Package Management in Elixir vs. JavaScript with Wojtek Mach & Amal Hussein

Today on Elixir Wizards, Wojtek Mach of HexPM and Amal Hussein, engineering leader and former NPM team member, join Owen Bickford to compare notes on package management in Elixir vs. JavaScript. This lively conversation covers everything from best practices for dependency management to API design, SemVer (semantic versioning), and the dark ages of web development before package managers existed. The guests debate philosophical differences between the JavaScript and Elixir communities. They highlight the JavaScript ecosystem's maturity and identify potential areas of improvement, contrasted against Elixir’s emphasis on minimal dependencies. Both guests encourage engineers to publish packages, even small ones, as a learning opportunity. Topics discussed in this episode: Leveraging community packages rather than reinventing the wheel Vetting packages carefully before adopting them as dependencies Evaluating security, performance, and bundle size when assessing packages Managing transitive dependencies pulled in by packages Why semantic versioning is difficult to consistently enforce Designing APIs with extensibility and backward compatibility in mind Using tools like deprecations to avoid breaking changes in new releases JavaScript’s preference for code reuse over minimization The Elixir community’s minimal dependencies and avoidance of tech debt Challenges in early package management, such as global dependency Learning from tools like Ruby Gems and Bundler to improve experience How log files provide visibility into dependency management actions How lock files pin dependency versions for consistency Publishing packages democratizes access and provides learning opportunities Linting to enforce standards and prevent certain bugs Primitive-focused packages provide flexibility over highly opinionated ones Suggestions for improving documentation and guides Benefits of collaboration between programming language communities Links mentioned in this episode: Node.js https://github.com/nodejs npm JavaScript Package Manager  https://github.com/npm JS Party Podcast https://changelog.com/jsparty Dashbit https://dashbit.co/ HexPM Package Manager for Erlang https://hex.pm/ HTTP Client for Elixir https://github.com/wojtekmach/req Ecto Database-Wrapper for Elixir https://github.com/elixir-ecto (Not an ORM) XState Actor-Based State Management for JavaScript https://xstate.js.org/docs/ Supply Chain Protection for JavaScript, Python, and Go  https://socket.dev/ MixAudit https://github.com/mirego/mix_audit NimbleTOTP Library for 2FA https://hexdocs.pm/nimble_totp/NimbleTOTP.html Microsoft Azure https://github.com/Azure Patch Package https://www.npmjs.com/package/patch-package Ruby Bundler to manage Gem dependencies https://github.com/rubygems/bundler npm-shrinkwrap https://docs.npmjs.com/cli/v10/commands/npm-shrinkwrap SemVer Semantic Versioner for NPM https://www.npmjs.com/package/semver Spec-ulation Keynote - Rich Hickey https://www.youtube.com/watch?v=oyLBGkS5ICk Amal’s favorite Linter https://eslint.org/ Elixir Mint Functional HTTP Client for Elixir https://github.com/elixir-mint Tailwind Open Source CSS Framework https://tailwindcss.com/ WebauthnComponents https://hex.pm/packages/webauthn_componentsSpecial Guests: Amal Hussein and Wojtek Mach.