The npm package registry is famously lax when it comes to package quality. You can publish your package using any module format that you’d like (CJS, ESM, UMD, etc). You can skip the package description, author information, documentation, and even the license and npm won’t complain. It’s even possible (and in some ways, easier) to build a package with no link to the original source repository at all, and no license to protect your users from legal risk.
Low friction publishing allowed npm to grow quickly, but at the expense of overall ecosystem quality. When analyzing npm, we found that 25.2% of all packages don’t link to their original source code (no “repository” field) which prevents simple code auditing and accountability. Even more shocking is the fact that 10.6% of packages appear unlicensed, with no open source license explicitly mentioned in their package manifest.
Today, we are excited to introduce a new Skypack Quality Score for every package on npm, to surface and help fix common package issues. The Quality Score is primarily a tool to help package authors build better packages. But at the same time we’ve connected it directly into Skypack’s search algorithm and catalog UI, to give users a better high-level understanding of each package that they evaluate.
Lighthouse for JavaScript packages
Just like Lighthouse, getting a 100 perfect score for your package can take a few tries. Getting one without trying is nearly impossible (it’s very rare!). Of the most popular frontend frameworks tested, Preact was the only one to get a perfect score.
If your packages don’t get a 100/100 right off the bat, that’s totally fine. As you can see above, some of the most popular frontend packages aren’t even there yet! The point of the Package Score is to surface issues to both package authors and users that were previously going ignored.
When you see a failed quality check, Skypack provides additional information and actionable steps to fix any issue. Most checks can be resolved in under a minute, usually with just a one-line change to some metadata in your `package.json` manifest. Our documentation will guide you as you make these changes.
@skypack/package-check: quality meets developer workflow CLI
While the idea of a package quality score was originally designed for the Skypack search catalog, we quickly realized that these checks also make an excellent developer tool.
We’re excited to launch @skypack/package-check to help you run these same checks on your package during development. No more publishing to npm just to test changes. Instead, just run our CLI manually or as a part of your automated package test suite.
No tests for your package yet? @skypack/package-check can be your first one!
/* package.json example - run "npm test" or "yarn test" */
"scripts": { "test": "package-check" }A passing score with package-check will guarentee a perfect score on Skypack. As the npm ecosystem continues to evolve, we’ll keep updating this tool with new and improved checks to help you keep your packages healthy and up-to-date.
The package.json “exports” field, for example, is a fairly new feature in Node.js that can be hard to get right at first. But, the field is also expected to be an essential part of Node’s transition from Common.js to ESM. If you haven’t added one to your project yet, now is a great time to do so! Just install @skypack/package-check in your package and run the “package-check” CLI to get started!
Happy hacking!