How to Choose NPM Packages
So you are using Node.js as your run-time environment and now need to decide which packages to work with in your project. If you don’t know what to look for, how will you know you are choosing the best package for what you need? Here are the things that I typically look for when choosing a package.
Check the license
A software license tells you, the user, what you can and cannot do with code. License information can quickly be found on the right hand side of the lower information panel in in a repository. Below is an example of an MIT license. Repositories will also typically include a text or markdown file with license information in it for further reading if necessary.
The MIT license lets you use the package in your project, even if your project is a closed source, commercially available application. If you want to use a package and see that it has the GPLv3 license, you will not be able to distribute a closed source version of your application. This is extremely important if you are working on a proprietary piece of software and need to incorporate packages. There are a number of other licenses out there that you may run into. It is best practice to click on the license and read more about it if you are unsure what you can or cannot do under that license.
Check the contributors
Okay so your software relies on a critical package that is built by one developer, part time on his weekends. If the package has bugs or issues that you need looked into in a timely manner, it may not be possible. That’s not to say to avoid the package, just keep an eye out for how active that one developer is. Many times you will find that packages that are maintained by multiple developers have a quicker turn around time to addressing features and issues. But like most things in life, that isn’t a black and white rule.
Check the date of the last commit
Finally, check the date of the last commit. If you found a package that you love and can’t wait to use, but notice that there are a few bugs that the developers haven’t gotten around to addressing, and the last commit was 9 months ago… Well, maybe you should keep looking for another package as any issues you run into may ultimately not be addressed and could stall your own progress.
Drop a comment if there are other things that you look for when choosing packages to use!
