'The State of JavaScript Frameworks, 2017'

An anonymous reader shares some new statistics from Laurie Voss, co-founder and COO of npm (the package manager/software registry for JavaScript): The sum of all the package downloads in the npm Registry shows that the npm ecosystem continues to experience explosive, continuous growth... Right now, we estimate about 75% of all JavaScript developers use npm, and that number is rising quickly to reach 100%. We believe there are about 10 million npm users right now.
The first post in a three-part series graphs the popularity and growth rate for seven JavaScript frameworks.

• Preact is tiny but the fastest-growing.
• Vue is also very fast growing and neck and neck with Ember, Angular and Backbone
• Ember has grown more popular in the last 12 months.
• Angular and Backbone have both declined in popularity.
• jQuery remains hugely popular but decreasingly so.
• React is both huge and very fast-growing for its size.

FALSE

[Anonymous Coward]

There is no statistics for the Vanilla JS [vanilla-js.com] library.

Why people continue to use librairies and frameworks in 2018 is baffling. INTERNET EXPLORER IS DEAD, why the fuck are you still dragging megabtes of librairies and frameworks?

Re:

[Hal_Porter]

Soon... Soon...

Re:

[Actually, I do RTFA]

Well, compiled down to WebAssembly, but yes.

Re:

[fluffernutter]

C is just stupid, Assembler was fully functional on its own.

Re:

[fluffernutter]

Exactly, sometimes higher level is better. It usually depends on precisely the problem you are trying to solve. Same for javascript frameworks.

Re:

[murdocj]

C is incredibly portable. If you are getting hung up on "machine-dependent types" you are doing it wrong.

Re:

[Anonymous Coward]

We have had safe/safer alternatives to C for decades. Things like Algol, Ada and Pascal for example.

Guess what? Programmers hated them and chose C instead.

Re:

[dinfinity]

So is Java, so is C#, so is PHP (it has come a long way -- especially compared to JS).

Plenty of successful, effective people use frameworks and libraries in projects in those languages.

Re:FALSE

[jlowery]

Node.js developer here. I've written probably 10K+ lines of jQuery code. I wouldn't start a new project using the push-pull DOM based approach jQuery offers. I've written enough React to know it's a far superior, data-driven approach.

Now, I do use Babel, which is a little harder to defend. At some point, there will be no point in transpiling ES6 to ES5 code. But that moment hasn't yet arrived. Node.js still doesn't support ES6 imports, except in 'experimental' mode. I use them because they have a much cleaner syntax than CommonJS require().

As for other libraries--why would you rewrite from scratch code that you can obtain from the internet and is well-tested, often written by people more knowledgeable than you? You should be focusing your efforts on your code business, and leave stuff like data-caching, transport, authentication, animation, responsiveness, etc. to people and companies who are actually good at it. The best you can hope for is to spend time rediscovering all the mistakes they encountered.

Re:

[h33t l4x0r]

Hmm, I like React too but I will still use jQuery unless there's a lot of Javascript involved. Also I'd give them both up and use Flash again if those jerks hadn't killed it.

Re:

[mrun4982]

Because we don't like to reinvent the wheel. I worked with way too many people who insist on doing that and it drives me crazy.

Re:

[fireman sam]

If people never reinvented the wheel, we'd still be rolling on stone.

BTW, it isn't always about reinventing the wheel, but rather providing a solution that just solves the problem and doesn't include a bunch stuff that isn't needed. Many javascript developers I've worked with will bring in a third party library to utilise one function in the code. Not only does this increase the resulting code size, it also introduces a dependency on someone else who happens to be maintaining (or not) the package used.

Oh, a

Re:

[BinBoy]

Vanilla JS is too expensive.

Great

[Hognoxious]

The three I've heard of are in decline to varying degrees.

Shoot me. No, get off my lawn and then shoot me.

Re:

[edittard]

Don't worry, this year's climbers will probably be next year's lamers.

Frameworks or Limitations of Javascipt?

[Anonymous Coward]

There are so many frameworks and they are all trying to upstage one another. The lessons learned from these frameworks should be incorporated back in ECMA script. For example, the JQuery $() operator would be my first recommendation.

Re:

[TFlan91]

No... Vanilla JS is just fine ty.

Re:

[Anonymous Coward]

$() is just cryptic crap. Don't turn Javascript into unreadable cryptic crap.

