With so many NPM packages available, choosing the right one can be overwhelming. While there are plenty of options, some stand out as better choices than others. What packages will help you build your next project?
Popularity matters
The most popular NPM packages are generally safe choices. Packages with larger developer bases will have more support, tutorials, samples, and discussions available to aid in development. They are also generally more well-maintained and regularly updated.
Popularity is not necessarily the end-all, be-all however. Packages will die off and be left unmaintained. Even if a package has millions of downloads, it may be unmaintained, insecure, or incompatible. In general, it is difficult to justify using abandoned packages on new projects regardless of popularity.
Vincit’s Foundational NPM Packages
Over years of building successful projects, Vincit developers have come to rely on a handful of notable NPM packages. These may or may not be popular, but are tried and true tools that have proven their reliability across dozens of builds and serve as a foundation for most projects.
ExpressJS
The ExpressJS package has been around for more than 15 years and is one of the most popular options for creating NodeJS servers and services. Vincit has used ExpressJS extensively in projects to build backend services and have always been happy with the results.
One possible downside to using ExpressJS is the library didn’t see a new release for a very long time and some of it was sort of outdated. However, version 5.0 was released in October 2024 and brought with it sorely needed security updates and maintenance improvements.
Zod
Zod is a popular and powerful TypeScript-first validation library for ensuring that data formats and types match what is expected at runtime. By defining a validation schema, and what the expected data should look like, Zod will automatically infer static TypeScript types for the data, reducing the need to separately define type definitions.
Maintaining data integrity throughout an application has many use cases. For example, Vincit has used Zod in to ensure that API inputs match what is expected, pairing it together with ExpressJS. Other use cases include client-side form validation and validating configuration objects, such as environment variables.
Lodash
Lodash is a bit of an elder statesman in the JavaScript world, but its usefulness has never waivered. Lodash is a modular utility library that provides tools for handling common tasks, such as manipulating arrays, objects, strings, and numbers. Due to its modular nature, all functions can be installed individually, for example, lodash.cloneDeep.
Lodash’s utilities are so useful that their functionality often get integrated into JavaScript directly – Object.entries(), Array.includes(), Array.find(), and String.trim() are all examples of native JavaScript functions that first appeared in Lodash or its original library Underscore.
Lodash functions are commonly used in Vincit projects to simplify data transformations - e.g. using lodash.merge to do a deep merge of two different objects.
A modern replacement – Radash – has recently started being used in Lodash’s place.
date-fns
date-fns is a utility library for manipulating, parsing, and formatting dates. JavaScript’s Date objects are notoriously difficult to handle without tools like date-fns (or Luxon or its end-of-life brother moment.js); it lacks timezone support and its parsing behaviors are unreliable, for example.
Vincit has relied on date-fns for complex date manipulations and has used it successfully to standardize date formatting, handle timezone conversions, and for calculating time differences. Using date-fns has resulted in cleaner, more reliable, and more understandable code.
The upcoming Temporal object will reduce the need for such libraries, however. Temporal will bring with it similar functionality to date-fns but without the dependency requirement. It remains to be seen if Temporal will fully replace date libraries, or if they will continue to have some functionality Temporal does not recreate.
Socket.IO
Socket.IO is a powerful JavaScript library that enables real-time, bi-directional communication between web clients and servers, allowing for instant updates across multiple clients at a single time. It is particularly effective for building interactive applications such as chat apps and collaborative platforms.
One of Socket.IO’s primary capabilities is its ability to handle WebSocket connections while providing fallbacks to other methods like polling when WebSockets are not available, ensuring compatibility across diverse environments.
One notable feature is Rooms, allowing messages to be sent to a subset of clients. With this model, clients can subscribe to specific channels to receive and send channel related messages.
Vincit has used Socket.IO in the past to build out chat applications and dashboards that require real-time updates for things like sales and visitor metrics.
TypeORM
TypeORM is a highly versatile ORM (Object Relational Mapper) library for TypeScript and JavaScript that simplifies interactions with databases. TypeORM is unique compared to most ORMs in that it supports both the Data Mapper and Active Record patterns. Combined with extensive database support (MySQL, PostgreSQL, SQLite, and even NoSQL systems like MongoDB), TypeORM is a truly powerful and flexible option for managing databases.
TypeORM can leverage decorators to define the schema directly within class models, thereby aligning the database design closely with the architecture of the application. The synchronize option in TypeORM configuration controls whether the database schema should be automatically created and updated to match the models defined in the application code every time the application is launched. However, developers should be careful with this option since automatic synchronization, especially column changes, can lead to data loss. For production, it's safer to use manual migrations to handle database schema changes.
Puppetteer
Puppeteer is a library that serves as a middle layer between a NodeJS application and a Chromium or Firefox browser. Puppeteer allows for rendering a webpage and then interacting with the rendered page in various ways. Notably, it will render JavaScript and allow for pages running on frontend frameworks like React or Vue.js, a marked improvement over its predecessors wkhtmltopdf and the much more limited Phantom.js.
Vincit often uses Puppeteer to render HTML reports and output them as a PDF which is significantly easier than using a library to draw the equivalent PDF. Another use case is extracting data from webpages to be processed – for example, the bulk data for the WIPO IPC dataset is most easily ingested via HTML it provides but doesn’t pre-render.
Conclusion
Selecting the right NPM packages can be the difference between a sluggish workflow and a seamless development process. The seven packages outlined above – ExpressJS, Zod, Lodash, date-fns, Socket.IO, TypeORM, and Puppeteer – help propel Vincit projects to efficient, scalable, and maintainable success. Whether streamlining development, improving performance, or enhancing UI, these packages empower engineers to code smarter and ship faster. The best developers don’t just write code — they leverage the right tools to maximize impact.
Otto Kivikärki,
Staff Software Engineer
