 Awesome. Hello. How's it going, everyone? Good? How's the day? Good? Yeah, you sound super enthusiastic. It's the last talk of the day. I have the privilege of having the last talk of the day. Thank you very much for joining me. You can be anywhere else, but you are here, which is awesome. So I'll be mindful of your time. This was sort of a last-minute talk that has been evolved from a couple meet-ups, talks that I have thrown together. And just quickly, the node folks on the weekend were like, hey, you want to do a talk? Cool. So today, I'm going to be talking a little bit of things that you may not know about MPM and some cool stuff that we're doing. That said, before we get started, last talk of the day, I'm sure everybody's tired. Would you do me a favor and all stand up? We're going to get the blood circulating. And if you can, give me a big stretch right up and take a big deep breath. Hold it. Hold it. Hold it. And exhale. Okay, you can sit down. Got some oxygen in your heads now. Hopefully, last talk of the day, you'll listen and retain some of the information that I've got. Awesome. Cool. So let's get started. My name is Darcy Clark. That's a cool astronaut hat. I have a background as sort of a developer, designer, speaker, entrepreneur, mentor, UX advocate. I love designs. My official title right now is the engineering manager for community and open source at MPM Inc. This small little company. This was a good note. I stole this idea for miles this morning. The opinions are my own indeed. The love I give is also my own. And so the love I give to you, it is mine. And I give it to you as a real human being free of charge. And we can have hugs later if you want. They're free of charge. Quick show of hands. Who writes JavaScript? Yes. You are my people. Who writes Node? Okay, even better. You're at the right conference. MPM. Who uses MPM? Great. Thank you. Who uses Yarn? It's okay. That's okay. We're all friends. Anybody use Yarn with the PMP flag? Anybody try to test that out? No? Plug and play? Okay. Anybody use PMPM? Anybody? Okay, cool. You're probably thinking, is he having a stroke? What's PMPM? Cool. I'm sure everybody has run this. Anybody run this today? Anybody? Yeah. It's a couple. Roy, who works on my team. So you do this a lot, right? You do this a lot. A lot, a lot, a lot. And your CI systems are probably running this, right? They run this a lot, even more. A lot, a lot, a lot. This is sort of the Bart Simpson writing on a chalkboard type thing. How many downloads do you think are installs or package downloads do you think are in a month? And for the folks, don't go cheating and go check what it is. Any ideas, guesses? Across all MPM, in the last month. Last month. 32. Whoa, okay. Joe, I like that, I like that. Anybody else, any guesses? 100 million. Anybody going to go for like one prices write style? No? Okay, so we are 58 plus billion. So you guys really like to install. You folks like to install packages, right? And just to show you a little graph about this sort of exponential growth. MPM celebrates 10-year anniversary a couple months ago and we have this nice little video. I'm not sure if we're going to have audio. So we're 10 years old as of, I think, September. Jake Ryan moves plug-ins to MPM. Awesome. Huge milestones, right? MPM 5's released in 2017. MPX, a lot of people use MPX. Yeah, nice. One of the best things in the world, yeah. Holy cow. So over a million packages published, that's awesome. 10 years. Cool. So that's all awesome. But let's look beyond that, right? You do this thing a lot. You know it a lot. You probably know it better than I do. So let's talk about these things. These disparate things. We're going to talk about the packet. How many know what that is already? Not a lot of people. Great, sweet. I'm going to tell you a little bit about something that you don't know. The community, maintenance and contributing and a few other things. I'm even going to showcase some cool stuff that I don't think you've seen yet. So what happens when you install sort of the Kohl's notes here? We actually fetch this thing called a packument. And so the MPM CLI patches the packument and that has a reference to where the tar ball lives, where essentially your package is actually living at rest and we go and we download that tar ball on packet and do a bunch of other stuff. So packuments if you're wondering, yes, it is just a really, really hacky word that we threw together and it's called a package document. So if you ever hear node folks talking about packument objects or packuments, they're talking about package documents. Fun, right? Cool. It's kind of like codec, right? Everybody know codec is like also like, yeah, okay. I don't know. A lot of people didn't know. That's why it's just like compression and decompression, codec put together. Really cool. Sorry? Coder or decoder? Yeah, coder or encoding. Cool. So this is what it looks like. This is sort of the shape of this object. It looks a lot like a package JSON, right? It's got a bunch of information in here, but it's got some information in here that you may not have thought. It's got references to all the versions that you've published. And actually if we look, I can show you a live version of this. So here's low dashes, packments. It's sort of it's got things like disc tags on it. This is mutable data that essentially NPM controls. And so let's say you add or remove somebody from your team. The maintainers object will update accordingly, right? So this is not immutable data. This is mutable data that is not a one-to-one mapping to your package JSON, but it's something a little bit more substantial. And you can actually go and check out this information. The URL is just registry .js.org, and then the package name, right? Cool. So if you take away one thing from the stock and you're like, Darcy told me one thing, when you hear a packet is not equal to a package JSON file. It is mutable record. And NPM is typically the source of truth for all your packages, in most cases. If you've ever used Yarn, Yarn has an alias or essentially a C name, which I forget what the actual domain is, but we actually map right directly to the NPM registry. So if you're using Yarn, you're actually using the NPM registry still. And for GitHub package