Analysis / News / Technology

Npm Offers Free Organizational-level Controls for Open Source Code Repositories

22 Mar 2017 9:00am, by

The company behind the popular Node Package Manager (npm) is now offering, for free, its “Orgs” service for organizations to manage access and visibility of JavaScript packages across a large team of contributors — on the condition that all the software hosted there is open source.

The npm service has evolved from a simple apt-get-like developer tool for Node.js users, into the world’s largest software repository, supported by a 20-person company located in downtown Oakland. And it has a mascot: the Wombat.

Founded by Isaac Schlueter and Laurie Voss in 2014, npm, Inc. has built out an enterprise business around a behind-the-firewall repository for businesses that require more control and compliance around their JavaScript software packages

As Supreme Emperor for Life of npm, Inc., Schlueter’s most recent focus has been on npm Organizations, a SaaS package privacy and permissions management offering that allows developers to build out their own repositories made up of whatever packages they’d approved for use in their work. The Orgs service was available on a per-user basis and was introduced in 2015.

Today, npm, Inc. introduced a free version of Organizations, available for all users. The only restriction on this free tier of Organizations is that the private repositories constructed by users must include only open source software. Thus, developers working on their own proprietary packages and working with those packages will still need to pay per user for Organizations.

Schlueter likened the system to GitHub’s Organizations offerings: open source efforts are given free use of the service.

Why do people need private repositories for their JavaScript development projects? Because developing software takes time, and as a team is working hard to build out its new projects, the components those projects are built on are likely also moving forward. npm Orgs allows developers to ensure their collaborators are using the right versions of the building blocks involved.

A Modern Environment

Photo by Alex Handy.

For enterprise users, Organizations also allows for the restriction of access to various components within the repository. Thus, developers can be restricted to using only approved packages that have passed whatever standards set by management for internal usage.

For Node.js and the JavaScript community as a whole, Schlueter said that the current user environment is quite different from the one developers had to address ten years ago. The old concerns of web development — browser compatibility and JavaScript implementation variations — have been replaced by new challenges.

“There’s been an interesting shift in what the low-end web user’s experience and landscape look like. Ten years ago, it was Microsoft Internet Explorer on dial-up. Today the low-end web user is using a latest and greatest, up-to-date browser, but over an unreliable network connection. This has pushed the shift more towards thicker front ends, serverless computing, or offline first approaches to building applications,” said Schlueter.

“You’re doing more in the browser, and there’s a bigger benefit to have better software development. The more you’re doing, the more modularity starts to win. The big growth opportunity for us is focusing on the needs of front-end software developers,” said Schlueter.

Modularity Par Excellence

Npm offers nothing if not modularity. In fact, it offers modularity on a scale never before seen in software development. This was shown quite clearly last year when a single 11-line package called Left-pad was removed from npm by its irate author. Those 11 lines of code were used by thousands of developers around the world, and the removal caused a day of broken software for many.

While the fix was simple, the actual effect of the removal was many-fold. First, it showed just how popular npm and its massive retinue of packages was. Second, it showed the true power of modularity, allowing developers to grab a supremely optimized snippet of code to speed the development of their own software. And finally, that incident showed that six million plus npm users are incredibly active and involved in their community.

The future, for npm, Inc., should be filled with more packages and more users. According to npm, 61 percent of the world’s 11 million JavaScript developers use npm. Schlueter said that npm, Inc. should be simplifying its billing process and improving its user interface over the course of 2017.

As for npm, the repository, and the future of JavaScript, Schlueter said that there are a lot of opportunities. ECMAScript 6 modules are shaping up, and browsers are starting to implement them. “There are ways people could be building applications so we could future-proof them for that. Between here and there, there are a lot of opportunities for improvement. Things like package signing and speeding up download times,” said Schlueter.

Feature image: A Wombat, photo taken by JJ Harrison, CC BY-SA 3.0.


A digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.