Node.js

Authors: Ryan Dahl
Date: <= 2012

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications.

Contents

1   Node package manager

static/images/npm_logo.jpg
Founders:Issac Schlueter, Laurie Voss, Rod Boothby
Founded:January 27, 2014
Documentation:https://docs.npmjs.com/
Github:https://github.com/npm/npm
Website:http://www.npmjs.org/

npm is the package manager for Node.js. It was created in 2009 as an open source project to help Javascript developes easily share packaged modules of code. [5]

Node comes with npm installed. However, npm gets updated more frequently than Node does, so you'll want to make sure it's the latest version:

npm install npm@latest -g

There are two ways to install npm packages: locally or globally. If you want to depend on the package from your own module using something like require, then you want to install locally, which is the default behavior of npm install. On the other hand, if you want to use it as a command line tool, then you want to install it globally.

A package can be downloaded with the command:

npm install <package_name>

This will create the node_modules directory in your current directory (if it doesn't exist) and will download the package to that directory. If there is no package.json file in the local directory, the latest version of the package is installed. If there is a package.json file, the latest version satisfying the `semver rule`_ declared in package.json for that package (if there is any) is installed.

Once the package is in node_modules, you can use it in your code. For example, if you are creating a Node.js module, you can require it.

npm, Inc. is the company that hosts and maintains npm the open source project and the npm registry. [5]

The company was incorporated in 2013 and is based in Oakland, California.

Node package manager installs to node_modules.

To update a single dependency to its latest version without having to manually open the package.json and change it, you can run:: npm install {package-name}@* --save. To update a single dev dependency, add --dev.

A typical application, such as a website, will depends on dozens or hundreds of packages.

1.1   Package

A package is a directory with one or more files in it, along with a filed called package.json that contains metadata about the package.

A package is any of the following: (a) a directory containing a program described by a package.json file, (b) a gzipped tarballed containing (a), (c) a url that resolves to (b), (d) a <name>@<version> that published on the registry with (c), (e) a <name>@<tag> that points to (d), a <name> that has a latest tag satisfying (e), or (g) a git url that when cloned results in (a). [6]

Most npm packages are modules. However they do not need to be. Some packages only contain an executble command-line interface and don't provide any functions for use in Node.js programs.

A package.json file offers you a lot of great things. First, it serves a documentation for what projects you depend on. Second, it allows you to specify the versions of a package that your project can use using semantic version-ing rules. And third, it makes your build reproducible.

At a bare minimum, a package.json must have a "name" field (all lowercase, one word, no spaces, dashes and underscores allowed) and "version" (in the form of x.x.x following the semver spec). For example:

{
  "name" "my-package",
  "version": "1.0.0",
}

To specify the packages your project depends on, you need to list the packages you'd like to use in your package.json file. There are two types of packages you can list: packages required by your application in production ("dependencies") and packages only needed for development and testing ("devDependencies").

If you are publishing your package, you'll want to create the file that will be loaded when your module is imported (via require). If you used the default, this is index.js. In that file, add a function as a property of the exports object to make it available to other code.

1.1.1   Scope

Some packages names also have a scope. When used in package names, scopes are preceded by an @ symbol and followed by a slash. For example @somescope/somepackagename.

Scopes are a way of grouping related packages together.

Each npm user has their own scope, and only you can add packages in your scope. This means you don't have to worry about someone taking your package name ahead of you. Thus it is a good way to signal official packages for organizations.

Scoped packages are install to a subfolder of the regular installation folder. That is, scoped modules will be install in node_modules/@myorg/packagename.

Because scoped packages are installed into a scope folder, you have to include the name of the scope when requiring them in your code. For example require('@myorg/mypackage').

1.2   History

The npm registry was launched by CEO Isaac Schlueter, who formerly worked at Joyent leading its Node.js project and is also a Yahoo alum. He is joined by co-founders Laurie Voss, CTO of npm, Inc., and COO Rod Boothby.

npm launched in December 2013. [3]

[3]

NPM raised $2.6 million in seed funding on Feb 11 2014, led by True Ventures.

Since its formation, the npm registry has grown very rapidly. There were a total of 183,235,276 downloads in January 2014 and Node.js packages now include more than one billion lines of code. The huge size of the package libraries compares to the small size of Node.js itself. The total lines of c++ and JS code, including tests, in Node.js itself is only 123,055.

The open source project and registry were originally created three years ago. Because of high demand, however, npm’s co-founders decided to form a company called npm, Inc., to better support Node.js developers.

The startup officially launched in December, and its seed funding will allow npm to improve and scale up its services.

[4]

npm announced that it has raised $8 million on April 14, 2015, led by `Bessemer Ventures`_.

One of the first paid tools npm launched after it raised its seed round was npm Enterprise, a service that allows enterprises to run the package manager behind their firewalls and securely share their JavaScript modules for $20 per month and active user.

