npm 升级软件包_如何为您的项目选择合适的NPM软件包

最新推荐文章于 2024-09-03 16:24:59 发布

weixin_26738395

最新推荐文章于 2024-09-03 16:24:59 发布

阅读量353

点赞数

文章标签： vue npm react js java ViewUI

原文链接：https://medium.com/@nitaiaharoni1/how-to-choose-the-right-npm-package-for-your-project-c3d1cc25285e

版权

npm 升级软件包

If you’ve spent any time in the Node or Front End JavaScript world, you are probably familiar with NPM, and you know there are hundreds of thousands of modules to choose from.

如果您在Node或前端JavaScript世界中度过了任何时间，则可能对NPM很熟悉，并且知道有数十万个模块可供选择。

“Analysis paralysis describes an individual or group process when overanalyzing or overthinking a situation can cause forward motion or decision-making to become “paralyzed”, meaning that no solution or course of action is decided upon.” —Analysis paralysis, Wikipedia

“分析性瘫痪描述了一个个体或群体的过程，当过度分析或过度思考某种情况会导致向前运动或决策变得“瘫痪”时，这意味着未决定解决方案或行动方案。” - 分析瘫痪，维基百科

NPM(节点程序包管理器) (NPM (Node Package Manager))

NPM is the world’s largest software registry with more than 1 million packages. It makes it easy for JavaScript developers to share the code that they’ve created to solve particular problems and for other developers to reuse that code in their own applications.

NPM是世界上最大的软件注册中心，拥有超过100万个软件包。它使JavaScript开发人员可以轻松共享他们为解决特定问题而创建的代码，并使其他开发人员可以在自己的应用程序中重用该代码。

Once you’re depending on this code from other developers, NPM makes it easy to check if any updates were made, and to download those updates when they happen.

使用其他开发人员的代码后，NPM可以轻松检查是否进行了任何更新，并在发生更新时下载这些更新。

These bits of reusable code are called packages, or sometimes modules. A package is just a directory with one or more files in it that also has a file called package JSON with some metadata about this package.

这些可重用代码位称为程序包，有时也称为模块。软件包只是其中包含一个或多个文件的目录，还具有一个名为package JSON的文件，其中包含有关此软件包的一些元数据。

项目依赖 (Project Dependencies)

A typical application such as a website will depend on dozens or hundreds of packages. These packages are often small, and the general idea is you create a small building block that solves one problem and solves it well.

诸如网站之类的典型应用程序将取决于数十个或数百个软件包。这些软件包通常很小，通常的想法是创建一个小的构建基块，以解决一个问题并将其很好地解决。

This makes it possible for you to compose larger custom solutions out of these small shared building blocks. There are lots of benefits to this. It makes it possible for your team to draw on expertise from outside of your organization, by bringing in packages from people who have focused on particular problem areas.

这使您可以从这些小型共享构建基块中组成更大的自定义解决方案。有很多好处。通过引入专注于特定问题领域的人员的软件包，您的团队可以利用组织外部的专业知识。

You can find packages by browsing the NPM website. There, you’ll find different kinds of packages. Node modules that can be used on the server-side, packages that add commands for the command line, and others can be used in the browser on the front-end.

您可以通过浏览NPM网站找到软件包。在这里，您会找到不同种类的软件包。可以在服务器端使用的节点模块，为命令行添加命令的包以及其他模块可以在前端的浏览器中使用。

我什么时候应该使用它？ (When should I use it?)

Let’s say you’re developing the “next great application”. You run into a problem and you decide you do not want or do not know how to write a particular feature.

假设您正在开发“ 下一个出色的应用程序 ”。您遇到问题，并且决定不希望或不知道如何编写特定功能。

One of the main reasons you’d want to install a package is to use pre-existing code. There’s no need to reinvent the wheel or do a lot of difficult time-consuming programming when you can download standalone tools you can use right away in your application.

