Microsoft’s GitHub to acquire npm JavaScript package manager


Microsoft’s GitHub division announced on March 16 the acquisition of private JavaScript package management provider npm Inc. Financial terms of the acquisition are not being made public.

Npm Inc. is the leading open source npm JavaScript package manager and registry, which is widely used by over 11 million developers. In addition to the open source npm effort, the company has business tools, including npm Company, which had its last major update in July 2019.

A spokesperson for GitHub said ITPro that one of the reasons GitHub acquires npm is the high level of JavaScript community activity on GitHub. GitHub looks forward to playing a more active role in this community, the spokesperson added.

“npm is an essential part of the JavaScript world,” Nat Friedman, CEO of GitHub, wrote in a blog. Publish. “The work of the npm team over the past 10 years and the contributions of hundreds of thousands of open source developers and maintainers have made npm more than 1.3 million packages with 75 billion downloads per month.

The plan is to invest in the npm registry to make it reliable and scalable for developers, according to Friedman. He stressed that the public npm registry will remain free.

“Longer term, we will integrate GitHub and npm to improve the security of the open source software supply chain and allow you to track a change between a GitHub pull request and the version of the npm package that patched it. Said Friedman.

Npm Enterprise Packages vs. GitHub

One of the key capabilities of npm’s commercial offering is the ability to host private packages. This capability is also something that GitHub announced during its GitHub universe event in November 2019. GitHub is committed to supporting npm Enterprise customers, at least in the short term.

“Going forward, GitHub will allow and encourage customers to move their private npm packages to GitHub packages,” the GitHub spokesperson said.

Isaac Schlueter, Founder and CEO of npm, is particularly excited about the acquisition of GitHub.

“At GitHub, npm will have the added support and backing of one of the world’s largest companies, behind the world’s largest developer community,” Schlueter wrote in a blog. Publish. “There are tremendous opportunities for improvement in the npm experience, to significantly improve the life of [JavaScript] developers in countless ways, big and small. “

Community reviews are mixed

Early feedback from the developer community on GitHub’s acquisition of the npm JavaScript package manager has been generally positive, although there are some concerns.

“Interesting decision from Microsoft / GitHub on acquisition @npmjs, “Chris Aniszczyk, vice president of developer relations at the Linux Foundation, wrote in a Twitter message. “It’s good that MS helps maintain a large package registry, but I really think package registries should be owned by the community and not by one vendor… too risky. “

Robin Ginn, Executive Director of the OpenJS Foundation, said that GitHub’s acquisition of npm is a positive and logical step in ensuring the stability and security of the open source npm registry for JavaScript developers.

“We know and trust the leaders at GitHub who have the experience to build on the important contributions of many, who have made npm the leading open source package management resource it is today,” Ginn said.


Comments are closed.