registry, if you can't find the package in there, if GitHub can't find the package information, it will actually just proxy down to NPM, which is so NPM, the registry is essentially the source of truth for NPM packages. Cool. So that's a little bit about sort of interesting information about your packages as you may not know, and sort of high level concept around that. Let's talk a little bit about open source sustainability. So did anybody get this prompt over the summer? Anybody see this? Anybody use standard JS? Right? This ran a little experiment to try to figure out a way or a mechanism to help fund his open source efforts. And so what they were doing there was essentially putting a post install script to generate an ad in your terminal, right? That sounds kind of messy and it is. And it's not necessarily something that we think is actually good for the community. So NPM unfortunately had to sort of enforce our policies and say advertising in your terminal, post install scripts, this is sort of abusive. We don't want to see these types of things happening. This is definitely something that we don't think is good for the community. That said, it was definitely a symptom of something that we know that we needed to address which was how do we support open source software development? How do we make it economical and sustainable for developers to essentially make money through their work? And so we wrote this blog post in late August and the key here was we noted, we know this has been a long time coming. NPM's in a great position to help address this problem and the time to solve it is now. And just so you know, I've been at NPM for all of about four months and this happened to coincide with me starting there. So this became my number one goal as to how do we help or make a difference here. So as of NPM 613, we landed something called funding. Who's heard of funding field? Anybody? Nice. Anybody using it? Anybody define it for the packages? Wes, nice. Roy, hopefully you tested it. Roy in the back works on my team. He's actually the person that implemented in the CLI. So the funding field looks like this and this was a spec in sort of a shape that we had been seeing other third party sort of teams like open collective and the package maintenance working group had also started to draft a scheme around this type of field that would help define a reference to a means for you to drive traffic for specifically for an option to fund your open source development. So this is what it has. It's a funding field and it's got two keys there type and URL. Type is pretty ambiguous right now. We don't actually have any kind of way of sort of transforming from the URL back down to let's say get hub and in the future we could see this being utilized for things like foundation or corporate or the terminology could eventually become more meaningful but right now the type is pretty much there for foundation. The URL is a really important piece in this spec. So something interesting now happens as of MPM 613 when you run MPM install you get this nice little prompt. Three packages are looking for funding now it's going to change this number changes every time you run this but what we are doing is essentially bubbling up when your dependencies have defined this field. We are bubbling up the fact that somebody has explicitly noted that they would love if you could help fund them or that they have a mechanism for you to help fund or give them money. If you run the MPM fund command it will actually print out this nice tree do some dedupping as well which is really nice and showcase these references. And then if you actually run MPM fund with the name of the package it works very similar to MPM repo in which it will try to figure out where to essentially open up a browser and where to send traffic so I'll show you what that looks like. So here I've got terminal I'm going to say what version am I on 613 awesome if I run MPM in it yes I create a new package JSON I install some depths I'm going to install this nice dependency I've made called sleepover it's really fun it's cool and I've defined the funding field in my package JSON so if I run MPM fund it shows me my information so I have a get hub sponsors page that I referenced and if I run MPM fund sleepover it actually prompts and opens up that page so you can immediately go and donate or become a sponsor to me feel free to buy me a coffee if you'd like it's only $5 a month to support me shameless plug cool so this is something we think is really meaningful impactful it's really just the first step in us trying to help solve this problem with the community and we're excited about where we think it can actually take us and sort of moving forward and we've got some cool stuff coming down the pipeline that I'll talk to in a couple minutes here so let's talk a little bit about the community so for MPM over the last few years we had actually last year we sort of jumped over and started using discourse forums to run most of our community discussion through and discourse through and we've actually since archived that discourse forum and are now driving our community back to GitHub and GitHub issues we reopened issues on the CLI which was much appreciated I think by a number of you know folks in the community and if you actually go to the landing page today you'll see a number of pieces of information about a public events calendar that we now have available references to our documentation our more tailored support portal as well as the archive forums which still do exist and let's talk a little bit about maintenance so if you ever want to know the health of let's say the registry you can always go check status.npmgs.org but there's actually a new project that we've kicked off my team has kicked off called the essentially the project status board so you can actually go to our GitHub org and you can go check out the health of all of our open source projects and we're starting to bubble up this information not only for our own team to identify where we need to essentially fix or increase test coverage or update licensing or terms or what you know what packages have vulnerabilities but which will help define essentially where we spend our time but this is great to also showcase and be proud