您想要安装软件包的主要原因之一是使用预先存在的代码。当您下载可在应用程序中立即使用的独立工具时，无需重新设计轮子或进行大量费时的编程工作。

“There must be an external cool library that someone has already written”

“必须已经有人编写了一个外部酷库”

Okay, you’re probably right, but keep in mind that one of NPM’s cons is that the registry has no vetting process for submission. This means that packages found there can be low quality, insecure, or malicious.

好的，您可能是对的，但是请记住，NPM的缺点之一是注册表没有提交审核程序。这意味着发现的软件包可能是低质量，不安全或恶意的。

So how will you find the right package for your needs? And how will you know you can trust it to do the job over time? Out of thousands of packages to choose from, it may not be obvious which one to choose.

那么，您将如何找到适合您需求的包装？以及您如何知道您可以相信它可以随着时间的推移完成这项工作？在数千种可供选择的软件包中，选择哪一种可能并不明显。

With so many to pick from, and new ones to be stated as “what you should really turn to,” it may be daunting to choose the right one for your project.

有很多可供选择的内容，而新的选项被称为“您真正应该去的方向”，因此为您的项目选择合适的选项可能很艰巨。

“Rather than waste time Googling around, combing through npmjs.org, and wasting more time NOT building your application, it would be great to know which modules to choose when.” — article by Corey Cleary

“与其浪费时间四处寻找，梳理npmjs.org并浪费更多时间不构建应用程序，不如知道何时选择哪个模块，这真是太棒了。” — 作者：Corey Cleary

寻找适合您的NPM套件 (Finding the right NPM package for you)

By googling or searching the NPM website, you can find your initial package candidates. Once you have found them, the NPM website will provide you with information about these packages.

通过谷歌搜索或搜索NPM网站，可以找到最初的候选软件包。找到它们后，NPM网站将为您提供有关这些软件包的信息。

NPM exposes statistics including the number of downloads, number of depending packages, and more, to assist developers in judging the quality of packages.

NPM公开统计信息，包括下载次数，相关软件包的数量等，以帮助开发人员判断软件包的质量。

选择标准 (Choosing criteria)

Before choosing and using a package, you might want to consider it’s following parameters.

在选择和使用软件包之前，您可能需要考虑以下参数。

人气度 (Popularity)

Popularity indicates how many times the package has been downloaded and how many other projects depend on it. This is a strong indicator of packages which were found to be useful by others.

受欢迎程度表明该软件包已被下载了多少次，并且依赖于它还有多少其他项目。这是一个被他人发现有用的软件包的有力指标。

Image for post — NPM weekly downloads graph & dependent packages

Ask yourself:

问你自己：

How many weekly downloads?
每周下载多少次？
Do other important packages depend on it?
其他重要软件包是否依赖于此？
Used by how many GitHub users?
有多少GitHub用户使用过？
How many GitHub stars?
有多少GitHub明星？
Whether trusted developers and maintainers starred it?
是否值得信赖的开发人员和维护人员出演了它？

贡献者 (Contributors)

Check out the number of contributors of each project. More eyes looking over code can only be a good thing.

查看每个项目的贡献者数量。让更多的人关注代码只会是一件好事。

Ask yourself:

问你自己：

How many contributors?
有多少贡献者？
Do trusted developers contribute to it?
受信任的开发人员会为此做出贡献吗？

保养 (Maintenance)

More frequently maintained packages are more likely to have fewer bugs and to be more stable. In addition, often updates are an indication for frequent issues resolve and maybe new features releases.

维护频率更高的软件包更有可能出现更少的错误并且更加稳定。此外，经常更新表示经常性问题得以解决，也可能表示新功能发布。

Also, check the number of releases. A package with many releases is a good indication that it is more active.

另外，请检查发行数量。具有许多发行版的软件包很好地表明了它的活跃性。

Ask yourself:

问你自己：

How recently updated?
最近如何更新？
How frequently updates?
多久更新一次？
How many releases?
有多少版本？
Are issues being closed on GitHub, or have the same issues been open for a long time?
是在GitHub上关闭问题，还是长期开放相同的问题？

尺寸 (Size)

The size of a package increases with the amount of its code and the dependencies it uses. A significant package size can affect our application and its performance.

