如何挑選優質 NPM 套件
JS 社群最珍貴的就是有一個開放又豐富的套件庫 NPM,幾乎各種想得到的套件都可以輕易找到。
相信 JS 開發者都一定有大量使用 NPM 上的套件,然後會面臨一個問題:常常有好幾個功能相似套件,該選用哪一個呢?如果不幸用到不好的套件,後續產生的問題可是會很麻煩的。
我個人碰到這個問題,通常第一個是先看 GitHub 上的 star 數量,如果2個相似專案差距超過一個級距,通常直接選用高 star 數的。再來就是看一下最後的更新日期,如果一個熱門案子三年沒更新,又一堆沒處理的 issue 和 PR,那可能也不太適合了。
不過這樣憑感覺實在太不科學了!必須被十足的量化才好!還好有 npms.io 這個網站可以直接看量化的結果。方便挑選優質套件。
npms.io
npms.io 給予每個 NPM 上的套件一個分數,再也不用自己憑感覺決定一個套件可不可靠了!
例如我們舉 Node.js 上最有名的 express 來說,分數高達 97 分啊!實在相當可靠:
那分數評比的標準究竟是什麼呢?
根據官方的說明,共分成四大項:
- Quality 質量
- Maintenance 維護
- Popularity 熱門度
- Personalities 人格特質
下面就直接複製貼上標準:
Quality
Quality attributes are easy to calculate because they are self-contained. These are the kind of attributes that a person looks at first when checking out a package.
- Has README? Has license? Has .gitignore and friends?
- Is the version stable (> 1.x.x)? Is it deprecated?
- Has tests? What’s their coverage %? Is the build passing?
- Has outdated dependencies? Do they have vulnerabilities?
- Has custom website? Has badges?
- Are there linters configured?
Maintenance
Maintenance attributes allows us to understand if the package is active and healthy or if it is abandoned. These are typically the second kind of attributes that a person looks at when examining a package.
- Ratio of open issues vs. total issues
- The time it takes to close issues
- Most recent commit
- Commit frequency
- Release frequency
Popularity
Popularity attributes allows us to understand the package adoption and community size.
These are the kind of attributes that a person looks at when they are undecided on the package choice.
- Number of stars
- Number of forks
- Number of subscribers
- Number of contributors
- Number of dependents
- Number of downloads
- Downloads acceleration
Personalities
If two packages are similar, one tends to choose the one whose author is well known in the community.
Relationships between people are also important. When a user follows another, there’s a link between them. We can infer that people prefer packages from the users they follow.
As of this writing the personalities attributes are not yet implemented.