npm Blog (Archive)

The npm blog has been discontinued.

Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.

This year in JavaScript: 2018 in review and npm’s predictions for 2019

This study is adapted from my presentation npm and the Future of JavaScript. No data is perfect; if you have questions about ours you can read about the methodology used to gather this data.

npm has over 10 million users who download well over 30 billion packages every month. On an average Tuesday—npm’s busiest day—users download more than 1.3 billion packages of open source JavaScript. This gives us a lot of information about what JavaScript users are up to. On top of that data, in partnership with the Node.js Foundation and the JS Foundation we survey of over 16,000 developers to ask what they’re up to.

From these two sources, we’ve uncovered some insights about the makeup of the npm community, as well as information about what the community considers to be best practices. This will help you make your technical choices in 2019.

JavaScript is the world’s most popular programming language

It’s no news to anyone that JavaScript is incredibly popular these days. Stack Overflow’s 2018 developer survey has JavaScript as the most popular programming language (with fellow web languages HTML and CSS at the #2 and #3 spots). GitHub’s most recent Octoverse infographic ranks languages by the number of pull requests received, and JavaScript is the top there, too.

image

The total number of JavaScript developers is hard to estimate. Slashdata’s 2018 survey suggests there were 9.7M by the end of 2017 and growing quickly, meaning there are well over 10M at this point. npm’s own estimates suggest there are over 10M npm users, and we see similarly rapid growth. There are JavaScript developers who do not yet use npm, but as a percentage of all JavaScript developers they are quite small, possibly fewer than 10%.

The npm Registry contributes to the popularity of JavaScript

Without question, JavaScript’s popularity is driven by its ubiquity as the only language directly usable for developing web applications. However, a fascinating paper by Leo Meyerovich and Ariel Rabkin at Berkeley studied the factors contributing to programming language adoption and found that, overall, the availability of open-source libraries relevant to the task at hand was the most important factor in selecting a programming language.

image

Our own survey data support the conclusions of this study. The most common reason respondents gave for choosing JavaScript was the number of libraries available.

image

With over 836,000 libraries currently available, npm is the largest single collection of open-source libraries in the world, by a significant margin—although JavaScript’s tendency towards smaller libraries means this comparison isn’t entirely apples-to-apples. Regardless, this enormous reservoir of open source code means that the popularity of JavaScript and npm works both ways: the language gains popularity because of the Registry, and vice versa.

image

npm is used to build every kind of application

We asked users where the JavaScript they write is used. An overwhelming 93% of respondents said that they write code for the web, with a still-substantial 70% saying they write JavaScript that runs on servers, i.e., Node.js. However, many other application areas including Internet of Things (IoT), desktop applications, native mobile applications, and others saw substantial numbers of users, too.

image

This is a significant change for those of us who work at npm, Inc. and maintain the npm command-line tool. npm was invented to serve the needs of server-side app developers, and the needs of web developers are different. Becoming a majority-web platform has meant changing our priorities, which has ledto new features like package locking by default.

npm is essential to web development

When npm, Inc. started in 2014, a tree of a few dozen JavaScript packages was typical. These days, the average modern web application has over 1000 modules, and trees of over 2000 modules are not uncommon. In fact, 97% of the code in a modern web application comes from npm. An individual developer is responsible only for the final 3% that makes their application unique and useful.

This is a huge success story for code reuse, for the strength of the npm community, and for open source in general. The time saved by not re-inventing the code in thousands of modules is saving millions of developers hundreds of millions of coding-hours.

npm has focused on security in 2018

To a great many developers, npm has simply become the way you build a website. This is a responsibility we take seriously. In our survey, 77% of developers said they were concerned about the quality and security of the open source libraries they used, and a worrying 52% said the tools currently available were inadequate. We went into more depth on these results in our post Attitudes to Security in the JavaScript community earlier this year.

In April, we announced that we acquired ^Lift Security and their product, the Node Security Platform. Today, the NSP is integrated directly into npm, and every install of npm includes security audits that notify users if they are installing insecure modules. We also furnish tools to easily correct these vulnerabilities by automatically installing secure versions of their modules. In addition, users of npm Enterprise and paid npm Organizations users receive notifications of embargoed vulnerabilities not yet publicly disclosed.

The demographics of npm users

The basic demographics of our survey respondents are covered in our methodology post, but there are several important facts worth highlighting:

1. We are mostly new. 25% have been using JavaScript for less than 2 years, and 51% have been using npm for less than 2 years. This is a side effect of the community doubling in size in that time!

