Package Management in Elixir vs. JavaScript with Wojtek Mach & Amal Hussein

About this Episode

Published January 4, 2024 | Duration: 54:06 | RSS Feed | Direct download
Transcript: English

Today on Elixir Wizards, Wojtek Mach of HexPM and Amal Hussein, engineering leader and former NPM team member, join Owen Bickford to compare notes on package management in Elixir vs. JavaScript. This lively conversation covers everything from best practices for dependency management to API design, SemVer (semantic versioning), and the dark ages of web development before package managers existed.

The guests debate philosophical differences between the JavaScript and Elixir communities. They highlight the JavaScript ecosystem's maturity and identify potential areas of improvement, contrasted against Elixir’s emphasis on minimal dependencies. Both guests encourage engineers to publish packages, even small ones, as a learning opportunity.

Topics discussed in this episode:

  • Leveraging community packages rather than reinventing the wheel
  • Vetting packages carefully before adopting them as dependencies
  • Evaluating security, performance, and bundle size when assessing packages
  • Managing transitive dependencies pulled in by packages
  • Why semantic versioning is difficult to consistently enforce
  • Designing APIs with extensibility and backward compatibility in mind
  • Using tools like deprecations to avoid breaking changes in new releases
  • JavaScript’s preference for code reuse over minimization
  • The Elixir community’s minimal dependencies and avoidance of tech debt
  • Challenges in early package management, such as global dependency
  • Learning from tools like Ruby Gems and Bundler to improve experience
  • How log files provide visibility into dependency management actions
  • How lock files pin dependency versions for consistency
  • Publishing packages democratizes access and provides learning opportunities
  • Linting to enforce standards and prevent certain bugs
  • Primitive-focused packages provide flexibility over highly opinionated ones
  • Suggestions for improving documentation and guides
  • Benefits of collaboration between programming language communities

Links mentioned in this episode:

Node.js https://github.com/nodejs
npm JavaScript Package Manager  https://github.com/npm
JS Party Podcast https://changelog.com/jsparty
Dashbit https://dashbit.co/
HexPM Package Manager for Erlang https://hex.pm/
HTTP Client for Elixir https://github.com/wojtekmach/req
Ecto Database-Wrapper for Elixir https://github.com/elixir-ecto (Not an ORM)
XState Actor-Based State Management for JavaScript https://xstate.js.org/docs/
Supply Chain Protection for JavaScript, Python, and Go  https://socket.dev/
MixAudit https://github.com/mirego/mix_audit
NimbleTOTP Library for 2FA https://hexdocs.pm/nimble_totp/NimbleTOTP.html
Microsoft Azure https://github.com/Azure
Patch Package https://www.npmjs.com/package/patch-package
Ruby Bundler to manage Gem dependencies https://github.com/rubygems/bundler
npm-shrinkwrap https://docs.npmjs.com/cli/v10/commands/npm-shrinkwrap
SemVer Semantic Versioner for NPM https://www.npmjs.com/package/semver
Spec-ulation Keynote - Rich Hickey https://www.youtube.com/watch?v=oyLBGkS5ICk
Amal’s favorite Linter https://eslint.org/
Elixir Mint Functional HTTP Client for Elixir https://github.com/elixir-mint
Tailwind Open Source CSS Framework https://tailwindcss.com/
WebauthnComponents https://hex.pm/packages/webauthn_components

Special Guests: Amal Hussein and Wojtek Mach.

Transcript (English):