GitHub Acquires npm, Plans to Improve Infrastructure and Experience

GitHub announced yesterday that it had acquired the popular JavaScript package service npm for an undisclosed amount. npm, Inc. was the company behind the Node package manager, npm Registry, and npm CLI. The company is shuttering its doors, but the future of the npm service looks bright with this acquisition.

Currently, npm serves over 1.3 million packages with 75 billion downloads every month. Over the past decade, the service has solidified itself as a vital part of the modern web. At least 12 million developers use npm to manage JavaScript dependencies.

In recent years, it has become a necessary piece of core WordPress, plugin, and theme development. The WordPress software currently has 71 packages available through the public npm registry. As the platform continues relying on JavaScript in the coming years, the number of packages should continue increasing.

“There are few unmitigated successes or failures in the real world,” wrote Isaac Schlueter in a post on the npm blog. “But this is a win, and a good one, for me and the team and the entire JavaScript community.”

The merging of npm and GitHub will make sense for many developers. Because the two services are used in conjunction so often, it can be hard to tell where one ends and the other begins to the uninitiated. GitHub is an online service built to make it easier to collaborate and work on top of the Git version control system. It is social-coding on a massive scale. Many JavaScript repositories hosted on GitHub are then submitted to the npm registry. Other developers can then use npm to manage their dependencies on a per-project level.

Nat Friedman, CEO of GitHub, said npm will always remain available and free of charge in the company’s announcement. GitHub plans to invest in the registry infrastructure and improve the core experience, particularly with work that has already gone into version 7 of the npm CLI. He also stressed the company will garner feedback from the JavaScript community to mold npm’s future.

“Looking further ahead, we’ll integrate GitHub and npm to improve the security of the open source software supply chain, and enable you to trace a change from a GitHub pull request to the npm package version that fixed it,” wrote Friedman. “Open source security is an important global issue, and with the recent launch of the GitHub Security Lab and GitHub’s built-in security advisories, we are well-positioned to make a difference.”

Schlueter expressed that he feels like this is an ideal move for npm, largely in part to GitHub’s commitment to open source. “As we dug into the technical and strategic plans for how npm would fit into the vision of GitHub moving forward, it became clear that this isn’t just a good option for the JavaScript community – it’s significantly better than what npm, Inc., can provide on its own,” he said. “I’ve said countless times before that I wouldn’t let the registry go someplace that won’t take care of it.”

For JavaScript programmers, this change should not cause any issues. It should be business as usual. With a company as large as GitHub and the infrastructure it can provide, developers will likely be looking for new features and improved tools.

“There are some awesome opportunities for improvement in the npm experience, to meaningfully improve life for JS devs in countless large and small ways,” said Schlueter. “We’ll be making things more reliable, convenient, and connected for everyone across our vast interdependent JavaScript ecosystem.”

위로 스크롤