devtools.fm: Developer Tools, Open Source, Software Development Jordan Harband - Npm Ecosystem, HeroDevs
Aug 26, 2024
Jordan Harband, a key figure in the npm ecosystem, maintains numerous impactful open source projects. He shares insights on the complexities of open source maintenance and the importance of prioritizing communication among contributors. The conversation dives into the intricacies of the npm landscape, including dependency management and security risks. Jordan discusses the balance between legacy support and innovation, and highlights the future challenges faced by npm, stressing the need for community collaboration and support from larger entities.
AI Snips
Chapters
Transcript
Episode notes
Left-pad Incident
- The left-pad incident highlighted the unpublish issue, not small modules.
- NPM addressed this, making it a non-recurring problem.
Supply Chain Security
- Focus on publisher count, not dependency count, for supply chain security.
- Fewer maintainers reduce the risk surface compared to first-party code with many developers.
Software Disruptions
- Disruptions in software arise from functionality breaking, not performance issues.
- Prioritize compatibility for broader usage across various user environments.