Package management is a crucial element of modern software development, supporting nearly every software project globally without much fanfare. Tools like npm and Yarn have been central to the JavaScript ecosystem, allowing developers to easily install, update, and share code. However, as projects expand and the ecosystem becomes increasingly complex, these older systems are facing challenges like performance bottlenecks, dependency conflicts, and rising issues related to supply chain security.
Darcy Clarke and Ruy Adorno have extensive experience in this ecosystem. They have spent years maintaining the npm CLI and assisting with the Node.js project, gaining insight into the technical debt and design compromises typical of modern JavaScript tools. Now, they are developing vlt, a new package manager and registry focusing on performance, security, and developer experience from scratch.
In this episode, Darcy and Ruy talk with Josh Goldberg about how vlt functions, why they believe package management needs a server-side overhaul, the lessons they’ve learned from npm’s development, and how features like declarative querying, self-hosted registries, and real-time security scanning could transform the ways developers create and share JavaScript in the future.
Josh Goldberg is a full-time independent open source developer in the TypeScript ecosystem. He works on projects facilitating improved TypeScript development, notably on typescript-eslint, which enables ESLint and Prettier to function with TypeScript code. Josh actively contributes to open source projects like ESLint and TypeScript. He is a Microsoft MVP in developer technologies and the author of “Learning TypeScript” (O’Reilly), a valuable resource for developers new to TypeScript. Josh frequently delivers talks and workshops at bootcamps, conferences, and meetups on topics such as TypeScript, static analysis, open source, and general frontend and web development.
Sponsors
Are you building software or just playing Prompt Roulette with AI coding? Unstructured prompting eventually leads to chaos and technical debt. Enter Zenflow.
Zenflow transforms free-form prompting into spec-driven workflows and multi-agent verification, preventing drift among agents. It allows commanding multiple agents to implement features and fix bugs in parallel, increasing delivery speed by 2x to 10x.
Stop relying on prompts and start orchestrating your AI to deliver reliable, production-grade output at zenflow.free.
As a developer dealing with bottlenecks and legacy code, MongoDB offers a flexible, unified platform designed for developers. It’s ACID compliant and enterprise-ready, with capabilities to swiftly ship AI apps. Trusted by Fortune 500 companies for critical workloads, MongoDB invites you to innovate beyond traditional structures. Start building at mongodb.com/build.
When production issues arise, AppSignal provides timely, actionable insights to resolve them. This application performance monitoring tool offers error tracking, performance monitoring, and log management, designed for developers seeking