This talk unravels the intricacies of Semantic Versioning (SemVer) while delving into the real-world, practical complexities of navigating dependency hell. Gain new insights into the origin of & challenges with versioning, discover the hidden powers of the existing semantic version schema, and catch a glimpse of the future of package management. Whether you're a seasoned developer who lives & breathes conventional commits or a newcomer eager to understand this essential aspect of our package ecosystem, this talk promises to level up your understanding of everything spec.

The software supply chain is under constant attack and threat actors are finding new ways to exploit and profit off the cracks in its foundations. Of course, the JavaScript ecosystem is at the heart of this problem as it has grown accustomed to relying on small, interdependent modules made available through the largest software registry in the world (npm). Learn more about the current and future state of the ecosystem as well as dive into new tooling and resources you'll need to protect yourself and your projects this year and beyond.

The npm CLI has been, & continues to be, a core developer tool of the Node.js/JavaScript ecosystem. This past year npm@7 became Generally Availble, introducing with it a wealth of changes & net-new capabilities including: lockfile upgrades, workspace support, installing peer dependencies default, npm diff, npm explain, npm exec, npm set-script & much, much more. We'll dive into this work as well as share some exciting news about what to expect in the weeks & months to come.