GitHub Inc, owned by Microsoft and operating as an independent business unit, about the successful completion of the transaction for the purchase of the business of NPM Inc, which controls the development of the NPM package manager and maintains the NPM repository. The NPM repository maintains over 1.3 million packages, which are used by about 12 million developers. About 75 billion downloads are recorded per month. The amount of the transaction is not called.
, CTO of NPM Inc., about the decision to leave the NPM team, take a break, reflect on your experience and take advantage of new opportunities (in Ahmed has received information that he has taken the position of technical director at Fractional). Isaac Z. Schlueter, creator of NPM, will continue to work on the project.
GitHub has promised that the NPM repository will always remain free and publicly available to all developers. GitHub named three key areas for further development of NPM: community engagement (taking into account the views of JavaScript developers when developing the service), expanding basic capabilities, and investing in infrastructure and platform development. The infrastructure will be developed in the direction of increasing the reliability, scalability and performance of the repository.
To improve the security of the publishing and delivery of packages, it is planned to integrate NPM into the GitHub infrastructure. The integration will also allow you to use the GitHub interface for preparing and hosting NPM packages - changes in packages can be tracked in GitHub from a pull request to the publication of a new version of an npm package. Tools Provided on GitHub vulnerabilities and about vulnerabilities in repositories will also apply to NPM packages. A service will be available to fund the work of maintainers and authors of NPM packages. .
The development of the NPM functionality will focus on improving the convenience of day-to-day work with the package manager for developers and maintainers. Of the significant innovations expected in npm 7, workspaces can be noted ( - allow you to aggregate dependencies from several packages into one package for their installation in one step), improving the process of publishing packages and expanding support for multi-factor authentication.
Recall that last year, NPM Inc experienced a change of leadership, a series of layoffs and a search for investors. Due to the current uncertainty about the future of NPM and the lack of confidence that the company will defend the interests of the community, not investors, a group of employees led by a former NPM CTO package repository . The new project was intended to eliminate the dependence of the JavaScript / Node.js ecosystem on one company that completely controls the development of the package manager and the maintenance of the repository. According to the founders of Entropic, the community does not have leverage to hold NPM Inc accountable for its actions, and the focus on making a profit prevents the implementation of primary from the community point of view, but not bringing money and requiring additional resources, such as support for digital signature verification .
Source: opennet.ru