The npm blog has been discontinued.
We asked about what industry our respondents worked in. 45% of users answered “tech”, revealing an underlying ambiguity in our question. For instance, if you work at Google, do you work at a tech company or an advertising company? What about at Microsoft, which many consider a tech company, but also has advertising and even hardware manufacturing arms? Next time, we’ll ask for more detailed information about industry concentrations.
“We asked about what industry our respondents worked in. The most common answer was “tech” at 45%”
- finance: 7%
- advertising and marketing: 5%
- education: 5%
- entertainment: 5%
- business support and logistics: 4%
- healthcare: 4%
- retail: 3%
- government: 2%
- manufacturing: 2%
With 16,000 responses, even the single-digit groups per industry constituted enough data to make meaningful conclusions. We discarded answers from industries with less than 2% responses (i.e. less than 300 individual responses).
First, we asked about common tools: bundlers, linters, testing frameworks, transpilers, CSS preprocessors, and more.
Manufacturing across the board uses less of everything — only 51% of manufacturing respondents say they use a testing framework, compared to 75% in finance.
“Manufacturing across the board uses less of everything — only 51% of manufacturing respondents say they use a testing framework, compared to 75% in finance.”
Put another way: hardware isn’t a browser. This view of manufacturing respondents is backed up by another question, in which 31% of manufacturing respondents say their code is put to use in IoT (Internet of Things). No other industry gets above double digits for that answer. This makes manufacturing an interesting set of answers across the board, as we’ll see.
Finance, on the other hand, uses everything the most. They are the most likely to use a bundler, second-most likely to use a linter (after healthcare), most likely to test, second-most likely to use a web framework (after retail), most likely to use a transpiler, and second-most likely to use a CSS preprocessor (after advertising). Finance just does all the things.
Angular was a fairly popular choice across all industries, but strongest in finance. Developers in entertainment were the least likely to use Angular, their strongest preference being for React (65%).
React was the most popular framework in the survey overall, though with strong variations by industry. As mentioned, 65% of developers in entertainment chose it, but that fell to 46% in government and 38% in manufacturing. Manufacturing’s strongest choice for a framework was jQuery (52%), suggesting the industry is a late adopter. Government also had jQuery as its top pick at 52%.
Around 20% of developers in most industries reported using Vue, though it was notably more popular in advertising, with 34% of developers reporting it there.
“We also asked developers how they made decisions about choosing frameworks. Big majorities (60-90%) in every industry reported things like support, features, and stability being important, with little variation.”
Ember did not get a lot of mention from our respondents, with an average of 4% of developers reporting that they used it. Also in this range were Preact (5%), Hapi (5%), Next.js (5%), and Meteor (5%).
A surprisingly popular choice was Electron, which is obviously not a web framework at all but we included in our options. More than 20% of developers in every industry reported using Electron for some projects.
We also asked developers how they made decisions about choosing frameworks. Big majorities (60-90%) in every industry reported things like support, features, and stability being important, with little variation. Security was the lowest ranked concern for frameworks, averaging only 25%, though finance was most concerned at 30%. We’ll go more into attitudes to security later in this post.
Python was the choice of the unemployed. This sounds unflattering, but thanks to a poorly-phrased question on our part, the “unemployed” category includes people in full time education. Their questions (such as what level of schooling the respondent had completed) lend weight to the idea that the unemployed category was full of people who are still in school, so we believe Python is popular in education.
Java was the choice of the finance industry by quite a margin—41% versus 27% for the second most popular language in finance, .NET.
PHP was the choice of the advertising industry, again by a huge margin — 49% to 26% for Python, the second most popular. Why advertising companies choose PHP is unclear to us, but PHP is popular with advertising agencies putting together micro-sites. Furthermore, a question about company size showed that over 50% of advertising respondents worked at small companies (less than 50 people), so this category is probably dominated by small shops putting together these sorts of sites.
