Great speaking with Isaac Schlueter, CEO and Founder of npm, Inc. about the public availability of npm@5, a free update to the npm developer tool featuring significant speed, security, and reliability improvements. As the number of packages in the code is increasing, so is the ability to get those packages in a timely manner.
With npm@5, common package management tasks such as package installation and version updates are now approximately five times faster than in prior versions. The update benefits nearly eight million npm users worldwide, as well as customers of npm’s Orgs collaboration tool and npm Enterprise self-hosted product. Benchmarks show that when all npm users download and use the npm@5 update, it will save more than 70 years of developer time every day.
npm@5 is the product of more than four years of planning and collaboration in the open source software development community and coincides with the Node.js Project’s release of Node.js v8.0.0. Developers who download and install Node.js 8 will automatically receive npm@5, as well.
Node.js 8.0.0 is one of the fastest and most reliable versions of Node to be released. “Having Node.js 8.0.0 and npm@5 come out at the same time is a huge benefit to Node.js users who can instantly reap the performance, security, and reliability benefits of npm@5 with any version of Node.js,” said Mark Hinkle, executive director of the Node.js Foundation. “This is also a testament to the collaboration happening in our community and strong relationship with npm.”
With a rewrite of its entire download subsystem and a major overhaul of its user experience, npm@5’s features and benefits include:
Self-healing cache and automatic error recovery eliminating hours of troubleshooting associated with faulty network connections or corrupted files.
Industry-first SHA-512 code verification protects against data corruption and malicious attacks.
Lockfiles providing peace of mind that software packages will install identically on each developer’s computer, regardless of the specifics of their development environment.
A refreshed command-line interface produces more informative and helpful output to allow developers to easily assess the software packages they build and install.
“Tens of thousands of our customers deploy npm-powered applications, on average, once a minute, so npm@5’s speed improvements will make a noticeable difference,” said Guillermo Rauch, CEO and co-founder of ZEIT. “npm lets us move quickly, and we let others move quickly.”
In a typical example of npm@5’s performance improvements, the time required to install dependencies for the popular library React-native has decreased nearly 80 percent, from 52.61 seconds under npm@4 to 11.53 seconds under npm@5.