npm Blog (Archive)

The npm blog has been discontinued.

Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.

Customer Convos: Sqreen


This piece is a part of our Customer Convos series. We’re sharing stories of how people use npm at work. Want to share your thoughts? Drop us a line.

Q: Hi! Can you state your name, what you do, and what your company does?

A: Hello, my name is Vladimir de Turckheim and I’m the lead Node.js developer at Sqreen.

I’m a Node.js contributor and member of the Node.js security working group.

At Sqreen we develop the first security platform made for developers: a library that spots and prevents attacks in your app.

How’s your day going?

My day is going great. I’m super excited because the Node.js Security Working Group I contributed to is finally up and doing. The security group manages vulnerabilities in the Node.js ecosystem. We already had a lot of vulnerability reports!

Tell me the story of npm at your company. What specific problem did you have that npm solved?

npm is the best way to have packages delivered to JavaScript developers around the world. It is fast, reliable, and widely used, which means there is no adoption friction here. Our customers all rely on npm and delivering our Sqreen library outside of npm was not an option.  

Does your company do open source? How do you negotiate what you keep private and public?

Our vision is to break the standard of cybersecurity today. Security is an obscure world that historically has always been a fan of closed source.

We want to change that. Even if our core technology isn’t (not yet) open sourced, the code of our agent is open and everyone can have a look at it. Go ahead have a look and don’t hesitate to report improvements :P

We are also often releasing smaller open source projects and have a dedicated week every two months to work on something that excites us (and that is Open Sourced).

Sqreen is also supporting my involvement in the Node Security Working Group.

To people who are unsure what they could use npm for - how would you explain the use case?

Developers are used to finding all packages they need in one place. Would you imagine being asked by your manager to add a dependency to your code from a tarball or in some other non-npm ways? npm is the best way to distribute a package in the Node.js ecosystem in a user-friendly way!

How’s it going? How’s the day to day experience of using npm?

As a package maintainer, it’s pretty smooth. I have a CI job publishing my package from my Github repository, reaching my clients is only a push and a click away.

How would you see the product improved or expanded in the future?

I would love for npm to be able to give me better statistics about who installs my modules. Also, as an npm user, I sometimes wish the search could allow me to discover new awesome packages every day.

Would you recommend that another org or company use npm and why?

If you want to do business with people building Node.js applications, npm is the only acceptable solution, if you don’t use it, you will have a hard time having your product adopted and used.