Today on Elixir Wizards, Wojtek Mach of HexPM and Amal Hussein, engineering leader and former NPM team member, join Owen Bickford to compare notes on package management in Elixir vs. JavaScript. This lively conversation covers everything from best practices for dependency management to API design, SemVer (semantic versioning), and the dark ages of web development before package managers existed.The guests debate philosophical differences between the JavaScript and Elixir communities. They highlight the JavaScript ecosystem's maturity and identify potential areas of improvement, contrasted against Elixir’s emphasis on minimal dependencies. Both guests encourage engineers to publish packages, even small ones, as a learning opportunity.Topics discussed in this episode:Leveraging community packages rather than reinventing the wheelVetting packages carefully before adopting them as dependenciesEvaluating security, performance, and bundle size when assessing packagesManaging transitive dependencies pulled in by packagesWhy semantic versioning is difficult to consistently enforceDesigning APIs with extensibility and backward compatibility in mindUsing tools like deprecations to avoid breaking changes in new releasesJavaScript’s preference for code reuse over minimizationThe Elixir community’s minimal dependencies and avoidance of tech debtChallenges in early package management, such as global dependencyLearning from tools like Ruby Gems and Bundler to improve experienceHow log files provide visibility into dependency management actionsHow lock files pin dependency versions for consistencyPublishing packages democratizes access and provides learning opportunitiesLinting to enforce standards and prevent certain bugsPrimitive-focused packages provide flexibility over highly opinionated onesSuggestions for improving documentation and guidesBenefits of collaboration between programming language communitiesLinks mentioned in this episode:Node.js https://github.com/nodejs npm JavaScript Package Manager  https://github.com/npm JS Party Podcast https://changelog.com/jsparty Dashbit https://dashbit.co/ HexPM Package Manager for Erlang https://hex.pm/ HTTP Client for Elixir https://github.com/wojtekmach/req Ecto Database-Wrapper for Elixir https://github.com/elixir-ecto (Not an ORM)XState Actor-Based State Management for JavaScript https://xstate.js.org/docs/ Supply Chain Protection for JavaScript, Python, and Go  https://socket.dev/ MixAudit https://github.com/mirego/mixaudit NimbleTOTP Library for 2FA https://hexdocs.pm/nimbletotp/NimbleTOTP.html Microsoft Azure https://github.com/Azure Patch Package https://www.npmjs.com/package/patch-package Ruby Bundler to manage Gem dependencies https://github.com/rubygems/bundler npm-shrinkwrap https://docs.npmjs.com/cli/v10/commands/npm-shrinkwrap SemVer Semantic Versioner for NPM https://www.npmjs.com/package/semverSpec-ulation Keynote - Rich Hickey https://www.youtube.com/watch?v=oyLBGkS5ICk Amal’s favorite Linter https://eslint.org/ Elixir Mint Functional HTTP Client for Elixir https://github.com/elixir-mint Tailwind Open Source CSS Framework https://tailwindcss.com/ WebauthnComponents https://hex.pm/packages/webauthn_components Special Guests: Amal Hussein and Wojtek Mach.