NPM downloads at it again: Going down for Christmas

Author

Irshad / November 13, 2021

4 min read

npm download chart

What?

If you work/play regularly with frontend technologies, chances are high that you might end up visiting npmjs.com more often than usual, either to get information about a library/framework or maybe to compare it with some other package.

Whatever maybe your reason to visit to that packages' page, you might surely have noticed the weekly downloads chart, which is displayed for every package.

This article is about a yearly trend observed in this chart.

tl;dr - the downloads of npm packages shows a downward trend for the month of december every year. This may be due to the fact that world's 1/3rd population celebrating Christmas and are not working and all the automated bots, mirrors and CI are less running with less fequency.

NPM and NPM dependencies

NPM is a Package Manager for software applications. And it does not really stand for Node Package Manager, contrary of what it usually looks like.

It adds the ability in any JavaScript and TypeScript (with the help of typed packages) based applications to use any pre-packaged source (a.k.a. dependency) into the application.

It is like any other package manager, but for Javscript. If you do Java, then you must have encountered Maven, the de facto pacakge manager for manager Java dependencies.

An alternative to NPM is the modern Yarn, developed by Facebook.

The trend

Let us consider a very popular frontend framework React. The downloads chart cleary show a downward trend during every year in the month of December. This downfall tends to start at the second week of December, and is at it's peak till the last week. It is in January second week that the graph is back in it's normal position, making this trend a full one month cycle.

The reason

It's not actually very straight forward to figure out the reason for this trend, because of the fact that there could many factors affecting the download count and the way there are handled by the npmjs servers.

Npmjs has a blog post from year 2014 explaining this. According to the post the downloads are,

simply a count of the number of HTTP 200 responses we served that were tarball files, i.e. packages. This means the number includes:

  • automated build servers
  • downloads by mirrors
  • robots that download every package for analysis

It looks like these counts are just number of hits to the tarball endpoint of the package, and hence can be easily be bulk-achieved, increasing the download count. This is already been tried by some here, here and here.

So basically calling the tarball endpoint using some automated script is all that is required to get counted as a download, and also for the reason that the npmjs servers are not filtering the download counts.

The post also states that,

bot filtering is really hard, and never totally accurate, and requires constant manual intervention or crazy machine learning to get right, and we are not an analytics company. We’re pretty sure you’d rather we focused on npm itself rather than the website stats. Maybe when we’re bigger we’ll do more.

npm, Inc. is now a part of Github which itself is part of Microsoft, so surely they must have implemented some filtering now.

So the reason for this drop in download count in December is due to low hits on the packages' tarball. This time of the year is when one third of the world's population (rough estimate) celebrates christmas hence decreasing the manual npm i package_name ing of the packages, and also assuming that their continous integration (CI) servers (which may download the pacakge) are not run as frequently as they would run in working days.