GitHub has signed an agreement to acquire NPM, a popular JavaScript package management service for developers. GitHub has signed an agreement to acquire NPM, a popular JavaScript package management service for developers. After the acquisition, NPM public registry users can continue to use it for free, and paying users can migrate private NPM packages to GitHub Package shortly after.
Heart of Machine reporting, participation: Si, Zhang Qian, Jamin.
NPM, which stands for Node Package Manager, is a Node.js-based Package Manager created to make it easier for JavaScript developers to share and reuse code.
Thanks to the work of the NPM team over the past 10 years and the contributions of thousands of open source developers and maintainers, the platform now has 1.3 million software packages and 75 billion downloads per month. Their efforts have made JavaScript the largest developer ecosystem in the world.
“GitHub is proud to be a part of writing the next chapter of NPM’s story,” GitHub said in the blog post. “We’ll help NPM continue to expand to meet the needs of our rapidly growing JavaScript community.” For the millions of developers who use the NPM common package manager every day, open source packages will always be available and always be free.
Why is NPM so important?
NPM is familiar to many developers. Even if we use other languages such as Python or C++, we will encounter NPM when executing some JS open source projects. If we’re familiar with JavaScript, NPM is an almost indispensable package management tool. You can say that NPM is similar to PIP in Python.
The company that maintains and creates this package of managers is NPM. Because of the large code base and software registry hosted by NPM, JS developers can borrow from open source packages without having to build applications from scratch.
If we want to create an open source package, the usual approach is to upload the code to GitHub and maintain it in real time. At the same time, the stable version of the code is also uploaded to NPM, so that developers can easily install and manage. GitHub is responsible for tracking code fixes and iterations of versions, while NPM is responsible for managing the entire installation package.
JS is one of the largest developer communities, and NPM is the world’s largest software registry, an integral part of the development ecosystem in the process of “download, install, and upload packages.” Developers don’t need to worry about dependencies and versions of packages, just hand them over.
In general, NPM consists of several independent modules, such as the registry, command line tools, and so on. The registry is a huge database that holds information about each software package; Command-line tools allow developers to interact with NPM through terminals. With these modules, it’s no problem to manage open source packages, share code, manage proprietary packages, manage dependencies, and so on.
NPM is a great tool. NPM raised $8 million in venture funding in 2015. Like GitHub, it makes open source packages free and charges for hosting private code packages. The advantage is that enterprise users can manage open source and private packages using the same tools.
Now that GitHub has acquired NPM, will there be some integration between them? After all, GitHub launched the GitHub Package Registry, a free Package management service, last year.
What happens after the acquisition?
For users, of course, the biggest concern is the impact of the acquisition on them. GitHub CEO Nat Friedman said in a blog post that NPM will always be available and always be free for the millions of developers who use the public REGISTRY every day. After the completion of the acquisition, the focus will be on the following aspects:
-
Invest in managed server infrastructure and platforms. The JavaScript ecosystem is large and expanding rapidly, so you need a solid registration system. GitHub will make the necessary investments to ensure NPM is fast, reliable, and scalable.
-
Improve the core experience. GitHub will focus on improving the daily experience of developers and maintainers, while continuing to support important projects already underway on the NPM V7 CLI, which will remain free and open source. Exciting new features include Workspaces and further improvements to the package release process and multi-factor authentication experience.
-
Get involved in your community. They will actively work with the JavaScript community to get good improvements to make NPM better.
GitHub says it will work with NPM to improve security in the open source software supply chain. In addition, GitHub intends to expand its GitHub tips functionality into the NPM ecosystem.
GitHub and NPM will also continue to support private registry users who pay to use NPM Pro, Teams, Enterprise. In addition, GitHub is investing heavily in the GitHub Package, a multilingual Package manager that fully integrates with GitHub. Later this year, GitHub will allow paying users of NPM to migrate their private NPM packages to the GitHub Package, allowing NPM to focus on becoming an open, free JavaScript Package management tool.
GitHub has also announced that it will host an Ask Me Anything on Reddit in the coming days.
The net friend comment on
Online reaction to the acquisition was mixed, but judging from comments alone, the majority supported the purchase.
Some netizens say that NPM is at an awkward stage at this stage. From a corporate perspective, NPM’s performance is not particularly praiseworthy. But Github is a better deal than being bought by Amazon, Google or Facebook, and at least retains some independence.
As an important pillar link in the software supply chain, THE core role of NPM is needless to be described, but the operating status of the company behind it is worth studying deeply. Some netizens said that most of the company’s funding comes from venture capital, and the barriers to its business model are far less high than expected.
Some even ran a simple mental simulation of NPM’s performance to show why they liked the acquisition. The company needs funds for operation, and under the current model of NPM, it can only attract more and more investors to maintain operation, while the profit-seeking of investors will adversely affect the company’s future development path, and the uncertainty of funds will lead to conflicts between various stakeholders. Such a development process, it seems, may not be good for the community as a whole, let alone its independence.
For example, they simply believe that Microsoft, the owner of Github, is a highly closed company, and it is difficult to maintain the original neutral and efficient development speed after the acquisition.
Of course, there are mixed reviews of the deal, and time will tell.
Reference links:
https://news.ycombinator.com/item?id=22594549