Today, the company is launching a somewhat similar (but hosted) service for any developer who wants to keep an npm module private. The concept is similar to how GitHub monetizes its service besides its enterprise offering.

For $7 per month, developers can now keep their modules private and share access with other users who also pay for the service.

The Node guys went through a power struggle with Joyent which almost resulted in further fragmentation but they settled for the Node Foundation.

2   History

Ryan Dahl created Node.js in ????. Dahl stepped aside in 2012, and gave control of the project to Issac Schlueter. [4] Schlueter managed Node until 2014. [4])

On March 23, 2016, Azer Koçulu unpublished more than 250 of his modules from NPM because one of the modules was called Kik and that apparently attracted the attention of lawyers representing the instant-messaging app of the same name. One of those dependencies was "left-pad". It pads out the lefthand-side of strings with zeroes or spaces. And thousands of projects including Node and Babel relied on it. With left-pad removed from NPM, these applications and widely used bits of open-source infrastructure were unable to obtain the dependency, and thus fell over. Thousands, worldwide. Left-pad was fetched 2,486,696 downloads in just the last month, according to NPM.

To fix the internet, Laurie Voss, CTO and cofounder of NPM, took the "unprecedented" step of restoring the unpublished left-pad 0.0.3 that apps required. Normally, when a particular version is unpublished, it's gone and cannot be restored. Now NPM has forcibly resurrected that particular version to keep everyone's stuff building and running as expected.

3   Modules

module.exports is the object that is returned from require() calls. It is automatically created by Node.js. The exports variable is assigned the value of module.exports before the module is evaluated.

module.exports.add = function(a, b) { return a + b};

4   Further reading

5   References

[1]Chris William. March 23, 2016. How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript. http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/
[2]What the web platform can learn from Node.js. https://developer.atlassian.com/blog/2015/11/what-the-web-platform-can-learn-from-nodejs/
[3](1, 2) Catherine Shu. Feb 11, 2014. npm Raises $2.6M Seed Round To Support Node.js Developers. https://techcrunch.com/2014/02/11/npm/
[4](1, 2) Frederic Lardinois. April 14, 2015. Popular JavaScript Package Manager Npm Raises $8M, Launches Private Modules. https://techcrunch.com/2015/04/14/popular-javascript-package-manager-npm-raises-8m-launches-private-modules/
[5](1, 2) About npm. https://www.npmjs.com/about
[6]Packages and Modules. https://docs.npmjs.com/how-npm-works/packages

[1]: http://s3.amazonaws.com/four.livejournal/20091117/jsconf.pdf "JSConf 2009"

---

# Fibers and Threads

The main difference between fibers and real threads is on the scheduling side: threads use implicit, preemptive scheduling while fibers use explicit, non-preemptive scheduling.

[2]

Node barely has much of a standard library.

On npm, small modules have become the norm, with users like substack and Sindre Sorhus publishing upwards of 685 and 760 modules respectively, each following the UNIX way of doing one thing and doing it well. Modules such as array-union, which returns the union of two arrays, and svg-create-element, which provides a great API for creating SVGs in the DOM, seem so absurdly obvious and small that they ought to ship with the language or platform.

Even the incredibly popular Express web framework is distributed as the kernel of a web application. In contrast to large frameworks like Ruby on Rails or Django which come bundled with templating, ORMs, csrf protection, and other features, Express only ships with middleware to host static files. Instead, the application developer is free to use whichever implementation of these features they like, and compose them together to create their application.

As a result, small modules — and apps composed of them — tend to have extremely large dependency graphs (Bitbucket's frontend, for example, contains more than one thousand JavaScript modules — many internal and many from npm).

In contrast to this, existing APIs in JavaScript and the web platform are frozen solid. Iterations to the JavaScript language, which cannot have any backwards-incompatible changes lest they risk breaking every existing site, must have entirely additive changes. After the performance woes of the Mutation Events API, for example, Mutation Observers were introduced to smooth things over. WebSQL was deprecated in favor of the lower-level, but more awkward IndexedDB. Application Cache is being phased out in favor of the lower-level and more versatile ServiceWorker. Object.observe, an ES2016 proposal which allowed observation of an object's properties, was recently withdrawn after React's preference for unidirectional data-flow and immutability took the web by storm.

Proponents of the Extensible Web Manifesto want to make the web resilient to userland trial and error the same way that Node is. Their mission is to have the platform provide as many low-level building blocks as possible, so that libraries outside of the browser can experiment freely and avoid the costly and lengthy process that formal standardization must follow. One such low-level primitive is the set of APIs for web components, which provide developers with the means to create dynamic custom elements and attributes through JavaScript, complete with encapsulation2. It's no secret that libraries, big and small, have implemented dialog functionality, but now the iteration of the API can be handled in userland, rather than needing to get it right the first time in the platform. With the low-level primitives in place, userland is free to explore higher-level abstractions in the form of small modules. In other words, no more AppCache.

Generated on: 2022-03-18 21:24 UTC.