npm 升级软件包
If you’ve spent any time in the Node or front-end JavaScript world, you are probably familiar with NPM and know there are hundreds of thousands of modules to choose from.
如果您在Node或前端JavaScript领域中度过了任何时间,则您可能对NPM很熟悉,并且知道有数十万个模块可供选择。
“Analysis paralysis describes an individual or group process when overanalyzing or overthinking a situation can cause forward motion or decision-making to become “paralyzed”, meaning that no solution or course of action is decided upon.” — Wikipedia
“分析瘫痪描述了一个个体或群体的过程,当过度分析或过度思考某种情况会导致向前运动或决策变得“瘫痪”,这意味着未决定解决方案或行动方案。” — 维基百科
NPM(节点程序包管理器) (NPM (Node Package Manager))
NPM is the world’s largest software registry, with more than 1 million packages. It makes it easy for JavaScript developers to share the code that they’ve created to solve particular problems and for other developers to reuse that code in their own applications.
NPM是世界上最大的软件注册中心,拥有超过100万个软件包。 它使JavaScript开发人员可以轻松共享他们为解决特定问题而创建的代码,并使其他开发人员可以在自己的应用程序中重用该代码。
Once you depend on this code from other developers, NPM makes it easy to check if any updates were made and to download those updates when they happen.
一旦您依赖其他开发人员的代码,NPM即可轻松检查是否进行了任何更新,并在发生更新时下载这些更新。
These bits of reusable code are called packages or sometimes modules. A package is just a directory with one or more files in it that also has a file called package.JSON with some metadata about this package.
这些可重用代码位称为程序包或有时称为模块。 软件包只是其中包含一个或多个文件的目录,还具有一个名为package.JSON的文件,其中包含有关此软件包的一些元数据。
项目依赖 (Project Dependencies)
A typical application such as a website will depend on dozens or hundreds of packages. These packages are often small, and the general idea is you create a small building block that solves one problem and solves it well.
诸如网站之类的典型应用程序将取决于数十个或数百个软件包。 这些软件包通常很小,通常的想法是创建一个小的构建基块,以解决一个问题并将其很好地解决。
This makes it possible for you to compose larger custom solutions out of these small shared building blocks. There are lots of benefits to this. It makes it possible for your team to draw on expertise from outside of your organization by bringing in packages from people who have focused on particular problem areas.
这使您可以从这些小型共享构建基块中组成更大的自定义解决方案。 有很多好处。 通过引入专注于特定问题领域的人员的软件包,您的团队可以利用组织外部的专业知识。
You can find packages by browsing the NPM website. There, you’ll find different kinds of packages: Node modules that can be used on the server side, packages that add commands for the command line, and others can be used in the browser on the front end.
您可以通过浏览NPM网站找到软件包。 在那里,您会找到不同类型的软件包:可以在服务器端使用的节点模块,为命令行添加命令的软件包以及可以在前端浏览器中使用的其他软件包。
我什么时候应该使用一个? (When Should I Use One?)
Let’s say you’re developing the “next great application.” You run into a problem and decide you do not want or do not know how to write a particular feature.
假设您正在开发“下一个出色的应用程序”。 您遇到问题,并决定您不希望或不知道如何编写特定功能。
One of the main reasons you’d want to install a package is to use pre-existing code. There’s no need to reinvent the wheel or do a lot of difficult time-consuming programming when you can download standalone tools you can use right away in your application.
您想要安装软件包的主要原因之一是使用预先存在的代码。 当您下载可在应用程序中立即使用的独立工具时,无需重新设计轮子或进行大量费时的编程工作。
“There must be an external cool library that someone has already written.”
“必须已经有人编写了一个外部很棒的库。”
OK, you’re probably right, but keep in mind that one of NPM’s cons is that the registry has no vetting process for submission. This means that packages found there can be low-quality, not secure, or malicious.
好的,您可能是对的,但是请记住,NPM的缺点之一是注册表没有提交审核程序。 这意味着发现的软件包可能是低质量的,不安全的或恶意的。
So how will you find the right package for your needs? And how will you know you can trust it to do the job over time? Out of thousands of packages to choose from, it may not be obvious which one to pick.
那么,您将如何找到适合您需求的包装? 以及您如何知道您可以相信它可以随着时间的推移完成这项工作? 在成千上万种可供选择的软件包中,选择哪一种可能并不明显。
With so many available and new ones considered “what you should really turn to,” it may be daunting to choose the right one for your project.
有这么多可用的和新的被认为是“您真正应该转向什么”的东西,为您的项目选择合适的选择可能是艰巨的。
“Rather than waste time Googling around, combing through npmjs.org, and wasting more time NOT building your application, it would be great to know which modules to choose when.” — Corey Cleary
“与其浪费时间四处寻找,梳理npmjs.org并浪费更多时间不构建应用程序,不如知道何时选择哪个模块,这真是太棒了。” — 科里·克莱里
寻找适合您的NPM包装 (Finding the Right NPM Package for You)
By googling or searching the NPM website, you can find your initial package candidates. Once you have found them, the NPM website will provide you with information about these packages.
通过谷歌搜索或搜索NPM网站,可以找到最初的候选软件包。 找到它们后,NPM网站将为您提供有关这些软件包的信息。
NPM exposes statistics including the number of downloads, number of depending packages, and more to assist developers in judging the quality of packages.
NPM公开统计信息,包括下载次数,相关软件包的数量以及更多内容,以帮助开发人员判断软件包的质量。
选择标准 (Selection Criteria)
Before choosing and using a package, you might want to consider the following parameters.
在选择和使用程序包之前,您可能需要考虑以下参数。
人气度 (Popularity)
Popularity indicates how many times the package has been downloaded and how many other projects depend on it. This is a strong indicator of packages that were found to be useful by others.