of when let's say the test coverage is 100% on a bunch of packages it's great to show the community that we're working hard here so this is a sort of a net new tool that we're using it's inspired by Wes Todd who works on package maintenance working group works at Netflix he built something very similar for Express and we sort of took this concept and I've been running with it we've got some really cool features here you can show and hide columns you can be like who you know who still supports like MPM or node version 0.8 yeah no joke like I think we need to like archive that project so yeah and test coverage is like terrible so we need to need to get that in shape so this is really for me as in terms of like an engineering manager or a project manager this is really good because it helps identify in sort of a high level view that the health of our projects at MPM so contributing so if you're a contributor open source or you're considering contributor open source we've been trying to evolve and sort of grow the story of how you can contribute to MPM and our work we do we are usually radically as radically transparent as possible you can actually go check out our Kanban board you can go see like how many people have like an open jeer or kanban board that you know like everybody in the world can look at anybody anybody there's a couple yeah wow okay if you maybe in the open source there's a couple teams that will have like an open projects board I don't know any other team that does this so I'm just can't wait until somebody like makes fun of me for like how I've named my columns or when we like start to move our epics around it's gonna be real fun but you can actually go we've started to use Zenhub so it's essentially adds a layer on top of GitHub projects or like GitHub issues and pull requests this is what our board looks like right now you can actually go see what we're prioritizing you can see how we're prioritizing the work that we're doing you can actually go issues that you'll make and PRs that you'll make actually land in this board and you can see how they move across from a backlog ticket to a to-do to something that's in process in review done and then closed off and we're really excited about this and sort of sharing this with the community you can actually see how we're operating day-to-day and hopefully you know it becomes a nice source of truth for us being that just radically transparent with the work that we're doing awesome so we also have obviously open issues and PRs now issues were reopened on the CLI which was really nice we have this concept of RFCs so you can actually request a feature from us from NPM the CLI the registry if you go to our GitHub org and at the very top we have a project called RFCs you can actually create a pull request and ask or sort of outline a feature that you'd like to see us implement and going further we've started to run open RFC calls bi-weekly taking sort of the learnings from the Node Foundation the way they operate and OpenJS Foundation and running bi-weekly meetings that anybody can join we stream them on YouTube and you can actually join the Zoom calls you can see here's some lovely faces you can go there's archived I mean I'm in the middle of saying something here Royce Royce you look pretty disinterested but yeah this is awesome so we're creating these sort of artifacts about how you know how we're operating and why we're making decisions and we're also hoping that you will come collaborate with us have discussions with us and you're totally enabled to come do that we'd be excited if you came and joined us we've got a number of these calls now on our YouTube page that are backlogged so as well as we have docs that's a reference to our old docs I may or may not have a link for you to use to go check out our net new docs you can go to preview-docs.npmjs.com and you actually see a new experience we're currently still baking this but it is the most up-to-date actual source of truth for our docs we're going to give them a nice little rebrand and refresh which is awesome and we're hoping this is going to really help we're going to include search in this as well with something that people have asked for years like hey can I search the docs can I delegate we know that it's been tough we're trying to fix that so if you go to preview.docs.npmjs.com you can go see this new experience it's awesome cool we also actively, my team actively works very closely with the node foundation we're sitting on some of the working groups including the package maintenance working group and the tooling working group so if you're ever looking around and we're doing the open source world you'll probably find us in those calls so what's next for npm what's some cool stuff that I can share with you so coming down the pipeline we have the concept of multiple founding entries so Jordan and Harvan who actually works on npm so who uses npm here lots of folks right it's awesome which just got recently pulled into the JRS foundation which is awesome yeah Joe's like yeah it's awesome and he's been helping us he wants to see essentially that idea of you know a single record for funding turn into multiple records that can be utilized for let's say multiple maintainers or let's say maybe Patreon links or something like that there's a lot of opportunity here and we're currently sort of sussing out the ROC for it npm7 has been on our backlog for a long time we're actively working on it and we have queued up the concept of workspaces which we know people have told us for forever you know we have workspaces in Yarn, Lerna like we want them from npm it's coming also with the refactoring work that we've been doing there's a whole bunch of performance wins that we've been seeing and it's just cleaning up the code we are hopefully going to have npm7 a version of npm7 staged and ready to be consumed not ready to be released fully but in early Q1 stage publishes and scoped awe tokens are something that I'm championing internally right now to try to sort of sophisticate the CI publish workflow for folks and if you're interested in this if you need to ping me afterwards there's a lot that's going into this there's a lot of discussion that's going into this and the last thing here is package exploration