Enterprise

JavaScript in 2019
Essential trends and analysis
11 million users and growing fast
In January 2018, we ran our first-ever user survey and were blown away by the response. We combined the results with our extensive logs of npm Registry
activity, and produced a number of widely-read presentations and articles, including npm’s 2018 in Review and Predictions for 2019. This year, over 33,000
respondents took part, more than twice as many as last year.

The survey and its analysis were very popular — too many businesses using JavaScript clearly have no idea what their developers are doing or how to
empower them. We were happy to provide this much-needed context from our vantage point at the center of the wider JavaScript ecosystem. With this year’s
survey containing twice as many respondents, we’re hoping to get even more insights than last year, as well as provide the start of year-over-year trends.

A more How long have you been using JavaScript?

percentage of npm survey respondents

sophisticated
user base 40%

36%
The biggest trend in this year’s survey 30% 34%
was a broad demographic change that
showed up over and over in all our other
results: npm users are becoming, on
average, more experienced with npm
26%
20%
and with JavaScript. The first sign of this 23%
19% 21% 19%
was our question specifically on how long
users have been using JavaScript, which
we ran in both 2017 and 2018’s surveys. 10% 14%
Overall, the percentage of users who
have been using JavaScript for more
than 5 years went from 40% to 49%, a 5% 4%
shift of more than 1 million users into that 0%
category. < 1 year 1 - 2 years 3 - 5 years 6 - 10 years 10+ years

2017 2018

2
 99% of JavaScript developers
will use npm in 2019

In 2017, more than half of npm’s users had been using it for less than 2 years. In 2018, this was true
for only a little over a third of our users. In fact, there are so many experienced users that this year
we added a new category.
Conclusion
Growing more experienced both in
How long have you been using code from npm? JavaScript in general and npm in
percentage of npm survey respondents particular, npm’s user base is more
sophisticated than in the past. This
reflects an explosion in npm usage
80% that started 5 years ago, creating
a demographic “bulge” that is now
beginning to flatten out as npm adoption
reaches saturation of the JavaScript
developer community.
60%

The data points to a second conclusion:

as the percentage of users new to
52% JavaScript and new to npm get closer
40% together, it appears that existing
JavaScript devs have finished adopting
npm and new JavaScript devs all
learn npm at the same time they learn
20% 27% JavaScript. Last year we believed about
85% of JavaScript devs use npm and by
the end of 2019 we believe this number

9% 12% will reach 99%.

0%

< 1 year 1 - 2 years 3 - 5 years 6 - 10 years

3
 83% of developers are concerned about
the security of open source code

Are you concerned the OSS code you use is secure?

Developers are percentage of npm survey respondents

increasingly
concerned about 100%

the security of open

source code 75% 83%
It’s no secret that in 2018 npm doubled
77%
down on our role as a provider of
security solutions to the world of open
50%
source JavaScript, providing our npm
audit service as well as deeper solutions
to npm Enterprise customers. We also
spent a lot of the year speaking at
conferences, appearing on podcasts 25%
and writing blog posts about the state of
23%
JavaScript security to raise awareness. 17%
Our efforts are paying off, with more
developers waking up to the risks as 0%
well as the benefits of open source Yes No
JavaScript.
2017 2018

4
 46% of developers use code
scanning tools like npm audit

The number of npm users concerned about the security of the open source code they use
jumped by 8% from 2018 to 2019, reflecting both our efforts and our more sophisticated user base.
We asked developers what methods they use to secure their OSS code.

What methods do you use to ensure the security of your code?

Conclusion
percentage of npm survey respondents
The most popular method for securing
open source code was code review,
80% practiced by 76% of developers, up from
69% last year. Automated code scans, like
76% those provided by npm audit, are popular

60%
69% with 46% of developers. Third-party code
audits also rose, to 23% of developers. But
23% of respondents still employ none of
these methods.

40% 46% In 2019, npm will be rolling out additional

39% security solutions to both npm Enterprise
customers and the larger npm
community, and we will continue to raise
20%
23% 24% 23% awareness of how we can help everyone
write safer JavaScript without creating
17% barriers to existing development flows.

