Today on Elixir Wizards, Wojtek Mach of HexPM and Amal Hussein, engineering leader and former NPM team member, join Owen Bickford to compare notes on package management in Elixir vs. JavaScript. This lively conversation covers everything from best practices for dependency management to API design, SemVer (semantic versioning), and the dark ages of web development before package managers existed.
The guests debate philosophical differences between the JavaScript and Elixir communities. They highlight the JavaScript ecosystem's maturity and identify potential areas of improvement, contrasted against Elixir’s emphasis on minimal dependencies. Both guests encourage engineers to publish packages, even small ones, as a learning opportunity.
Topics discussed in this episode:
Leveraging community packages rather than reinventing the wheel
Vetting packages carefully before adopting them as dependencies
Evaluating security, performance, and bundle size when assessing packages
Managing transitive dependencies pulled in by packages
Why semantic versioning is difficult to consistently enforce
Designing APIs with extensibility and backward compatibility in mind
Using tools like deprecations to avoid breaking changes in new releases
JavaScript’s preference for code reuse over minimization
The Elixir community’s minimal dependencies and avoidance of tech debt
Challenges in early package management, such as global dependency
Learning from tools like Ruby Gems and Bundler to improve experience
How log files provide visibility into dependency management actions
How lock files pin dependency versions for consistency
Publishing packages democratizes access and provides learning opportunities
Linting to enforce standards and prevent certain bugs
Primitive-focused packages provide flexibility over highly opinionated ones
Suggestions for improving documentation and guides
Benefits of collaboration between programming language communities
Links mentioned in this episode:
Node.js https://github.com/nodejs
npm JavaScript Package Manager  https://github.com/npm
JS Party Podcast https://changelog.com/jsparty
Dashbit https://dashbit.co/
HexPM Package Manager for Erlang https://hex.pm/
HTTP Client for Elixir https://github.com/wojtekmach/req
Ecto Database-Wrapper for Elixir https://github.com/elixir-ecto (Not an ORM)
XState Actor-Based State Management for JavaScript https://xstate.js.org/docs/
Supply Chain Protection for JavaScript, Python, and Go  https://socket.dev/
MixAudit https://github.com/mirego/mixaudit
NimbleTOTP Library for 2FA https://hexdocs.pm/nimbletotp/NimbleTOTP.html
Microsoft Azure https://github.com/Azure
Patch Package https://www.npmjs.com/package/patch-package
Ruby Bundler to manage Gem dependencies https://github.com/rubygems/bundler
npm-shrinkwrap https://docs.npmjs.com/cli/v10/commands/npm-shrinkwrap
SemVer Semantic Versioner for NPM https://www.npmjs.com/package/semver
Spec-ulation Keynote - Rich Hickey https://www.youtube.com/watch?v=oyLBGkS5ICk
Amal’s favorite Linter https://eslint.org/
Elixir Mint Functional HTTP Client for Elixir https://github.com/elixir-mint
Tailwind Open Source CSS Framework https://tailwindcss.com/
WebauthnComponents https://hex.pm/packages/webauthn_components Special Guests: Amal Hussein and Wojtek Mach.