and package jiffing I'm sure you've always wanted this right? why has this never been a thing on npmjs.com like why the source of truth for my packages is npm why do I have to go to GAB and check out a repo which may or may not be the same thing so who would like a demo of some cool stuff yeah? I can't hear you okay, sweet so I'm going to demo some stuff for you right now try to go as quickly as possible but what I'm going to demo is actually live right now we pushed yesterday and there were some folks that I'm not sure if they're here Jason Miller from Google sort of undercut me quickly oh and PS I was like I knew you would want to see a demo so I was like nice cool so he quickly found this and I'm sure if you've already been to the website you may have seen it already we've been making some edits to npmjs.com we've been making some improvements first of which is some CSS love which will continue to happen the mobile experience right now isn't great we're going to continue to make that better but what you may or may not have seen we now have a nice new tab on your package pages can anybody figure out which one's new explore right cool you're like whoo Darcy come on oh low dash doesn't work okay actually am I logged in so we have a and I'm going to start to show you what Roy you giving me a hard time oh yeah okay react so two things to note actually so this is a perfect example thank goodness I went to this first and I told JDD if he's in the audience which is not that would go low-dash first this is very limited beta we haven't fully baked this there's lots of features that we're going to be rolling out soon but this is definitely something that we've heard everybody wants if you go to let's say react you can actually go around this is there's limited availability as well so your user count has to be a paid teams to get access to this today although we'll be rolling out to everybody in the in the future go ahead nope it's expanding the target this is the source of truth which is also why you might see this nice little integrity and show some value at the bottom here just to let you know this is exactly what is in the registry and you can click around you can look at you know your files and you can be like oh my goodness like this is crazy Facebook and some really crazy we're going to look at some licensing here stuff what's really interesting is oh you get like versioning for free so let's go to like an old version of this package 611 and we go back to the Explorer page looks like a package look at this I'm on 611 pretty awesome you'll notice that the install script is also being updated so that it actually adds the specific version you're looking at so you can copy and paste that and quickly install that specific version so there's all these little tweaks there's all these amazing things that we are rolling out from our team from the team at MPM thank you very much you'll notice some other improved the sidebar everybody was getting tired of seeing github everywhere on your package page it's like they owned the world right like githubgithubgib it's like come on there's my names in there somewhere right github.com slash Darcy Clark right so we re-open re-expanded the URLs for repos and homepages this was sort of a pain point people were not you know like this didn't look very good we also have now bubbled up the unpacked size information there you know that there's other community tools bundle phobia etc that provide also this sort of metadata we're working on you know giving you a better experience online here so cool maybe there's a better yeah I know come on Roy whoa man come on you're like giving away the here we'll show you one more this is mount good yeah this this one has like is like super deeply met nested like information cool so let's go to a package page that has defined funding so my cool little sleepover package look at that look at this new little button right so again very similar you know github sponsors and you know open collective there's a million different ways for open source developers now to try to make money we wanted to weigh a mechanism again to to make this meaningful so when you define that funding field we now will add this button to your package page it quickly will as you would guess when I click it it's going to take me to that that link right and yeah so like lots of cool little improvements over time we imagine this to expand when we have multiple funding we're going to have some new capabilities there and there we options Roy am I missing anything now we good they were good are you sure we're good well we can I don't know is there anything else I don't think we're I think we're good so that's just a few say so we do have run kit so if you've ever like gone to a website or MPM package page sorry have you seen this little button you click on it it takes you to run kit which you can actually start to play with let's say the MPM package just so you know this is I do have code maybe sitting on a branch for having this embed in the actual website itself so that may be coming so if I say sleep let's say I'm pulling this guy out I'm going to say sleep for 202 seconds then we'll console log hello and you can just this library sleeper essentially is using atomic weight to halt execution and then do something so this is actually running in the browser so yeah this is a sandbox in repel in the browser if you've never seen it before so this is on the package page so kind of fun to be like if you want to try something you can just click on that button try it out it's pretty awesome cool so I think that's about it I think that's all I got for you there may or may not be an extra commander here or there that you can run to see some cool stuff in your free time if you happen to run MPM Xmas it might do something but yeah again I'll be here actually all week the collaborators sediment for a lot of Node.js folks that are Node.js foundation folks are getting together on the 13th 14th where we'll be discussing sort of the future of standard spec and for us MPM so feel free to join us at that you can follow me I have the sweet handle Twitter handle called at Darcy my first name pretty sweet I get a lot of Mr. Darcy references feel free to follow me there and thank you very much for listening