A practical checklist for evaluating npm packages

Posted by OtherwisePush6424@reddit | programming | View on Reddit | 4 comments

Checklist for evaluating third-party npm packages before install

[-]

Fit_Comedian_5121@reddit

One thing I would add to any package checklist is a quick removal test: if this dependency disappeared tomorrow, how hard would it be to replace? That question catches a lot of hidden risk that stars and download counts do not show, especially for tiny utility packages that end up spread across the whole codebase.

[-]

leaving_the_tevah@reddit

Did you just copy paste this from the article?

[-]

Big_Combination9890@reddit

Step 1: Is it an NPM package?

If no: Proceed.

If yes: Delete and use a real programming language.

[-]

Soggy_Grapefruit9418@reddit

One thing I’d absolutely add: check whether the package is “maintainer dependent.” Some packages technically look healthy but are effectively one exhausted person away from abandonment. Bus factor matters way more than download counts sometimes.