GitHub acquires npm

GitHub to Acquire npm JavaScript Package Manager

GitHub looks to bolster the JavaScript community with the acquisition of npm, the vendor behind the widely deployed open-source JavaScript package manager and code registry.

Microsoft's GitHub division announced on March 16 that it is acquiring privately held JavaScript package management vendor npm Inc. Financial terms of the acquisition are not being publicly disclosed.

Npm Inc. is the leader of the open-source npm JavaScript package manager and code registry, which are widely used by more than 11 million developers. In addition to the open-source npm effort, the company has commercial tools including npm Enterprise, which had its last major update in July 2019.

A GitHub spokesperson told ITPro Today.com that one of the reasons GitHub is acquiring npm is because of the high degree of activity that the JavaScript community has on GitHub. GitHub is looking forward to playing a more active role in that community, the spokesperson added.

"npm is a critical part of the JavaScript world," GitHub CEO Nat Friedman wrote in a blog post. "The work of the npm team over the last 10 years, and the contributions of hundreds of thousands of open source developers and maintainers, have made npm home to over 1.3 million packages with 75 billion downloads a month."

The plan is to invest in the npm registry to make it reliable and scalable for developers, according to Friedman. He emphasized that the public npm registry will remain free.

"Looking further ahead, we’ll integrate GitHub and npm to improve the security of the open-source software supply chain, and enable you to trace a change from a GitHub pull request to the npm package version that fixed it," Friedman said.

npm Enterprise Versus GitHub Packages

One of the key capabilities of npm's commercial offering is the ability to host private packages. That ability is also something that GitHub announced during its GitHub Universe event in November 2019. GitHub has committed to supporting npm Enterprise customers, at least in the short term.

"In the future, GitHub will enable and encourage customers to move their private npm packages to GitHub Packages," the GitHub spokesperson said.

Isaac Schlueter, npm founder and CEO, is particularly enthusiastic about the GitHub acquisition.

"At GitHub, npm will have the added support and backing of one of the world’s largest companies, behind the world’s largest community of developers," Schlueter wrote in a blog post. "There are some awesome opportunities for improvement in the npm experience, to meaningfully improve life for [JavaScript] devs in countless large and small ways."

Community Feedback Is Mixed

Initial feedback from the developer community of GitHub's acquisition of the npm JavaScript package manager has been generally positive, though there are some concerns.

"Interesting move by Microsoft/GitHub on acquiring @npmjs," Chris Aniszczyk, vice president of developer relations at the Linux Foundation, wrote in a Twitter message. "Nice to have MS help sustain an important package registry but I truly believe package registries need to be community owned and not by just one vendor ... too risky."

Robin Ginn, executive director of the OpenJS Foundation, said GitHub's acquisition of npm is a positive and logical step to ensure the stability and security of the open-source npm registry for JavaScript developers.

"We know and trust the GitHub leaders who have the experience to build upon the important contributions by many, which made npm the leading open-source package management resource it is today," Ginn said.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish