Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Well done!
You have completed npm Basics!
You have completed npm Basics!
Preview
In this video, we'll take a look at the different kind of methods you can use to find an npm package or Node.js module.
Choosing a Package
There are a number of indicators that you can use to determine which package to use.
- Popularity on npm – the number of downloads
- Release Date – the more recent the better
- Number of Releases – the more frequent the better
- Passing Tests - if there are tests passing
- Number of Open Issues – the less the better
- Popularity on GitHub – The more Stars, Forks and Watches the better
- Number of Contributors on GitHub – more eyes on the code the better
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
Now that we know that we can save time by
using NPM to install packages that add
0:00
functionality to our apps,
we don't want to waste any
0:05
of that time we've saved when we're
searching for packages to use.
0:08
With over a million packages available and
0:13
many packages that offer
similar functionality,
0:15
how can developers decide on which
package is right for their project?
0:18
To ensure your projects
will be reliable over time,
0:24
it's best to pick packages
that are also reliable.
0:27
There are a few factors we can look at
that will help us to choose packages that
0:31
are up to date, and well supported.
0:35
One way of finding out more
about a package is its NPM page.
0:38
Here we can see the latest version,
the number of weekly downloads,
0:43
instructions for using the package.
0:48
We can even learn more by checking
out a package's GitHub repository.
0:52
Here we can find the latest issues and
pull requests.
0:57
These are ways of tracking
the changes that have been made and
1:02
need to be made on the package.
1:05
When looking at activity on a GitHub repo,
it helps to check how recent and
1:07
frequent activity is.
1:12
If no one has made
a contribution in a while,
1:14
the project may have been abandoned.
1:16
You can also take into account how many
people have watched or start a repo.
1:19
One tool for
password management is hashing, or
1:26
converting the format of
a password before storing it.
1:29
Let's say we're searching for a package
to help us hash user passwords for
1:34
our own app.
1:38
A developer friend of ours mentions
Bcrypt as a possible solution.
1:40
When we search on NPM,
there are different options.
1:45
One is Bcrypt and another is Bcryptjs.
1:49
With NPM, we can check if a package has
been tested and if it's up to date.
1:52
When we examine the package for bcrypt,
1:59
we notice that it's been marked as
out of date and it's failing tests.
2:01
Bcrypt js contrastingly,
has more weekly downloads,
2:07
passing tests, and
more recent activity on its code.
2:11
Based on this, it's probably best
to use bcrypt js for our project.
2:15
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up