Nat Friedman (GitHub CEO) announced that GitHub has signed an agreement to acquire NPM and that NPM will continue to provide public Registry services for free after joining GitHub.
NPM stands for Node Package Manager, which is a JavaScript Package Manager. It has been well received since it was first launched a decade ago and is now the largest developer ecosystem in the world. To date, NPM has served more than 12 million developers with more than 1.3 million packages, which are downloaded 75 billion times a month.
Github CEO Nat Friedman said in the post that his focus will be:
- Providing a better infrastructure and platform for Registry services ensures that NPM is faster, more reliable, and more scalable
- Improve the core experience
- Maintain active interaction with the JavaScript community
In the future, NPM will be integrated into GitHub to improve the security of the open source software supply chain, and to allow users to track changes from GitHub PR to fixes to NPM package versions.
Some future directions after the acquisition:
- Support continues for paying customers using NPM Pro, Teams and Enterprise hosted Private Registry
- In the future, private NPM Packages for NPM paying customers will be migrated to GitHub Packages to enable NPM to focus on becoming a large public registry for JavaScript
Open source vendors worry
One developer commented on GitHub’s acquisition: Microsoft took over the entire open source ecosystem with GitHub, took over the entire JavaScript ecosystem with NPM, took over the majority of developers’ machines with Visual Studio Code, TypeScript changes the way developers use JavaScript. So JavaScript basically belongs to Microsoft right now.
In addition, a number of developers are concerned: why not “Microsoft buys NPM”? Someone mentioned that Microsoft has a policy of not allowing Microsoft+GitHub joint exposure. Microsoft wants to keep GitHub’s reputation and brand pure and not confuse GitHub with Microsoft.