DEV Community

Liran Tal
Liran Tal

Posted on • Edited on • Originally published at lirantal.com

2 1

npm passes the 1 millionth package milestone! What can we learn?

June 4th is a historic date where the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages.

We wanted to share some insights that we thought are interesting and could get our hands on

What are npm's most popular packages? how many vulnerabilities are associated with them?

Here are the top 3

  • lodash: 3 vulnerabilities (1 high sev)
  • request: 1 vulnerability (17 typosquatting attempts)
  • chalk 0 vulnerabilities: (1 typosquatting attempt)

How many downloads do the top 10 packages pull in?

  • debug: >40 million weekly downloads
  • kind-of: >34 million weekly downloads
  • supports-color: >34 million weekly downloads

We wrote in further detail at
https://snyk.io/blog/npm-passes-the-1-millionth-package-milestone-what-can-we-learn on more registry and community statistics such as how many npm packages were added in 2019? What are some interesting insights from the Node.js Foundation's package maintenance working group?


What can you share on your experience with npm? Happy to hear!

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Retry later