I've been assuming that some percentage of the total download counts for my NPM packages must be coming from bots that have been programmed to automatically download any new version of a package that gets published. Is there any way to determine what percentage of downloads are coming from these sort of bots vs actual human users?
Related
The answer seems like 'no' but I wanted to check with colleagues here.
We provide an npm package for our own sites as well as some 3rd party sites.
There's a fairly heavy and old homegrown npm package that we also have in our package.
We don't need that package any longer on our sites but the 3rd party sites do.
We also have no way of controlling the code on those 3rd party sites so we need to keep the deployed bundle name and location the same for them.
Is there a way to publish a version of our package first without the extra package for us and then a version with it for the third parties from the same repository?
ourpackage-new.js (without the dependency)
ourpackage.js (with the dependency)
I had some success with a new package json in a subdirectory. I would create a new package and the original package via a command in gitlab.yaml to cd into that directory and npm publish there after the first one. This requires copying some dependency files down there as well which would mean if one version was updated, we'd need to remember to update the copy. Not a situation we'd want.
Even if we created a 2nd repository for the change just for us, we'd still need to update 2 repositories every time we had a new change to deploy.
Checked into Aliasing as well, we wouldn't be planning to import a new version and an old version though, more like sister versions.
In any case, thanks for the input and thoughts. I realize Npm was prob not made for this type of situation. If I remember right, I could do this with Gulp years ago, but I haven't even thought about Gulp in so long :) And then, I'd have to deploy manually via an FTP program ... wow, those were days.
Thanks again!
which tool among those in above is used to solve what sort of problem? The simplified and straight to the point answer the better.
You can find some pretty good descriptions of each of these with a basic Google search.
In short, npm is a software repository. Grunt is a tool used bring together multiple javascript tasks into single commands. Webpack is a powerful module bundler, allowing you to bring together javascript, css, html from various sources (one being npm) and bundle them in such a way that you can be left with a single javascript module containing all the code you require.
The World's Largest Software Registry (Library)
npm is the world's largest Software Registry.
The registry contains over 800,000 code packages.
Open-source developers use npm to share software.
What is NPM # W3Schools
Grunt is a JavaScript task runner, a tool used to automatically perform frequent tasks such as minification, compilation, unit testing, and linting. It uses a command-line interface to run custom tasks defined in a file (known as a Gruntfile). Grunt was created by Ben Alman and is written in Node.js. It is distributed via npm.
What is Grunt # Wikipedia
webpack is an open-source JavaScript module bundler.[5][6][7][8] It is made primarily for JavaScript, but it can transform front-end assets such as HTML, CSS, and images if the corresponding loaders are included.[9] webpack takes modules with dependencies and generates static assets representing those modules.[10]
Webpack takes the dependencies and generates a dependency graph allowing web developers to use a modular approach for their web application development purposes
What is Webpack # Wikipedia
difference between grunt and webpack
grunt is stream management tools that perform functions required by users through task configuration, such as format verification, code compression, etc. It is worth mentioning that the code processed by grunt is only replaced by local variable names and simplified. Nothing has changed, it's still your code.
While webpack has carried out a more thorough packaging process, and is more inclined to transform the module grammar rules. The main task is to break through the gap between browsers, analyze, compress, merge, and package various static files that are not originally recognized by the browser, and finally generate the code supported by the browser. Therefore, the code after webapck has been packaged. It’s not the code you wrote, maybe if you look at it again, you can’t understand it anymore.
npm is more like providing building enviroment
npm is a package management tool installed with NodeJS. It can solve many problems in NodeJS code deployment. Common usage scenarios are as follows:
Allow users to download third-party packages written by others from the NPM server to local use.
Allow users to download and install command line programs written by others from - the NPM server for local use.
Allow users to upload their own packages or command line programs to the NPM server for others to use.
npm is more like providing build enviroment, but grunt and webpack is working as building tools.
I am using vuepress in order to make my static site so is their any risk that anyone else can see my site source as my site is not open-source and I am using NPM so I want to ask a question that will my vuepress package will be published openly? as it's really important to me and I don't want to reveal the source of my site.
About Is their any risk that anyone else can see my site source
There is no way to protect javascript intended to run in a browser from a determined viewer.
If the browser can run it, then any determined viewer can view/run it also.
About NPM:
npm is a package manager for the JavaScript programming language maintained by npm, Inc. npm is the default package manager for the JavaScript runtime environment Node.js.
The npm registry contains packages, many of which are also Node modules, or contain Node modules.
npm has two types of packages,
one is public which everyone can see while the other is,
private package which others can't see.
So if you fear that people will see the source code in your package, just make it private or just don't put your code on npm at all.
I know there's a public API for getting NPM download counts, as well as tools built on top of it like npm-stat and npmtrends. However, I'd like to get more granular and see downloads for a particular package by version. I don't see this documented in the API docs anywhere. Is it possible?
Per version download counts are now available from the npm registry.
Download count for specific versions of a package are only available for the previous 7 days. They have a unique API end point
GET https://api.npmjs.org/versions/{package}/last-week
Note: for scoped packages, the / needs to be percent encoded. (#slack/client -> #slack%2Fclient).
They're also displayed in the Versions tab of the package's home page.
Python packages have best practices for documenting public API changes using CHANGES.txt (see an example). There are tools like zest.releaser which do automated package publish and release notes maintenance.
Do NPM packages have best practices for documenting changes a.k.a. ChangeLog? (or are people expected to make sense from Github history, etc.)
Does NPM package have automated tools for maintaining change log when doing NPM package publishing, so that release dates and version numbers would be recorded in ChangeLog?
I found npm-release script, but its functionality is limited to tagging and pushing out new NPM packages.
CHANGES.txt example from Python:
Changelog
=========
1.0.0-dev (Unreleased)
----------------------
- Added feature Z.
[github_userid1]
- Removed Y.
[github_userid2]
1.0.0-alpha.1 (2012-12-12)
--------------------------
- Fixed Bug X.
[github_userid1]
From what I have seen so far, people tend to build custom mini tools that would read the Git (or other VCS) history and output a changelog based on some internal conventions.
This is not specific to the Node.js world though.
There are actually a couple of Grunt plugins that might help you with that:
https://github.com/btford/grunt-conventional-changelog
https://github.com/ericmatthys/grunt-changelog
Grunt is one of the finest build tools out there. It's quite popular (until the next one?), and it can help you integrate this phase into your release process. We can easily imagine orchestrating the changelog task with the grunt-release plugin.
I don't have in mind any standalone tool or plugin that would allow you to do all that zest.releaser does out of the box (but that doesn't mean it does not exists).