bitHound vs npm

Overview

npm

Stacks137.4K

Followers82.2K

Votes1.6K

GitHub Stars17.6K

Forks3.0K

bitHound

Stacks16

Followers21

Votes22

bitHound vs npm: What are the differences?

Developers describe bitHound as "Continuous analysis for Node.js projects. Identify risks and priorities in your dependencies and code". With faster deployment cycles, a hundred competing priorities and tight deadlines to juggle– your team has a lot on their plate. Uncover and focus on the critical issues impacting your team, avoid software pitfalls and ship with confidence. On the other hand, npm is detailed as "The package manager for JavaScript". npm is the command-line interface to the npm ecosystem. It is battle-tested, surprisingly flexible, and used by hundreds of thousands of JavaScript developers every day.

bitHound can be classified as a tool in the "Code Review" category, while npm is grouped under "Front End Package Manager".

"Automatic dependency analysis" is the primary reason why developers consider bitHound over the competitors, whereas "Best package management system for javascript" was stated as the key factor in picking npm.

npm is an open source tool with 17.2K GitHub stars and 3.17K GitHub forks. Here's a link to npm's open source repository on GitHub.

Share your Stack

Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.

View Docs

CLI (Node.js)

Manual

Advice on npm, bitHound

StackShare

Apr 23, 2019

Needs adviceon

Node.js

npm

Yarn

From a StackShare Community member: “I’m a freelance web developer (I mostly use Node.js) and for future projects I’m debating between npm or Yarn as my default package manager. I’m a minimalist so I hate installing software if I don’t need to- in this case that would be Yarn. For those who made the switch from npm to Yarn, what benefits have you noticed? For those who stuck with npm, are you happy you with it?"

295k views295k

Comments

Mark

CTO at Gemsotec bvba

Apr 25, 2019

Reviewon

React

TypeScript

Yarn

I use npm because I also mainly use React and TypeScript. Since several typings (from DefinitelyTyped) depend on the React typings, Yarn tends to mess up which leads to duplicate libraries present (different versions of the same type definition), which hinders the Typescript compiler. Npm always resolves to a single version per transitive dependency. At least that's my experience with both.

251k views251k

Comments

Oleksandr

Senior Software Engineer at joyn

Dec 7, 2019

Decided

As we have to build the application for many different TV platforms we want to split the application logic from the device/platform specific code. Previously we had different repositories and it was very hard to keep the development process when changes were done in multiple repositories, as we had to synchronize code reviews as well as merging and then updating the dependencies of projects. This issues would be even more critical when building the project from scratch what we did at Joyn. Therefor to keep all code in one place, at the same time keeping in separated in different modules we decided to give a try to monorepo. First we tried out lerna which was fine at the beginning, but later along the way we had issues with adding new dependencies which came out of the blue and were not easy to fix. Next round of evolution was yarn workspaces, we are still using it and are pretty happy with dev experience it provides. And one more advantage we got when switched to yarn workspaces that we also switched from npm to yarn what improved the state of the lock file a lot, because with npm package-lock file was updated every time you run npm install, frequent updates of package-lock file were causing very often merge conflicts. So right now we not just having faster dependencies installation time but also no conflicts coming from lock file.

310k views310k

Comments

Detailed Comparison

npm	bitHound
npm is the command-line interface to the npm ecosystem. It is battle-tested, surprisingly flexible, and used by hundreds of thousands of JavaScript developers every day.	With faster deployment cycles, a hundred competing priorities and tight deadlines to juggle– your team has a lot on their plate. Uncover and focus on the critical issues impacting your team, avoid software pitfalls and ship with confidence.
-	Do you know when your third party dependencies are at risk? bitHound gives you insight into the insecure, deprecated, outdated and unused packages impacting your software.; We analyze your code to help your team determine where focus is needed. Understand the mechanical issues impacting your codebase, reduce complexity and clutter, and gain insights that go beyond the command line with bitHound.; Whether it's formal issue management or the team's pending tech debt, it's important to get on top of these issues. bitHound offers an improved understanding of how the team is performing together and whether or not items are being left behind.
Statistics
GitHub Stars 17.6K	GitHub Stars -
GitHub Forks 3.0K	GitHub Forks -
Stacks 137.4K	Stacks 16
Followers 82.2K	Followers 21
Votes 1.6K	Votes 22
Pros & Cons
Pros 648 Best package management system for javascript 382 Open-source 327 Great community 148 More packages than rubygems, pypi, or packagist 112 Nice people matter Cons 5 Problems with lockfiles 5 Bad at package versioning and being deterministic 3 Node-gyp takes forever 1 Super slow	Pros 5 Zero-config linting integration 5 Easy setup 5 Automatic dependency analysis 4 Auto sync with Github 3 Excellent customer service
Integrations
No integrations available	GitHub Bitbucket HipChat Slack

What are some alternatives to npm, bitHound?

RequireJS

RequireJS loads plain JavaScript files as well as more defined modules. It is optimized for in-browser use, including in a Web Worker, but it can be used in other JavaScript environments, like Rhino and Node. It implements the Asynchronous Module API. Using a modular script loader like RequireJS will improve the speed and quality of your code.

Code Climate

After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.

Browserify

Browserify lets you require('modules') in the browser by bundling up all of your dependencies.

Codacy

Codacy automates code reviews and monitors code quality on every commit and pull request on more than 40 programming languages reporting back the impact of every commit or PR, issues concerning code style, best practices and security.

Phabricator

Phabricator is a collection of open source web applications that help software companies build better software.

Yarn

Yarn caches every package it downloads so it never needs to again. It also parallelizes operations to maximize resource utilization so install times are faster than ever.

PullReview

PullReview helps Ruby and Rails developers to develop new features cleanly, on-time, and with confidence by automatically reviewing their code.

Gerrit Code Review

Gerrit is a self-hosted pre-commit code review tool. It serves as a Git hosting server with option to comment incoming changes. It is highly configurable and extensible with default guarding policies, webhooks, project access control and more.

SonarQube

SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.