See what's planned for npm

GitHub is acquiring npm

Maika Möbus
© Shutterstock / cybrain

The package manager npm was initally released ten years ago and is used by millions of JavaScript developers today. It is now being acquired by GitHub—which itself was purchased by Microsoft two years ago. What does this latest step mean for npm users? Let’s take a closer look.

As npm founder Isaac Z. Schlueter announced on the npm blog, GitHub is acquiring npm. An according agreement was signed by both sides.

npm hosts over 1.3 million packages and is a central element of the JavaScript world that is used by around 12 million developers, so let’s see what its acquisition by GitHub means.

SEE ALSO: JavaScript on top, Python ties with Java in RedMonk rankings

Current and future plans for npm

The public npm registry is planned to remain public and free under the ownership of GitHub. Not only does Schlueter, who will keep working on npm, believe that npm will continue as we know it, but “it’ll only get better.”

As GitHub CEO Nat Friedman points out on the GitHub blog, investments in the npm registry infrastructure and platform are among the current plans. Furthermore, GitHub and npm will be integrated, which will enable tracing changes from a GitHub pull request to an updated npm package version.

In light of GitHub’s security features including the recently launched GitHub Security Lab, the integration should offer improved security for the open source software supply chain.

SEE ALSO: GitHub enters the next phase of storing code at the Arctic Code Vault

Paying npm customers will be able to move their private npm packages to GitHub Packages later this year, turning npm exclusively into a public registry.

See the npm and GitHub blog posts for further details.

Maika Möbus
Maika Möbus has been an editor for Software & Support Media since January 2019. She studied Sociology at Goethe University Frankfurt and Johannes Gutenberg University Mainz.

Inline Feedbacks
View all comments