DEV Community

Liran Tal
Liran Tal

Posted on • Updated on • Originally published at


npm passes the 1 millionth package milestone! What can we learn?

June 4th is a historic date where the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages.

We wanted to share some insights that we thought are interesting and could get our hands on

What are npm's most popular packages? how many vulnerabilities are associated with them?

Here are the top 3

  • lodash: 3 vulnerabilities (1 high sev)
  • request: 1 vulnerability (17 typosquatting attempts)
  • chalk 0 vulnerabilities: (1 typosquatting attempt)

How many downloads do the top 10 packages pull in?

  • debug: >40 million weekly downloads
  • kind-of: >34 million weekly downloads
  • supports-color: >34 million weekly downloads

We wrote in further detail at on more registry and community statistics such as how many npm packages were added in 2019? What are some interesting insights from the Node.js Foundation's package maintenance working group?

What can you share on your experience with npm? Happy to hear!

Top comments (0)

11 Tips That Make You a Better Typescript Programmer


1 Think in {Set}

Type is an everyday concept to programmers, but it’s surprisingly difficult to define it succinctly. I find it helpful to use Set as a conceptual model instead.

#2 Understand declared type and narrowed type

One extremely powerful typescript feature is automatic type narrowing based on control flow. This means a variable has two types associated with it at any specific point of code location: a declaration type and a narrowed type.

#3 Use discriminated union instead of optional fields


Read the whole post now!