Welcome to Part 3 of this review of the Pluralsight course “Creating a JavaScript Development Environment” by Cory House.

Cory is a Microsoft MVP in C#, founder of OutlierDeveloper.com, avid tech reader, and speaker.

He believes in clean code, pragmatic development, and responsive native UIs.

He has also created reactjsconsulting.com, and has the authored Pluralsight courses including Building Applications with React and Flux and Building Applications with React and Redux in ES6.

Also in this series:
Part 1 – You Need a Starter Kit
Part 2 – Editors and Configuration
Part 3 – Package Management
Part 4 – Development Web Server
Part 5 – Automation
Part 6 – Transpiling
Part 7 – Bundling
Part 8 – Linting
Part 9 – Testing and Continuous Integration
Part 10 – HTTP Calls
Part 11 – Project Structure
Part 12 – Production Build
Part 13 – Production Deploy

Package Management

Package Managers

Cory gives a very brief overview of Bower, npm, JSPM, Jam and volo. He recommends npm.

Not mentioned is Yarn. See yarnpkg.com for details on that.

Demo: Install Node and npm Packages

We see how to download and install Node.

You can find the package.json code here: https://gist.github.com/coryhouse/29bd1029b623beb4c7f79b748dcba844

To download all of the packages specified in this file, type the following into the command prompt:

> npm install

That is a lot of JavaScript, and any of these packages could potentially contain one or more security vulnerabilities.

Package Security

There are two security scanning solutions available: retire.js and Node Security Platform, and we use Node Security Platform in this course.

There a number of options for when to run the security check. For maximum security it is best to run the security check on npm start, and we’ll see how to do this.

Demo: Node Security Platform

Install with the command:

> npm install -g nsp

Then run it:

> nsp check

Continue to Part 4: Development Web Server