Re:

[Anonymous Coward]

Don't turn Javascript into unreadable cryptic crap.

That ship sailed long ago.

Re:

[murdocj]

Yeah, that ship sailed when JS was created. funny how people end up building the stuff like classes and objects that other languages give you for free by creating unreadable mounds of Javascript, and then proudly announce that JS is better than those other languages.

Re:

[Junta]

Also, $() is a lot slower than the equivalent functions. I will admit to being annoyed by the tedium of the function names, but most editors will do a sane job of completion.

Re:

[0100010001010011]

But when Perl does it it's suddenly the only True Language?

Re:

[gbjbaanb]

when Perl does it, its a feature. If you can't understand it, you're not good enough a coder to work with it.

Keeps the inferior, amateur and kiddie coders away. After seeing some code submitted by our outsourced department, I wish other languages could do the same.

The more important question:

[Gravis Zero]

How long until there is an ad being served that runs Javascript/Webassembly code that exploits Spectre to steal all your passwords?

I'm so glad we have "near native" execution speeds for this shit.

Re:

[darkHanzz]

Firefox has been updated to not have high-resolution timers, so for private use, Spectre shouldn't be much of an issue. Since AMD's post on lkml, someone must have done that already, so 'seven days ago' is probably a reasonable answer.

Re:

[Miamicanes]

When, exactly, did web pages acquire the means of compiling random Javascript into literal x86/AMD64 assembly language? Oh wait... they didn't. WebAssembly is just a buzzword for "Javascript gets pre-optimized into slightly leaner & faster-to-execute intermediate code that's ultimately STILL interpreted by something higher-level than the CPU". If that intermediate code can exploit Spectre, then it's the fault of the intermediate-code's interpreter. And if there IS no real way Spectre could be exploited

Re:

[Gravis Zero]

When, exactly, did web pages acquire the means of compiling random Javascript into literal x86/AMD64 assembly language? Oh wait... they didn't.

It doesn't have to be literal because it's a timing based attack. It reads like you don't understand the issue and have no real place commenting here because they even made an example in the whitepaper of using javascript.

Re: The more important question:

[Miamicanes]

The PoC might have been written "in Javascript", but that doesn't mean it can be exploited by a random script referenced by an untrusted web page somewhere... there are OTHER, more-privileged ways to "run Javascript code", like Windows Scripting Host, server-side jScript, and probably things like browser extensions, Gnome, etc.

I maintain... if a script in a web page can break out of its browser sandbox and deterministically read arbitrary bytes in RAM, the existence of these two vulnerabilities is the *LEAS

Re:

[Gravis Zero]

The PoC might have been written "in Javascript", but that doesn't mean it can be exploited by a random script referenced by an untrusted web page somewhere...

Actually, that's exactly what it means. Why do you think they went through the effort of dropping support for high resolution timers? https://hackaday.com/2018/01/0... [hackaday.com]

How are you this dense?

Re: The more important question:

[Miamicanes]

Ok, I was wrong about the "Javascript in browser is effectively sandboxed" part.

However, I maintain that the risk presented to end users can be wholly mitigated by an update to the browser itself, and requires no performance-killing changes to the underlying OS to achieve the goals an individual user running Windows on his own computer will actually *care* about.

Disabling high-res timers appears to have eliminated the problem insofar as disclosure of browser-managed usernames & passwords is concerned. A

Re:

[Gravis Zero]

Ok, I was wrong about the "Javascript in browser is effectively sandboxed" part.

that is the only part i was arguing. everything else you are saying is irrelevant.

a case for frameworks

[fluffernutter]

I've made a couple highly dynamic javascript page with jquery. We're talking a lot of sliding panels being positioned nicely etc. The damn thing worked the same on every mobile device, every browser, anywhere we tried it. I can't see that happening without a lot of testing on native javascript.

Re:

[Actually, I do RTFA]

What does your page look like with JavaScript off?

Re:

[fluffernutter]

It looks like a message that the user should activate javascript or they can't expect to use the highly dynamic part of the site.

Re:

[FictionPimp]

What does your website read to the blind? How does it work for the visually impaired?

Re:

[Shados]

Thanks to aria attributes, ours work just fine (we have some people frequently testing with screen readers)

JavaScript off is harder, but for actual line of business applications (as opposed to documents), it's just not worth the trouble.

