MyGet's NuGet and NPM news from the community (November 2016)
It’s November, the holiday season is almost there. In our fourth MyGet's NuGet and NPM news from the community, let's look at some interesting blog posts and articles found on the Internet, curated by our MyGet founders Xavier and Maarten. Follow @MyGetTeam on Twitter for more!
NuGet news
The NuGet team just released NuGet 3.5, with mostly performance improvements, features and new target frameworks like netstandard and netcoreapp. The performance improvement during package restore is phenomenal, definitely worth upgrading. And you can now package SemVer 2.0 packages as well (and publish them to MyGet).
They also published a release candidate of 4.0, with support for adding NuGet references in the project file. Which is great as we can now use MSBuild variables in our dependency definitions.
More releases at Microsoft's Connect conference. There's Visual Studio 2017 RC as well as a new .NET Core version (1.1).
Armin Reiter wrote a post titled Powershell package management – NuGet, Chocolatey and Co. He describes what OneGet is and how PowerShell package management (which is now integrated in Windows 10 as well) can be used to install and manage modules and software on our system.
Rick Strahl wrote a post on .NET Standard 2.0 - Making Sense of .NET Again. He covers what .NET Standard 2.0 means to developers and how it fits into the future of .NET and .NET Core.
NPM news
A fresh npm@latest version has landed, 4.0.2 (and a prerelease 4.0.3, adding Node 7 support and a simplified lifecycle for publish events.
Ever wondered what a package manager is made of? Why are lockfiles considered bad practice for libraries but good for apps? Shubheksha Jalan wrote a nice blog post about Javascript Package Managers 101
But what is a dependency? Is it simply code we depend on? Guy Podjarny describes the 5 dimensions of an npm dependency in detail.
What are the bots up to on npm? That was the question Adam Baldwin asked himself after analyzing who else is downloading and running / testing random modules on npm. Interesting finds, for example a package that phones home after being installed.
In 7 npm tricks to knock your wombat socks off, Tierney Coren describes a couple of tips and tricks with the npm command line. For example adding npm completion under bash, or making sure packages you install actually work with the current Node version using "engine-strict".
Elijah Manor and his team started exploring running npm scripts in a git pre-commit hook and run linting before a commit. This technique ensures no invalid JavaScript code can be committed to source control.
If you have any news to share or have other feedback, let us know using the comments below or reach out on Twitter.
Happy packaging!