Next-Gen JavaScript Package Management with Ruy Adorno and Darcy Clarke
Podcast: Play in new window | Download
Subscribe: RSS
Package management sits at the foundation of modern software development, quietly powering nearly every software project in the world. Tools like npm and Yarn have long been the core of the JavaScript ecosystem, enabling developers to install, update, and share code with ease. But as projects grow larger and the ecosystem more complex, this older infrastructure is beginning to show its limits with performance bottlenecks, dependency conflicts, and growing concerns around supply chain security.
Darcy Clarke and Ruy Adorno are veterans of this ecosystem. Both spent years maintaining the npm CLI and helping guide the Node.js project, where they saw firsthand the technical debt and design tradeoffs that define modern JavaScript tooling. Now they’re building vlt, a new package manager and registry that rethinks performance, security, and developer experience from the ground up.
In this episode, Darcy and Ruy join Josh Goldberg to discuss how vlt works, why they believe package management needs a server-side reboot, what lessons they’ve drawn from npm’s evolution, and how features like declarative querying, self-hosted registries, and real-time security scanning could reshape how developers build and share JavaScript in the years ahead.
Josh Goldberg is an independent full time open source developer in the TypeScript ecosystem. He works on projects that help developers write better TypeScript more easily, most notably on typescript-eslint: the tooling that enables ESLint and Prettier to run on TypeScript code. Josh regularly contributes to open source projects in the ecosystem such as ESLint and TypeScript. Josh is a Microsoft MVP for developer technologies and the author of the acclaimed Learning TypeScript (O’Reilly), a cherished resource for any developer seeking to learn TypeScript without any prior experience outside of JavaScript. Josh regularly presents talks and workshops at bootcamps, conferences, and meetups to share knowledge on TypeScript, static analysis, open source, and general frontend and web development.
Please click here to see the transcript of this episode.
Sponsorship inquiries: sponsor@softwareengineeringdaily.com
Sponsors
If you’re using AI to code, ask yourself: are you building software, or are you just playing Prompt Roulette?
We know that unstructured prompting works at first, but eventually leads to AI slop and technical debt.
Enter Zenflow.
Zenflow takes you from “vibe coding” to AI-First Engineering. It is the first AI Orchestration layer that brings discipline to the chaos.
It transforms free-form prompting into spec-driven workflows and multi-agent verification—where agents actually cross-check each other to prevent drift.
You can even command a fleet of parallel agents to implement features and fix bugs simultaneously. We’ve seen teams accelerate delivery 2x to 10x.
Stop gambling with prompts. Start orchestrating your AI.
Turn raw speed into reliable, production-grade output at zenflow.free
You’re a developer who wants to innovate—instead, you’re stuck fixing bottlenecks, and fighting legacy code. MongoDB can help. It’s a flexible, unified platform that’s built for developers, by developers. MongoDB is ACID compliant, Enterprise-ready, with the capabilities you need to ship AI apps—fast. That’s why so many of the Fortune 500 trust MongoDB with their most critical workloads. Ready to think outside rows and columns? Start building at mongodb.com/build.
When things go wrong in production, do you know why in minutes… or hours?
AppSignal is the application performance monitoring tool designed for developers who want clean, actionable insights without a huge observability bill.
You get all the tools you need to fix issues before customers notice, like error tracking, performance monitoring, log management and more.
AppSignal works for teams of all shapes and sizes, from start-ups and side hustles, to SMEs and enterprise, and is especially great for teams that build with Ruby on Rails, Elixir, Node.js, and Python.
Try it free for 30 days and get 10% off your yearly plan with SED10 at www.appsignal.com/sed.
