GitHub plans to invest in npm’s infrastructure, with the hopes of bringing some much-needed modernization to the platform, GitHub CEO Nat Friedman promised in a blog post. It also may help free the rapidly-growing registry from the considerable financial and personnel turmoil that it has been inflicted with over the past few years.
GitHub has pledged to keep the public registry free for use, and to bring substantive improvements. The company wants to “improve the core experience,” vowed Friedman. “Some bigger features that we’re excited about are Workspaces and improvements to the publishing and multifactor authentication experience,” he wrote.
In the long term, GitHub will work to integrate npm into GitHub, which could tighten the security of the supply of open source dependencies. The work will allow developers to “trace a change from a GitHub pull request to the npm package version that fixed it,” Friedman wrote.
The acquisition should also be a good move for GitHub parent company Microsoft, which has been expanding its reach into the open source community over the past few years. In turn, Microsoft will be able to bring financial stability to npm operations, while maximizing the use of these assets, noted Lawrence Hecht, an analyst for The New Stack.
No Cinderella Story
“It’s not a kajillion-billion-dollar-10x-startup cinderella story, and we’ve taken our hits, but in the end, we’ve done right by our community, team, and careers, and I’m extremely proud of what we’ve achieved,” wrote npm inc co-founder Isaac Z. Schlueter, in a blog post.
Early reaction to the news seems to be positive. In “the case of GitHub buying npm, it’s good news all around (and nicely solves the npm monetization issue),” wrote Amazon Web Services developer evangelist and long-time open source observer Matt Asay, in a Tweet.
My primary motivator for five years at npm was to keep the registry running forever. That is now assured. GitHub was always the company that made the most sense to integrate with npm, and I’m glad it became possible.
— Laurie Voss (@seldo) March 16, 2020
The New Stack Contributors B. Cameron Gain and Mike Melanson contributed to this post.
Sonotype is a sponsor of The New Stack.