There are over one million packages indexed on NPM, the most popular package registry for JavaScript packages. While it's an indispensable resource for developers building applications — offering efficiency, convenience, and reliability — it's important to evaluate the impact of using any package in your project.

That's where Should I Use? comes in.

Should I Use? is a tool to help developers and product owners evaluate JavaScript packages through a baseline of criteria:

• Is it at least a v1.0.0? A version of at least 1.0.0 (following semantic versioning) usually implies the package is ready for production.
• Has there been a new release in the past six months? New releases within the past six months usually indicate the package is actively being developed.
• Has there been a commit to the repo in the past six months? Maybe there hasn't been a release, but there is active work occurring in the project; the latest commits can tell us that.
• Are there more than 100 weekly downloads? More than 100 weekly downloads indicate the package is being downloaded and used by the community.
• Are there more than 10 contributors? Multiple contributors indicate the package is supported by multiple open-source contributors, which is desirable for seeking a package in active development.
• Are there less than 40 dependencies? A lower reliance on external dependencies indicates there are less packages this particular package relies on, thus reducing overall complexity.
• Is the ratio of issues closed/open and PRs opened/merged less than 2? This is a basic ratio to determine if issues are being opened/closed and Pull Requests opened/merged at a ratio that suggests responsiveness by maintainers. For example, if, in the past month, 5 issues are opened and 4 are closed, there is a strong indication of responsiveness and active development.
• Is the size of the package within our performance budget? Overall package size is important, particularly in the JavaScript ecosystem where bundle size is growing steadily. We offer a direct link to BundlePhobia, an excellent resource for understanding the cost of adding a specific package to your project.

This criteria is the baseline we use at Differential — and the one we built into Should I Use? — but it's just that: a baseline. Are you okay with using pre-v1 packages? Go for it! Use your discretion when evaluating packages. There are no hard-and-fast rules, but it’s important to work from a baseline to help in the evaluation process.

While the primary goal of Should I Use? is to help developers and product owners evaluate JavaScript packages, we hope to draw attention to open-source packages in need of contributions. Is the package pre-v1 and in need of some support? Are there only a few contributors with several open issues? Maybe you're a developer who can help out! Open-source software is only as strong as the community behind it.

We hope this tool helps the ever-expanding JavaScript ecosystem to continue growing, improving, and leveraging open-source solutions to real-world problems. Let us know what you think! You can contact us at hello@differential.com.