0%
Code review Scanning Audits None

2017 2018

5
Key finding: licensing is a major factor in package use
In our conversations with major enterprises in the last few years,
we noticed that a common concern was package licensing and
compliance: companies don’t want to be using software they’re not
entitled to use, for both moral and legal reasons. After gathering
anecdotal evidence of this trend, we decided to ask our survey users
about it, and the results were surprising.
Does a npm package license impact your decision
to use it?
percentage of npm survey respondents
Yes
58%
No
42%
A huge 58% of npm users said that the license of a package impacts their
decision to use it, indicating that the compliance issue is of concern to a
much greater portion of our user base than we expected. But is this concern
about licenses just amongst devs, or are restrictions on licenses enforced by
companies? We asked that too, and were again surprised: 55% of developers
who care about licensing are prohibited from using certain licenses by their
companies.
Does your company prevent/prohibit you from
using certain licenses?
percentage of npm survey respondents for whom licensing is an issue
Yes
55%
No
45%
6
 29% of npm users are prohibited from
using certain licenses

With a surprising 29% of npm users prohibited from using certain licenses, npm will be
accelerating our plans to release features in npm Enterprise that help users track and manage
the licenses in use in their applications. We also dug deeper and asked developers which licenses
specifically would be likely to cause a problem with their employer:

What licenses does your company prevent you from using?

percentage of npm survey respondents prevented from using certain licenses

Conclusion
80%
While it’s no surprise to see concerns
about GPL and AGPL code, it was a
surprise to see that a bigger concern
60% was code without a license, or code
64% 63% with a non-standard license. Preventing
unlicensed code and code with hostile
licenses into your code base is clearly a
40% concern for our maturing user base, and
43% npm intends to respond to this need.

34%
20%

0%
8%
Unrecognized Code GPL AGPL Other
licenses, without
e.g. WTFPL a license

7
 46% of JavaScript devs are building
native mobile and desktop apps

JavaScript: for Where does your JavaScript run?

percentage of npm survey respondents

the web, but

Conclusion
JavaScript has broken out of
not just for the 100%
the browser and become a
general purpose programming

web 97% language, put to all the same

uses as other programming
75% languages. In particular,
77% JavaScript has become a
We’ve known for a while that npm’s
major force in the mobile
dominant use-case is people building 50% app development world. A
web applications: 97% of npm users are
46% number of popular desktop
building applications for browsers, with
applications such as Slack are
74% targeting mobile browsers. We also 25%
written in JavaScript, so we’ll be
found 77% of developers were writing
watching to see how the native
server-side code, i.e. Node.js. We also
13% app development community
found a surprising 46% of developers 0%
within npm grows.
write code for native apps, running Browsers Servers Native Embedded
apps devices
in desktop and mobile environments.
Another 13% write JavaScript for
embedded devices, aka “IoT”.

8
 63% of npm users are using React, the
most popular framework ever

Last year we reported that 60% of survey respondents were using React How often do you write React code?
and this year that number has risen to 63%. We knew that React would be percentage of npm survey respondents who write React code
a force this year, so we asked a few deeper questions to determine how
engaged its users were.

How would you characterize your React usage?

percentage of npm survey respondents
I primarily write
React code 49%

I write React code

in some projects 33%
I write React code
57%
I occasionally write
I use React code
React code 15%
written by others 6%
I have tried writing
I do not use React,
React code 2%
but am considering it 15%
0% 10% 20% 30% 40% 50%

I do not use React,

and am not considering it 21% Within React developers, fully half say they primarily write React. If you
include the “some” group, then 82% of React developers write it sometimes
0% 20% 40% 60% or mostly, which means 47% of all npm developers are writing React some
or most of the time.

Our first interesting new data point was that an additional 15% of
developers who are not yet using React are considering doing so,
suggesting there is still room for React’s growth to continue. Within the
57% of respondents who said they are already writing React code, we
asked a further question to find out how often they were doing so – are
they casual users or committed React developers?
Conclusion
Within npm’s enormous user base there are approximately 5 million React
developers worldwide. There has never been a JavaScript framework this
popular before, and it is more than twice as popular as the next-biggest
framework, Angular.

9
 62% of npm users reported
that they use TypeScript

How would you characterize your usage of TypeScript?

