Package management is a cornerstone of modern software development, powering almost every software project globally. Tools like npm and Yarn have long been integral to the JavaScript ecosystem, allowing developers to install, update, and share code seamlessly. However, as projects expand and the ecosystem grows more intricate, this older infrastructure is starting to reveal its limitations, such as performance bottlenecks, dependency conflicts, and increasing concerns about supply chain security.
Darcy Clarke and Ruy Adorno are seasoned veterans of this ecosystem. They spent years maintaining the npm CLI and guiding the Node.js project, witnessing firsthand the technical debt and design tradeoffs that characterize modern JavaScript tools. Now, they are developing vlt, a new package manager and registry that rethinks performance, security, and developer experience from the ground up.
In this episode, Darcy and Ruy join Josh Goldberg to discuss how vlt functions, why they believe package management must be reimagined on the server side, the lessons they’ve learned from npm’s development, and how features like declarative querying, self-hosted registries, and real-time security scanning could transform how developers build and share JavaScript in the future.
Josh Goldberg is an independent, full-time open-source developer within the TypeScript ecosystem. He works on projects that aid developers in writing better TypeScript more efficiently, most notably on typescript-eslint, which enables ESLint and Prettier to operate on TypeScript code. Josh regularly contributes to open-source projects like ESLint and TypeScript. He is a Microsoft MVP for developer technologies and the author of the acclaimed Learning TypeScript (O’Reilly), a valuable resource for any developer seeking to learn TypeScript beyond JavaScript. Josh frequently delivers talks and workshops at bootcamps, conferences, and meetups to share knowledge on TypeScript, static analysis, open source, and general frontend and web development.