02:07,460 --> 00:02:11,579 Bcrypt js contrastingly, has more weekly downloads, 34 00:02:11,579 --> 00:02:15,618 passing tests, and more recent activity on its code. 35 00:02:15,618 --> 00:02:19,950 Based on this, it's probably best to use bcrypt js for our project.