Adding NPM Modules
As NPM modules might carry security vulnerabilities, performance degradation and be unnecessary in cases - all modules will be vetted before they are allowed to be installed within the platform.
Vet a NPM module
When vetting a module, please complete the below questions and email the below mentioned persons (Security, Web Platform team, Digital Frontend Developers):
Please provide link to the NPM module.
How popular is it? Look at weekly downloads on NPM & stars on Github.
How mature is it? Look at the date of the first published version on NPM and the number of open issues vs. closed issues on Github.
Is it actively maintained? Look at the commit history and the Commits and Code Frequency charts (under the Insights tab) on Github. Check the “last published” date on NPM.
How big is it? Check bundle size on Bundlephobia.
Does it have test coverage? Check for coverage badges on NPM/Github. Open up the test files.
What’s the License?
Have you looked at the source code? Can you not achieve the same without an external dependency?
Motivate why you need it? Provide motivation to the platform team and front end developer community on how it will benefit them and what problem it is solving for you needs.