NPM: What side effects does it have for the Web?
NPM: What side effects does it have for the Web? Modern web development - and software development in general - does not know or cannot contemplate processes without the use of package managers.
Gone are the times when to develop a website, all we used
was HTML, CSS, and JavaScript without having to transpile, compile,
or use construction tools that consume resources and time.
Today we will focus on the use of one of these tools, NPM,
and we will look at some data on the impact and some side effects that it has
on the Web, and in current Web development.
What is NPM?
NPM, from Node Package Manager, although it
is also said that "npm is not an acronym", is a package manager for
the JavaScript programming language.
It is owned by GitHub - Microsoft
and is the default package manager for the Node.js runtime. There
are other managers, but NPM is surely the most popular.
In addition to NPM, you can also find, in the market,
alternatives such as Yarn, or Pnpm.
Tools like NPM have revolutionized the Web Development
sector allowing, among many other things, you can share code with your
team, your organization, or with other programmers from parts of the world
whose names are unpronounceable in Spanish.
NPM is used by millions of developers around the world
thanks to the commitment of npm, Inc. to bring “JavaScript
development to elegance, productivity, and security.”
NPM lets you take advantage of the liveliness of the
JavaScript ecosystem, and not have to reinvent the wheel with problems already
solved by the open-source community.
What is the problem?
1.3 million . According to Wikipedia - congratulations
on 20 years - there are currently over 1.3 million packages available on
the main npm registry. Don't you think that this fact also
contributes to web obesity ?
Contributes to the obesity of the web
I wonder, what carbon footprint will it leave in
the environment all the time of construction ( build ) of each system
with tens, or even thousands, of packages, in the test environment ,
in the production environment? Do you know any other programming language
with so many modules ?
NPM What side effects does it have for the Web |
Source http://www. modulecounts. com/
Without wanting to seem to be a detractor of NMP, on the
contrary, since I cannot imagine my work without npm or yarn, I
think that a serious debate or reflection on the disorderly use of package
managers is beginning to be necessary .
Increase the carbon footprint
I think there is a lot of code right now in NPM. Right
now, Gatsby alone has 153 dependencies, according to npmjs .com. If
one of those dependencies has at least one dependency, are we already talking
about 306 dependencies?
In this way, there is no doubt about the obesity of the web,
and of the node_modules directory of each project as well.
To give you an idea, one of our latest node_modules projects had
the following characteristics:
- $ du -sh node_modules
- 837M node_modules
We found it outrageous. We had to investigate why.
From the terminal , you can run du -sh
./node_modules/* | sort -nr | grep '\ dM. *' to find out which
modules take up the most memory. Then you can try to simplify the
structure of your dependency tree , or directly eliminate the
modules that you are not using, and do not plan to use in the future. You
will most likely also remove some outdated dependency
How do dependencies accumulate over time?
There are different types of dependencies. Therefore,
depending on the project, you may find essential dependencies for the
code of your project to work, but you also have development dependencies, for
example a library that helps you write cleaner code, or even third-party
dependencies that are not available. in NPM, etc.
Visual example of the relationship between dependencies
How about this galaxy of Gatsby.js dependencies?Exponential growth of the dependency network
Interesting? Find Gatsby, if you can. The bad
news is that I couldn't get to the bottom to see the total dependencies. Worrying. You
can try it yourself and then comment below what
your dependency network looks like!
What is the solution?
I don't have the exact solution for this problem. What
I do know is that not all your projects need, or needed, Node.js. Do you
agree?
Misuse of complex resources for simple systems
If you need advanced properties and you don't want to
program them, know that CSS has evolved a lot in recent years and some native
features or properties can replace packages that you use regularly .
The same applies to the new JavaScript properties . Some
are so powerful, with features that work in all modern browsers, without the
need for compilation, and may be perfect for your static website.
Therefore, for tools like NPM to be part of the solution,
and not the problem, I think it is urgent to understand and study the needs of
your projects, always. In addition, you can analyze the weight and cost
of a package before using it.
Along the same lines, not all websites are complicated or
complex enough for complex pipelines . I think it is
important to keep it simple, because everything adds, and more complexity to
the base code, means more technology, more tools, more processes, more
automation, more errors, more resources, more consumption, less sustainability.
Sustainability issues
The problem of sustainability may be related to the project
you have developed, and its useful life. For example, visiting a project
months or years later is often a headache.
Even if you only want to make a small change in a variable ,
you may find yourself surprised that one of the dependencies no longer works,
is obsolete, does not exist , and you can no longer compile the
project, while the client is waiting. The same can happen with
Node. How many times have you had to reinstall it on your Mac OS?
Instead of installing a new dependency - from another
dependency - why not try to develop it yourself. Maybe it's only 3 lines
of code. I don't think it is a problem to reinvent the wheel, as long as
this wheel means more efficiency for your product, project and future.
Conclusion
To conclude, the language of fashion, JavaScript, and NPM
allow you to have a lot of flexibility when developing a new project. There
are always smarter people outside of your organization than
inside, and NPM dependencies openly provide this intelligence to
you .
But with " great power, comes great responsibility ." Therefore,
whenever you have the need to run npm install , do not forget that
things happen behind everything, remember the image of Gatsby from this
article. If you don't watch, the network of dependencies becomes infinite
in no time.
No comments
Note: Only a member of this blog may post a comment.