Earlier this week at NodeStack 3 we discussed how important npm is to the node.js ecosystem. The innovation in the node modules published to npm has been core to the success and growth of the node.js platform and ecosystem. In fact, the key to growth has been innovation through modularity.
And this growth has been dramatic. What do we mean by this? Since we began rigorously tracking npm statistics in December 2012 it has grown nearly 400% from 100 million to 390 million requests per month. There are now over 32,000 packages and 20,000 authors on the public npm registry.
Figure 1: Historical count of total npm packages. The x-axis is indicating span of time while numbers on the y-axis show number of modules published. (Source: www.modulecounts.com)
In fact, node.js and npm are now growing at twice the rate over the rate of any other software platform today.
Figure 2: Packages per day across popular platforms. (Source: www.modulecounts.com)
To put this in perspective, we look to Mikeal Rogers' blog post "Open Source Ecosystem Growth". In it, he concludes that all open source platforms are currently experiencing growth. This means that npm's absurd levels of growth come at a time when the baseline for all platforms is on the rise. The rate of growth being maintained by npm under these conditions speaks to the actual magnitude of expansion that is taking place.
Read on to learn how this growth continues to influence the success of the Node.js ecosystem.
Node.js is successful because of npm
When one looks at the dramatic sustained growth of the npm module ecosystem, the obvious question is: why? The reasons are both technical and social.
When you depend on a node.js package in your application you don’t have to worry if it is compatible with some esoteric concurrency library because all modules are designed to work the same way: fast and asynchronously. You don’t have to worry about multiple versions causing conflicts because npm will automatically partition them. In other words: it just works.
There are social strengths that outstrip the technical strengths. Every developer who publishes a module to npm feels a sense of ownership that is much greater than that from contributing to a larger codebase. It is their’s; they own it. The focus on ownership through modularity is the cause of the dramatic, sustained growth of packages published to and activity on npm in “node.js userland.”
This wealth of diverse functionality has ensured that node has a vibrant community of developers making the platform and ecosystem successful.
What’s next for npm?
Since npm is so critical to the continued growth of the node.js platform, the important question is what’s next on the horizon? With the completion of peerDependencies earlier this year the npm cli and the
package.json format are basically done.
The next set of features that will empower npm will be for the npm registry and the npm homepage. After speaking with Isaac Schlueter, creator of npm and maintainer of the node.js project, we distilled these important features on the npm roadmap:
- Multiple registries: Install node modules from more than one registry location.
- CDN-delivered static assets: Although we’ve been keeping up with the growth in traffic to the public npm registry, it still only runs in a single datacenter. That means if you’re using npm from places like Europe, Singapore or Australia you have to deal with increased latency. By backing tarballs published to npm as CouchDB attachments with a CDN we will ensure fast installs worldwide.
- Source code searching and analytics: One of the most difficult things for the node core team is making decisions about what APIs are used most often. The state-of-the-art right now is surveying the node community which yields skewed results at best. By enabling the search and analysis of source code for node modules on npmjs.org both the node core team and module developers can be informed about API usage.
- Addressable content: In addition to node.js modules published to npm, there has been a huge growth in browserify usage and client-side packages published to npm. The problem with this is that using these modules requires downloading and unpacking the entire module just for a single file. Addressable contents will enable module developers to expose individual files via npm.
- Signed packages: The current methods of verifying that a given author (or set of authors) have actually published a given module do not provide a high enough level of visibility. Signed packages aims to improve this by allowing authors to validate their npm packages with a unique signature.
Beyond just new features, the future of npm is the community. A recent project that you should be paying attention to is the Node Security Project, spearheaded by Adam Baldwin, which has a simple and ambitious goal:
- Audit every single module in npm.
- Provide advisories, issues and pull requests so modules get fixed.
- Provide a public API + DB of audit results.
If you’re interested in learning more you can follow @nodesecurity on Twitter or join the nodejs-sec mailing list.
Still want more on npm? Keep your eyes peeled for more npm updates and announcements!
Special thanks to Isaac Schlueter for reviewing the draft of this post and ensuring accurate details around the npm roadmap.