Package management forms the backbone of modern software development, quietly supporting nearly every software project globally. Tools like npm and Yarn have been central to the JavaScript ecosystem, allowing developers to easily install, update, and share code. However, as projects expand and the ecosystem becomes more complex, these tools face issues like performance bottlenecks, dependency conflicts, and increasing concerns over supply chain security.
Darcy Clarke and Ruy Adorno, experienced veterans of this ecosystem, have spent years maintaining the npm CLI and aiding the Node.js project, witnessing technical debt and design compromises in JavaScript tooling. Now, they are creating vlt, a new package manager and registry that reimagines performance, security, and developer experience from scratch.
In this episode, Darcy and Ruy join Josh Goldberg to discuss vlt’s operation, their belief in the necessity of a server-side reboot for package management, insights learned from npm’s development, and how features such as declarative querying, self-hosted registries, and real-time security scanning could transform JavaScript development and sharing in the future.
Josh Goldberg is a full-time independent open source developer within the TypeScript ecosystem. He focuses on projects that help developers improve their TypeScript capabilities, most notably with typescript-eslint, enabling ESLint and Prettier to work with TypeScript code. Josh frequently contributes to open source projects like ESLint and TypeScript, and is a Microsoft MVP in developer technologies. He authored “Learning TypeScript” (O’Reilly), a valued resource for developers without former experience outside JavaScript. Josh often delivers talks and workshops at bootcamps, conferences, and meetups to impart knowledge on TypeScript, static analysis, open source, and overall front-end and web development.
Sponsors
If you’re using AI for coding, consider whether you’re genuinely building software or merely participating in Prompt Roulette. Initial unstructured prompting is effective but eventually results in AI disarray and technical debt. Enter Zenflow, which transitions from “vibe coding” to AI-First Engineering, being the first AI Orchestration layer that introduces discipline to chaos. It converts free-form prompting into spec-driven workflows and multi-agent verification, where agents validate each other to avoid drift. It even allows commanding numerous parallel agents to implement features and fix bugs quickly, accelerating delivery between two to ten times. Stop gambling with prompts and start orchestrating your AI to turn raw speed into reliable, production-grade output at zenflow.free.
Are you a developer eager to innovate instead of tackling bottlenecks and managing legacy code? MongoDB can help with its flexible, unified platform developed by and for developers. It’s ACID compliant, enterprise-ready, and designed for fast AI app deployment, trusted by many Fortune 500 companies for critical workloads. Thinking outside traditional relational structures? Start building at mongodb.com/build.
When production issues arise, do you identify the cause in minutes or hours? AppSignal is the application performance monitoring tool tailored for developers seeking clear, actionable insights without a hefty observability bill. It provides error tracking, performance monitoring, log management, and more, allowing you to fix issues before customers are aware. AppSignal supports diverse teams from startups to enterprises, particularly those using Ruby on Rails, Elixir, Node.js, and Python. Try it free for 30 days and receive a 10% discount on your annual plan with code SED10 at www.appsignal.com/sed.