Re:

[mrun4982]

Who cares? Unless you're google or facebook maybe, folks who turn off JavaScript aren't worth catering too.

what case?

[Anonymous Coward]

You presume anybody but circle-jerking javascript-monkeys wants all that sliding shit.

Me, I want the content. Preferably still readable using a probably text-only but certainly javascript-free browser. It doesn't have to look "exactly the same" on wildly disparate devices, since I'm not looking at ten different ones at a time. It only has to be readable on this one right before me. And amazingly, that's not a "mobile device" nor a "tablet" or whichever "content consumption device" is the latest fad, but in

Re:

[Anonymous Coward]

I'm looking forward to 80x25 on a 40" 4K display. You'll be able to see the hairs on the letter R!

Re:

[Anonymous Coward]

Nobody wants to see the hairs on your R's. (Say it out loud with a British accent for full effect.)

Re:

[DahGhostfacedFiddlah]

You presume anybody but circle-jerking javascript-monkeys wants all that sliding shit.

While I agree, that's not the point. The point is that a library allows you to create something that works cross-browser and cross-platform without having to test it all yourself. I'm surprised at the high-rated comments here complaining about frameworks in general. Browsers haven't de-balkanized enough that you can just write it and forget it. You need a buffer library between your code and all of the systems that wil

Re: what case?

[walllaby]

As a web designer, I'm all for accessible, progressively-enhanced websites. Everything should be accessible without JavaScript.

But I'm not going to waste my time designing for 0.5% of my client's audience just because they demanded so on a tech blog. And I'm definitely not going to waste my time designing for your use case, since analytics utilities are run using JavaScript.

tl;dr: Go back to bed, grandpa.

Re:

[Junta]

One, you'd be surprised how consistent browsers in the last 3-4 years have been.

Two, 99% of the time if you are using java script to animate, you are failing to use the far more efficient CSS to do the same thing, and more easily degrade to accessible use.

Re:

[cheesyweasel]

Yeah that's right. In the same way, a lot of MVVM frameworks have patches to make things work on all browsers, and have kind of taken over the job of jquery. All browsers still have nuances that can cause big problems without a lot of testing.. history api is one example.

JavaScript celebrity news

[Anonymous Coward]

Angular is pregnant, Vue was the Maxim hottest framework of the year, and jQuery gained 15 pounds on its vacation, pictures inside!

You couldn't ask for a better illustration of Alan Kay's statement that most programming is pop culture.

Welcome to 2018

[fahrbot-bot]

When /. posts ads and press releases for stuff as stories. Any bets as to if the "anonymous reader" that submitted this is actually Laurie Voss, co-founder and COO of npm - citing herself? /cynical

Javascript variable declaration

[najajomo]

What I've always wondered is why didn't they stick with C type declaration?

Re:Fuck Frameworks and NPM

[murdocj]

You have it absolutely backwards. Coding your own crap instead of using the good, solid, portable, tested code in jQuery is the sign of a code monkey, hacking away until they get something that sort of looks like it works.

Re:Fuck Frameworks and NPM

[Waccoon]

Nothing on the web, including Javascript itself, is good, solid, portable, and tested. If these frameworks were stable, they wouldn't be updated literally every day!

Most frameworks I've come across are for convenience, not portability. I've had my fill of frameworks that did batshit insane stuff, like testing for features by probing for the browser's trademark name, all in the name of delivering bleeding-edge features for the lazy that shouldn't be used in the first place.

Re:

[Njovich]

Ha, I completely agree with your premise, but I don't think jQuery is really a bad offender in this respect. Basically it's just a way to query the DOM using CSS selectors and some utility functions for working with it that way. Hardly Lego. Some other frameworks are pretty bad in this respect though.

Re:

[gbjbaanb]

And even then its a nuisance as they get updated in breaking versions - my mate works with Angular and spits feathers when its mentioned. What incompatible version is it on now? Angular 5?

Re:

[cheesyweasel]

I feel like that too. But the problem is, browser just aren't fucking good enough. We're restricted by the shortcomings of them, so you have to use other people's code or you'd never get anything written. But it's definitely a good point about using other people's libraries (who use other people's libraries) and so on.

Re:

[Junta]

Done correctly, javascript can be a more efficient way of interacting with data server side, both client and server.

Rendering new whole pages is more expensive than manipulating DOM content to handle updates.

Now going over the top with ugly animations like a high schooler with power point.....