TypeScript has percentage of npm survey respondents

become a major
community I write TypeScript
42%
within
JavaScript
I use TypeScript
written by others 4%

I use libraries that

use TypeScript 15%
One of the biggest surprises of last year’s
survey was TypeScript: 46% of respondents
said they used TypeScript! Since “using” I do not use any
TypeScript is a question with some TypeScript 38%
ambiguity, we went deeper with more
questions in this year’s survey. 0% 10% 20% 30% 40% 50%

This year, the number reporting TypeScript
usage was even higher: 62%. However, a
significant 15% of developers don’t write
TypeScript themselves, but use third-party
libraries that use TypeScript. This shouldn’t
be a surprise – the popular Angular
framework is 90% TypeScript, and Ember
and even React feature some TypeScript in
their code base these days.
Still, 42% of developers report that they write TypeScript themselves, and within that group 86%
said they write it sometimes or primarily.
Conclusion
Overall, 36% of npm users are writing TypeScript some or most of the time. That a third of the
users in the JavaScript community are writing a totally new flavor of JavaScript should make
everyone sit up and take notice.

10
 33% of npm users deploy
serverless code

What’s new? How do you deploy your JavaScript?

percentage of npm survey respondents

In addition to digging deeper into

existing trends, we went searching for
new technologies our user base might
be adopting. JavaScript is famous
for being full of early adopters, so we
were not disappointed to discover that
npm’s user base has already leaped
Containers
(e.g. Kubernetes)
56%
onto some newer trends.

PaaS
(e.g. Heroku) 38%

Serverless is big VMs managed

directly 35%
We know that 77% of npm users deploy server-
side code. This year we also asked them what
methods they used to do so. Most developers Serverless
use multiple methods, but we were surprised to
discover that fully 33% of developers are using
(e.g. Lambda) 33%
the still relatively new “serverless” technique,
also known as Cloud Functions or Lambdas. 0% 20% 40% 60%
Less surprisingly, containers such as Kubernetes
were the most popular single method for
deploying code in 2019.

11
 72% of all npm users are using or
considering using GraphQL in 2019

GraphQL Do you use GraphQL?

percentage of npm survey respondents
If you read our posts about last year’s survey,
you’ll know that one of our predictions for 2019
was that GraphQL was going to become a big
deal. We anticipated this trend in our survey
data and asked more questions.
I frequently use
GraphQL
7%
As we already knew, GraphQL has
comparatively low adoption: only 7% of
developers use it frequently, though 23% of
In some projects
developers use it at least some of the time.
We don’t have data from last year that shows
16%
exactly what kind of growth this represents, but
we did ask developers this year if they were
considering adopting GraphQL. The answer was No, but
huge: fully 49% of all npm users are considering considering it 49%
using GraphQL in 2019.

No, and not

considering it 29%
0% 10% 20% 30% 40% 50%

12
 54% of npm users are considering
using WebAssembly

WebAssembly Have you heard of WebAssembly?

percentage of npm survey respondents

In the latter half of 2018 we became

very interested in the potential
WebAssembly (aka WASM) holds for
the future of JavaScript and npm.
Modules written in WebAssembly can
interoperate seamlessly with existing
npm modules written in JavaScript,
Yes, using it 3%
which holds great potential for bringing
in existing libraries written in other
languages. We asked our users if they Yes, interested
were similarly excited, though we in using it 54%
tempered our expectations knowing
WASM is still a very early tech.

While only 3% of npm developers

report themselves to be actively using
Yes, not interested
in using 21%
WASM in 2018, a massive 54% are
paying attention and interested in its
potential. This is a very strong sign for
WebAssembly’s adoption in 2019 and No
22%
beyond.

0% 20% 40% 60%

13
More to come
This initial peek into our survey data is just a taste of the
analysis that we plan to provide to the JavaScript community.
We’ll be digging deeper into the initial survey and sending
follow-up surveys to specific groups within the user base who
volunteered to answer additional questions. We’re extremely
excited about where JavaScript is going to go in 2019 and
enthusiastic about finding out what we can do to help
developers get there.
About npm
npm, Inc. manages the world’s largest collection of reusable
code and empowers over 11,000,000 JavaScript developers
with industry-leading tools and services. With solutions that
support the secure use of packages across teams and
enterprises, npm reduces friction and increases efficiency
across the software development lifecycle. From individuals
to large organizations, npm helps developers maximize the
power of open source software. Founded in 2014, npm, Inc.
is funded by True Ventures, Bessemer Venture Partners, and
Sutter Hill Ventures, and is based in Oakland, CA. To learn more,
visit npmjs.com
14