npmgraph
formula
| npmgraph | formula | |
|---|---|---|
| 19 | 2 | |
| 661 | 10 | |
| 3.2% | - | |
| 7.7 | 5.0 | |
| 11 days ago | over 2 years ago | |
| TypeScript | JavaScript | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
npmgraph
-
Node.js can now execute TypeScript files
You don't think depending on dozens or even hundreds of NPM packages with a single maintainer is an issue?
Just as an example, Express depends on 25 modules with a single maintainer.
https://npmgraph.js.org/?q=express
Obviously a router is a fraction of what's needed for any non trivial backend project.
- Show HN: Time Travel with Your SQL
-
The Front End Treadmill
It's not a frontend problem but a JS-ecosystem problem. Happens in the backend too.
The JS landscape is an absolute mess where dependencies have dozens if not hundreds of other dependencies. As an example, this is the dependency graph of Platformatic (a Node framework based on Fastify):
https://npmgraph.js.org/?q=platformatic#zoom=h
Each of those dependencies could be abandoned at any moment. Even huge dependencies like Axios or Express seemed to have been abandoned at one point.
And then each dependency is ruled by whatever their maintainers think is right. Just the other day a dependency I use in prod with aprox 25M downloads per week (React is aprox 26M) and used by 10M Github repos decided it was ok to drop support for Safari versions from about 3 years ago. It's just insane considering Safari has +50% mobile market share in the US.
-
Popular GitHub Action tj-actions/changed-files is compromised
In recent years, it's started to feel like you can't trust third-party dependencies and extensions at all anymore. I no longer install npm packages that have more than a few transitive dependencies, and I've started to refrain from installing vscode or chrome extensions altogether.
Time and time again, they either get hijacked and malicious code added, or the dev themselves suddenly decides to betray everyone's trust and inject malicious code (see: Moq), or they sell out to some company that changes the license to one where you have to pay hundreds of dollars to keep using it (e.g. the recent FluentAssertions debacle), or one of those happens to any of the packages' hundreds of dependencies.
Just take a look at eslint's dependency tree: https://npmgraph.js.org/?q=eslint
Can you really say you trust all of these?
-
JavaScript Fatigue Strikes Back
NestJS is probably the closest thing to a Rails-like framework in JS. Also Platformatic by the creator of Fastify.
Still, the dependency entanglement in JS is just crazy. This is the dependency graph of Platformatic:
https://npmgraph.js.org/?q=platformatic#zoom=h
AFAIK there's no JS framework that solved the whole thing and doesn't depend on other packages.
I don't know why JS devs historically have an aversion to frameworks. Maybe the author of the article is right and this is caused by preventing heavy bloated JS apps in the browser.
In any case, after 10 years of Node in the backend, I'm done with it.
-
The tragedy of trying to run an old node project
Lots of people taking general pot shots at different languages and ecosystems.
But OP was trying to install gatsby on a different node target. It's not some little library. These kinds of massive libraries break all the time: https://npmgraph.js.org/?q=gatsby
-
Rewriting Rust
React and react-dom are peer dependencies (npmgraph lists them but doesn't graph them visually). The actual full installation command is: `npm install next@latest react@latest react-dom@latest`[1]. Even if you include react and react-dom, the dependency graph still looks tolerable to me: https://npmgraph.js.org/?q=next%4014.2.13%2C+react%4018.3.1%...
[1] https://nextjs.org/docs/getting-started/installation#manual-...
- Iso20022.js: Create payments in 3 lines of code
-
Panda CSS: build time and type-safe CSS-in-JS
This looks a lot better than I expected.
One thing that bugs me about this (and Tailwind) is the number of dependencies they pull in. Panda has 152 nodes (239, if you count their dev-dependencies)[0].
Tailwind has 98 (594 if you count their dev-dependencies).
I know they're only dev-dependencies, but still... I've got all of that code running on my machine, just to process CSS. I really don't love it.
[0] https://npmgraph.js.org/?q=%40pandacss%2Fdev
-
List all dependencies from package-lock.json without npm: Vet my code!
This is what I came up with. I get 514. I got 496 here https://npmgraph.js.org/. I'm curious what you get using npm and/or yarn, or other tool.
formula
-
Sveltekit with JSDoc or with Typescript?
JSDoc. I've just refactored my old library from TS to VanillaJS + JSDoc
-
Why do we use bundlers if most modern modules are ES modules?
I've started moving away from this - in fact this week I've been migrating my old Svelte form library written in TS to a new total Vanilla ESM version without any bundling or building
What are some alternatives?
plv8 - V8 Engine Javascript Procedural Language add-on for PostgreSQL
svelte-plugins - Zero-Configuration Reactive forms for Svelte
unknown-pleasures - Visualize your microphone with Joy Division's pulsar.
styled-web-components - Style property primitives for Web components inspired by styled-system
randomUUID - Polyfill for randomUUID as being standardized in https://github.com/WICG/uuid
moovie.js - Movie focused HTML5 Player