软件包的大小随其代码量和使用的依赖关系而增加。较大的包装尺寸可能会影响我们的应用程序及其性能。

To avoid this you can check the size of the package before installing it. You can do that in NPM website, or using a great tool called bundelophobia which helps you to see if the package fits your performance requirements.

为避免这种情况，您可以在安装前检查软件包的大小。您可以在NPM网站上执行此操作，也可以使用名为Bundelophobia的出色工具来帮助您查看包装是否符合您的性能要求。

Ask yourself:

问你自己：

Is the package size acceptable?
包装尺寸可以接受吗？
Is its download time too long for your use case?
对于您的用例，下载时间是否太长？

质量 (Quality)

Quality includes considerations such as the presence of up-to-date dependencies, documentation, stability, tests, a dedicated website, strict pull-request policy, and more.

质量包括考虑因素，例如最新依赖项的存在，文档，稳定性，测试，专用网站，严格的请求请求策略等。

Ask yourself:

问你自己：

Is the package well-documented and has its own website?
该程序包是否文件齐全并有自己的网站？
Does the module have test coverage?
该模块有测试范围吗？
Does the package have any vulnerabilities?
程序包是否有漏洞？

比较类似的软件包 (Comparing similar packages)

Often, you may find multiple packages that suit your needs. In those cases, you would probably want to compare them and identify which truly fits your requirements, is managed frequently, and is commonly used.

通常，您可能会找到多个适合您需要的软件包。在这些情况下，您可能需要比较它们并确定哪个真正满足您的需求，经常管理和经常使用。

npm趋势 (npm-trends)

One of the best tools to compare packages is npm-trends. This tool by John Potter allows you to search for packages and see on a graph the number of their downloads along with the timeline, GitHub statistics, and more.

比较软件包的最佳工具之一是npm-trends 。 John Potter的此工具允许您搜索软件包，并在图表上查看其下载数量以及时间轴，GitHub统计信息等。

This is such a cool tool, that you can type in the search field any name of a package, and it will automatically offer you similar packages. Therefore, it is enough to know one package that suits your needs, and thus compare in relation to competitors how good this package is for you.

这是一个很酷的工具，您可以在搜索字段中输入任何软件包的名称，它会自动为您提供类似的软件包。因此，知道一个适合您需求的软件包就足够了，从而与竞争对手进行比较，比较该软件包对您有多好。

npm比较 (npm-compare)

Another great tool is npm-compare. It shows a highly-detailed side-by-side comparison of two packages and it highlights which package is the best in each metric (issues reported, average time for updating, size, etc.). And finally gives a summary score.

另一个很棒的工具是npm-compare。它显示了两个软件包的高度详细的并排比较，并突出显示了每个度量标准中最佳的软件包(报告的问题，平均更新时间，大小等)。最后给出总结分数。

It also produces a detailed description paragraph of the comparison, which you can send to your manager to explain why you decided in this particular package compared to the other.

它还会生成比较的详细描述段落，您可以将其发送给经理，以解释为什么您决定将此特定软件包与其他软件包进行比较。

结论 (Conclusion)

While not always the solution to your problem can be solved using pre-made outsource packages, often it is easier to rely on ready-made tools than re-implementing a solution from scratch.

尽管并非总是可以使用预制的外包包来解决问题的解决方案，但是，与从头开始重新实施解决方案相比，依赖现成的工具通常更容易。

Since open-source software repositories have become greater globally accessible, as developers, it wouldn’t make any sense, not to rely on each other.

由于开源软件存储库已成为开发人员，因此可以在全球范围内更广泛地访问，因此，不依赖彼此是没有任何意义的。

I hope that with the help of this guide, you now better understand how to choose the right packages for your projects.

我希望借助本指南，您现在可以更好地了解如何为您的项目选择正确的软件包。

Have a great day! Thanks for reading! 🎾

祝你有美好的一天！谢谢阅读！ 🎾