受欢迎程度表明该软件包已被下载了多少次,并且依赖于它还有多少其他项目。 这是被他人发现有用的软件包的有力指标。
Ask yourself:
问你自己:
- How many weekly downloads are there? 每周有多少次下载?
- Do other important packages depend on it? 其他重要软件包是否依赖于此?
- How many GitHub users have used it? 有多少GitHub用户使用过它?
- How many GitHub stars does it have? 它有多少个GitHub明星?
- Did trusted developers and maintainers star it? 受信任的开发人员和维护人员是否对它赞不绝口?
贡献者 (Contributors)
Check out the number of contributors to each project. More eyes looking over code can only be a good thing.
查看每个项目的贡献者数量。 让更多的人关注代码只会是一件好事。
Ask yourself:
问你自己:
- How many contributors are there? 那里有几个贡献者?
- Do trusted developers contribute to it? 受信任的开发人员会为此做出贡献吗?
保养 (Maintenance)
More frequently maintained packages are more likely to have fewer bugs and be more stable. In addition, frequent updates are an indication of resolved issues and maybe new feature releases.
维护频率更高的软件包更有可能出现更少的错误并更加稳定。 此外,频繁的更新表示已解决问题,也可能表示新功能发布。
Also, check the number of releases. A package with many releases is a good indication that it is more active.
另外,请检查发行数量。 具有许多发行版的软件包很好地表明了它的活跃性。
Ask yourself:
问你自己:
- How recently was it updated? 最近更新的时间?
- How frequent are the updates? 更新频率如何?
- How many releases are there? 有多少个版本?
- Are issues being closed on GitHub or have the same issues been open for a long time? 是在GitHub上关闭问题,还是长期开放相同的问题?
尺寸 (Size)
The size of a package increases with the amount of its code and the dependencies it uses. A large package size can affect your application and its performance.
软件包的大小随其代码量和使用的依赖关系而增加。 大包装尺寸可能会影响您的应用程序及其性能。
To avoid this, you can check the size of the package before installing it. You can do that on the NPM website or by using a great tool called BundlePhobia that helps you see if the package fits your performance requirements.
为避免这种情况,您可以在安装前检查软件包的大小。 您可以在NPM网站上执行此操作,也可以使用一个名为BundlePhobia的出色工具来帮助您查看该软件包是否符合您的性能要求。
Ask yourself:
问你自己:
- Is the package size acceptable? 包装尺寸可以接受吗?
- Is its download time too long for your use case? 对于您的用例,下载时间是否太长?
质量 (Quality)
Quality includes considerations such as the presence of up-to-date dependencies, documentation, stability, tests, a dedicated website, a strict pull-request policy, and more.
质量包括考虑因素,例如最新的依赖项,文档,稳定性,测试,专用网站,严格的请求请求策略等。
Ask yourself:
问你自己:
- Is the package well-documented and does it have its own website? 该程序包是否文件齐全,是否有自己的网站?
- Does the module have test coverage? 该模块有测试范围吗?
- Does the package have any vulnerabilities? 程序包是否有漏洞?
比较类似的软件包 (Comparing Similar Packages)
Often, you may find multiple packages that suit your needs. In those cases, you would probably want to compare them and identify which truly fits your requirements, is managed frequently, and is commonly used.
通常,您可能会找到多个适合您需要的软件包。 在这些情况下,您可能需要比较它们并确定哪个真正满足您的需求,经常管理和经常使用。
npm趋势 (npm trends)
One of the best tools to compare packages is npm trends. This tool by John Potter allows you to search for packages and see on a graph the number of downloads along with the timeline, GitHub statistics, and more.
比较软件包的最佳工具之一就是npm趋势 。 John Potter的这个工具允许您搜索软件包,并在图表上查看下载次数以及时间轴,GitHub统计信息等。
This is such a cool tool that you can search for any package and it will automatically offer you similar packages. Therefore, it is enough to know one package that suits your needs, and you can then compare it to competitors.
这是一个很酷的工具,您可以搜索任何软件包,它会自动为您提供类似的软件包。 因此,知道一个适合您需求的软件包就足够了,然后您可以将其与竞争对手进行比较。
NPM比较 (NPMCompare)
Another great tool is NPMCompare. It shows a highly detailed side-by-side comparison of two packages and highlights which package is the best in each metric (issues reported, average time for updating, size, etc.). Finally, it gives a summary score.
另一个很棒的工具是NPMCompare 。 它显示了两个软件包的高度详细的并排比较,并突出显示了每个度量标准中最佳的软件包(报告的问题,平均更新时间,大小等)。 最后,它给出了一个总分。
It also produces a detailed description paragraph of the comparison, which you can send to your manager to explain why you decided on this particular package compared to the other.
它还会生成比较的详细描述段落,您可以将其发送给经理,以解释为什么您决定将此特定软件包与其他软件包进行比较。
结论 (Conclusion)
While using pre-made outsourced packages won’t always solve your problems, it is often easier to rely on ready-made tools than to re-implement a solution from scratch.
尽管使用预制的外包软件包不能总是解决您的问题,但依赖现成的工具通常比从头开始重新实现解决方案容易。
Since open-source software repositories have become more globally accessible, as developers, it wouldn’t make any sense not to rely on each other.
由于开源软件存储库已成为开发人员,因此可以在全球范围内访问,因此,不相互依赖是没有任何意义的。
I hope that with the help of this guide, you now better understand how to choose the right packages for your projects.
我希望借助本指南,您现在可以更好地了解如何为您的项目选择正确的软件包。
Have a great day! Thanks for reading!
祝你有美好的一天! 谢谢阅读!
npm 升级软件包
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
