The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
npm Convos: Quasar Framework
Q. Hi! Can you state your name, what you do, and/or what your company does?
A: My name is Razvan Stoenescu and I’m the founder of Quasar Framework, which is a Node.js and Vue.js-based system that helps developers rapidly create best-practice applications for the web, mobile devices, and desktops using the same codebase. Its primary goal, however, is to make life easier for developers by enhancing their workflow with a command-line-interface that is called by installing the Node module globally and then running: `$ quasar create`.
Tell me the story of npm at your company. What specific problem did you have that npm solved?
Prior to using npm, you’d have to download all of your deps and then regularly check their websites for updates and repeat the process, which maintenance-wise is far from optimal. One key aspect was that discovering needed security patches for all the packages was a herculean task. The time it took to ensure all known security vulnerabilities (of packaged that we used) are patched was several times higher. By using npm, it is now a matter of seconds to have everything up to date.
Up until recently, all of Quasar’s node modules were individually registered at npm with names like `quasar-cli` and `quasar-framework`. This is mostly a result of the fact that the package name `quasar` was already taken, as was the org name. However, these names were not really being used, so in mid-2018 Quasar looked into acquiring this brand surface in order to normalize the experience. After contacting the holders of these names and with the assistance of the npm Support team, Quasar was able to use both the module and the org names. Combining the `@quasar` org name with monorepos and using the `quasar` package for the main source of the framework just makes everything seem so much more natural. To be honest, these names and org handles are more valuable than websites.
To people who are unsure what they could use npm for — how would you explain the use case?
For starters, npm should stand for “no problem mate”. (Fun fact, I just saw that on the npmjs.com website!) But seriously, npm does make life incredibly easy for open source projects like Quasar. The service is free and even if using another Node.js package manager, the chances are good that the code is being hosted at npmjs.com. But one of the greatest things about npm is their dedication to package security. Whether being informed about security issues during project installation or even with the specific `npm audit` command — knowing that there are no known security problems in any of your third-party modules is a well-founded basis for peace of mind.
How’s the day to day experience of using npm?
`npm install`, `npm update` and `npm run` are part of everyday life.
Would you recommend that another org or company use npm and why?
If you develop JavaScript projects, you are probably already using npm in one way or another. In fact, it’s a core piece of technology right up there with git and http.
Any cool npm stuff your company has done publicly that you’d like to promote?
After years in the making, Quasar is going to have its 1.0.0 release event on npm — and we are doing it publicly. It will be an all-you-can-pull buffet of bytes with a big side-helping of mono-repo. Of course everyone is invited to the back-slapping beat-dropping afterparty on our Discord server — with a radio show hosted by Nothingismagick aka “MC Squared”, smooth music from Hamburg’s very own Max Matteo and awesome Humble Bundle prizes for lucky winners. Follow us on Twitter and stay tuned!