npm Blog (Archive)

The npm blog has been discontinued.

Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.

Customer Convos: Fabian Cook, NZDigital/Shipper NZ

npm and nzdigital

This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line.

Q. Hi! Can you state your name and what you do?

A. Fabian Cook, Lead Software Developer at NZDigital, and Software Developer/Owner at Shipper NZ.

How’s your day going?

Pretty good, nice sunny day here today.

Tell me the story of npm at your company. What specific problem did you have that private packages and orgs solved?

At Shipper, we have a stack that we sub-license to other partners, one being NZDigital. We previously had to add these partners to our BitBucket account so that we include our packages in their software, this wasn’t the best way of doing things and didn’t work very well as we got further on and wanting to release more versions of everything.

By using private packages, we were able to provide these partners access to the versioned set of modules on npm.

Can you tell us a story about a specific package you wanted to make that private packages really enabled you to do?

Really any of them, for example our core modules used for identity management, service boilerplates, those kinds of things, things that are tailored for us specifically and don’t necessarily have value in the open source community.

Does your company do open source? How do you negotiate what you keep private and public (feel free to be as vague as you need to be)?

If it’s something we have made very generic, for example @shipper/fastway, we are happy to make this open source, there is no reason to keep that kind of thing closed, it helps the wider community.

We also have small modules like @shipper/shipper-mongodb-database and @shipper/shipper-mongodb-async-collection that are very thin, they are merely just helpers for us, nothing we should be holding away from others.

To people who are unsure what they could use private packages for - how would you explain the use case?

Pretty simple in the end, it’s like using a private GitHub repo, or BitBucket. Either you are wanting it private for things like “closed source” business, or you may be just developing it in its infancy and you want to iron out the wrinkles before other people get involved and you are stuck with a certain way of doing things that actually don’t match what you intended.

How’s it going? How’s the day to day experience of using private packages/orgs?

Going pretty good, had a couple of hiccups where I accidentally made a private package public, apart from that its been good.

How would you see the product improved or expanded in the future?

We have “private” in the package.json files, would be good to have “protected” or something along the lines were we can only publish it as private.

Would you recommend that another org or company use private packages or orgs and why?

Definitely, I’ve used them with 4 companies now, its been great, no reason not to use them.

Any cool npm stuff your company has done publicly that you’d like to promote?

I wish there were things I can put out there at this time, we are still learning the ropes in our industry, trying to get through it all!