Package management is a cornerstone of modern software development, supporting virtually every software project globally. Tools like npm and Yarn are integral to the JavaScript ecosystem, helping developers install, update, and share code smoothly. However, as projects expand and the ecosystem becomes more complex, issues like performance bottlenecks, dependency conflicts, and supply chain security concerns highlight the limitations of older infrastructure.
Darcy Clarke and Ruy Adorno are seasoned experts in this field. After years of maintaining the npm CLI and contributing to the Node.js project, they witnessed the technical debt and design compromises inherent in contemporary JavaScript tools. They are now developing vlt, a new package manager and registry focused on enhancing performance, security, and the developer experience.
In this episode, Darcy and Ruy join Josh Goldberg to discuss the functionality of vlt, the necessity for a server-side revitalization of package management, lessons learned from npm’s evolution, and the potential impact of features like declarative querying, self-hosted registries, and real-time security scanning on the future of JavaScript development.
Josh Goldberg is an independent open-source developer in the TypeScript ecosystem. He contributes to projects enhancing TypeScript usage, notably typescript-eslint, enabling ESLint and Prettier to work with TypeScript. A regular contributor to open-source projects like ESLint and TypeScript, Josh is a Microsoft MVP for developer technologies and the author of “Learning TypeScript” (O’Reilly), a vital resource for developers new to TypeScript outside of JavaScript. Josh frequently presents at conferences, workshops, and meetups on TypeScript, static analysis, open source, and frontend and web development.