2. We are mostly self-taught. 69% of npm users mostly taught themselves JavaScript, with the next highest being 22% who learned on the job.

image

We don’t just write JavaScript. People who use npm aren’t always strictly JavaScript developers—30% each report writing Java, PHP, and Python, and smaller numbers of lots of other languages.

We don’t just work at “tech” companies. 55% of npm users describe themselves as working at a company that wouldn’t be considered a “tech” company.

There are also some ways that npm users don’t differ from the general population of software developers, which is itself interesting. For example, npm users work at every size of company, in roughly the same proportion as those companies exist. JavaScript isn’t a “big company” or a “small company” tech. npm users also are evenly distributed across every industry, as well as other demographics such as age and education level.

Everybody would like less tooling

JavaScript in 2018 is somewhat notorious for requiring a lot of tooling to get going, which is quite a reversal from the situation in 2014, when Node.js was considered an “everything included” framework. Today, most developers wouldn’t consider Node to be a framework at all. True to that, all of our survey respondents would like to see less tooling, less configuration required to get started, and better documentation of the tools that do exist. But what tools?

We went in-depth into the popularity of JavaScript frameworks in our “State of JavaScript Frameworks” series (part 1, part 2, part 3) earlier this year. We won’t reiterate all the findings of that analysis, but rather dive into a few updates of what’s changed in the 9 months since then.

As a reminder, it’s important to understand the “share of registry” metric we are using here: a “flat” graph in this case means strong growth, just not growth relative to the growth of the registry, which is always growing quickly.

React’s growth has slowed

image

React continues to dominate the web scene. Over 60% of npm’s survey respondents say they are using React, and it has grown further since then. However, that growth in 2018 has been slower than in 2017.

Angular downloads have stayed flat

image

The two major flavors of Angular combined have stayed roughly flat in terms of market share.

Ember’s popularity has rebounded

image

In a very unusual phenomenon, Ember’s popularity, which appeared to be declining, has continued a strong rebound. By September, more than twice as many developers were using Ember as at the beginning of the year. We’re going to keep a close eye on this story, but we think Ember’s resurgence is part of the explanation for the slowdown in React.

Vue’s strong growth has continued

image

Vue was already growing quickly and that continued in 2018. Many Vue users report that they picked it over React because in their opinion it’s easier to get started while maintaining extensibility. Our current theory is that React’s growth has been slowed by many newer users picking Vue.

GraphQL continues hyper-growth

image

GraphQL, tracked by its most popular client library Apollo, continues to explode in popularity. We think it’s going to be a technical force to reckon with in 2019.

Transpilers rule, led by Babel—and a surprise: TypeScript

image

Babel is familiar to any React user as the tool used to transpile React’s next-generation JavaScript into the currently-supported JavaScript standards. In line with React’s 60% market share, 65% of npm users report using Babel. (It also has uses outside of the React ecosystem.)

Something of a surprise, however, was TypeScript, with 46% of survey respondents reporting they use Microsoft’s the type-checked JavaScript variant. This is major adoption for a tool of this kind and might signal a sea change in how developers write JavaScript. We are definitely going to be asking more questions about TypeScript usage in the next version of our survey.

npm’s predictions for 2019

It’s always difficult to make predictions about an ecosystem as huge, varied, and fast-changing as JavaScript, but our data has led us to make a few predictions for 2019 that we think we can commit to.

1. You will abandon one of your current tools. Frameworks and tools don’t last in JavaScript. The average framework has a phase of peak popularity of 3–5 years, followed by years of slow decline as people maintain legacy applications but move to newer frameworks for new work. Be prepared to learn new frameworks, and don’t hold on to your current tools too tightly.

2. Despite a slowdown in growth, React will be the dominant framework in 2019. 60% market share for a web framework is unheard-of, and that’s partly because React isn’t a full framework, just part of one. This allows it to flexibly cover more use-cases. But for building a web app in 2019, more people will use React than anything else, and that will result in a big advantage in terms of tutorials, advice, and bug fixes.

3. You’ll need to learn GraphQL. It might be too early to put GraphQL into production, especially if your API is already done, but 2019 is the year you should get your mind around the concepts of GraphQL. There’s a good chance you’ll be using them in new projects later in the year and in 2020.

4. Somebody on your team will bring in TypeScript. 46% adoption implies that TypeScript is more than just a tool for enthusiasts. Real people are getting real value out of the extra safety provided by type-checking. Especially if you’re a member of a larger team, consider adopting TypeScript into your 2019 projects.

Stay tuned

One prediction we’re very confident in making is that this community will continue to rapidly grow and expand the capabilities of JavaScript. As it grows, we’ll be documenting new trends and sharing our insights with the community. You can follow along by subscribing to our weekly newsletter and following us on Twitter.