Our poorly-chosen “.NET” category (not really a language) was no industry’s first choice. Its strongest showing was in the manufacturing category at 33%, a very close second to Python at 34%. However, because we didn’t pick out C# and F# separately, it’s possible these results are skewed by people who use those languages, but don’t use .NET.
Ruby is a relatively unpopular option across all our respondents, chosen by less than 13% in all cases. Its weakest showing was in manufacturing, where only 3% chose it, and its strongest in education, where 13% did.
C and C++ were unsurprisingly most popular in the hardware-dominated manufacturing industry, at 9% and 18% of respondents respectively. C++ was more popular than C across the board. The retail industry is the least fond of C++, with only 4% of respondents reporting using it.
We also polled on Go, Swift, and Rust. Go was about 10% usage across the board, Swift was 3-5%, and Rust about 3% except in manufacturing, where it hit 7%.
Finally, some people don’t get to choose what programming language they work in. This number was highest in government, at 21%.
Attitudes to security
npm is making a big push to improve the security of the modules in the registry in 2018, so we asked our users about their attitudes toward security. You can see our previous post for a deeper analysis of attitudes to security, but there are some interesting variations by industry.
Firstly, everyone is concerned about the security of the code they write (87-90%) and of the open source code they use (73-79%). Developers who work in tech were the most likely to be concerned, but there wasn’t a lot of variation.
Majorities in every industry reported that they were dissatisfied with current methods of evaluating the security of code (51-60%). Advertising and entertainment were the most likely to say they were dissatisfied with available methods.
“Firstly, everyone is concerned about the security of the code they write (87-90%) and of the open source code they use (73-79%). Developers who work in tech were the most likely to be concerned, but there wasn’t a lot of variation.”
A whopping 90% of people working in education (non-students) were likely to be concerned about the quality of the code they wrote themselves. This was an interesting result as they were also the industry most likely to say they were doing nothing at all to assess security (33%):
The industry most likely to be actively doing something about security is the finance industry. They were the group most likely to participate in code reviews (81%), most likely to have external audits of their code (30%), and the most likely to be using automated scans of their code (52%). The tech industry was a close second to finance in all of these answers.
We explored the ways developers use and store private code.
Everybody reports having private code and GitHub is an extremely popular place to store it — 93% of the advertising industry report using it, with most industries in the high 80’s. Manufacturing was an outlier here, with only 75% of developers saying they used GitHub. We thought this was a strange result, but it was consistent; when asked how they discovered packages, developers in manufacturing were also the least likely to report using GitHub (14% versus 20% for other groups).
Developers also store private npm packages. Across all industries, about a third of developers said they had created private npm packages. However, their reasons for doing so varied.
“However, by far the most popular reason for everyone using private packages was the most obvious: the packages contain private IP. Majorities from 65% in education to 91% in manufacturing reported this as a reason for creating private npm packages.”
Developers sometimes use private modules to hold test projects which aren’t ready for release. This practice varies widely across industries, with 23% of developers in education saying they do this but only 8% in retail.
More common was keeping code private for release as open source later. Education was likely to do this, with 27% saying so, and government employees following close behind at 25%. Healthcare developers, who reported less engagement with open source, were the least likely to report this as a reason, at 9%.
A big reason for everyone to keep private packages was re-use by their co-workers — including majorities from 53% in finance and 67% in retail.
However, by far the biggest reason for everyone using private packages was the most obvious: the packages contain private IP. Majorities from 65% in education to 91% in manufacturing reported this as a reason for creating private npm packages.
Finally, we explored attitudes toward testing across the industries.
In keeping with its answers in every other category, finance was the most likely to report that they use a testing framework (88%). Government and manufacturing developers on the other hand were the least likely to use a testing framework, with only 68% of developers in both industries saying so.
Across every industry, the most popular testing framework choice was Mocha (50%), followed by Jasmine (33%) and Jest (19%). Unlike web framework choices, there was less variation between the popularity of testing frameworks across industries.
Thanks to everyone who took the survey. We’ll be providing more analysis in the near future, so stay tuned!