Juan Picado gave a presentation on sharing modules in modern web applications. He discussed how JavaScript projects are highly modularized and rely on package managers like npm, yarn, and pnpm to distribute code. He explained that linking a package is not the same as publishing it and recommended following semantic versioning. Juan then demonstrated Verdaccio, an open source private npm proxy registry that allows hosting private packages. Verdaccio is lightweight, compatible with major package managers, and can scale to support many users and packages.

1. Sharing modules in modern web applications
Juan Picado
Node.js Meetup
June 4th 2019

2. Juan Picado
• Front-End Engineer at Mobfox
• Maintainer at Verdaccio
• 🚚 Vienna 🇦🇹 -> Berlin 󾓨
• @jotadeveloper

3. You are missing a lot

4. How a modern JS project looks like?

5. yarn, pnpm or npm orchestrate the distribution
https://twitter.com/ismonkeyuser/status/882117941344567296

6. Your code is just small part of your Application
https://twitter.com/liran_tal/status/1067775376229834754

7. A modern application is highly modularized

8. https://www.youtube.com/watch?v=vypCsVm5z28

9. All packages
come from
the registry
https://twitter.com/bitandbang/status/1134872073896169472

10. Javascript is the most collaborative ecosystem

11. npmjs registry
https://www.youtube.com/watch?v=QtChaxbsw7U

12. SHARE

13. Link a package is not a real publish

14. Link a package is not a real publish

15. yarn berry (v2)
seems to fix
it

16. npm pack

17. npm install ./tarball.tar.gz

18. A classic

19. Follow Semantic Versioning
https://semver.org/

20. Microsharing

21. Publishing

22. Where to publish?

23. Self Hosted SaaS
💰💰
💰
💰💰
SaaS uses volumed based pricing
FOSS

26. Spam detection

27. A lightweight private npm proxy registry

28. Verdaccio is a lightweight proxy and private
registry with an entirely optional configuration that
allows you to host private Node.js packages and is
compatible with all client package managers such
npm, Yarn or pnpm.

30. Installation
node >8

31. Docker and Kubernetes
4.400.000 pulls
https://github.com/verdaccio/docker-examples

32. CLI

33. Case Study
“We ran the math, npm charges
$7/customer/mo and every user has to have a
paid account; verdaccio can effortlessly scale to
hundreds of users and tens of packages a month”
“We use it in production on a single
DigitalOcean droplet, $5/mo”
https://sheetjs.com/

34. Demo

35. Verdaccio 4
is here !!

36. Verdaccio 4
• New User Interface (React)
• Change Password
• New permission: unpublish
• JWT support
• New npm commands (star, profile)
• Drop Node.js 6

37. Documentation
https://verdaccio.org

38. Contributors

39. 10 npm Security Best Practices
https://snyk.io/blog/ten-npm-security-best-practices/
Liran Tal @liran_tal
Developer Advocate @snyksec | @NodeJS
Security WG | @TheSecureDev team
https://www.thesecuredeveloper.com/

40. Keep in Touch
• http://chat.verdaccio.org
• https://twitter.com/verdaccio_npm
• https://github.com/verdaccio

41. Donate
Open Source must be sustainable
https://opencollective.com/verdaccio

42. https://es.slideshare.net/juancarlospicado

43. Thanks