NPM Inc, which oversees the development of the NPM package manager and maintains the NPM repository, о Microsoft's business. The buyer in the deal is GitHub, which operates as an independent business unit of Microsoft. The amount of the transaction is not called.
It is stated that the change of ownership will not affect the repository , which will continue to exist and remain publicly available and free to open source developers. The development of the NPM package manager will continue with additional resources, which may be an incentive for its more active development. GitHub intends to actively engage with the JavaScript developer community to gather ideas and shape the future of NPM.
As the main vectors of development, they mention increasing the reliability, scalability and performance of the repository and infrastructure, as well as improving the convenience of the daily work of developers and maintainers with the package manager. Of the significant innovations expected in npm 7, workspaces are called (, allow you to aggregate dependencies from multiple packages into one package for installation in one step), improve the process of publishing packages, and expand support for multi-factor authentication.
To improve the security of the publishing and delivery of packages, it is planned to integrate NPM into the GitHub infrastructure. The integration will also allow you to use the GitHub interface for preparing and hosting NPM packages - changes in packages can be tracked in GitHub from a pull request to the publication of a new version of an npm package. Tools Provided on GitHub vulnerabilities and about vulnerabilities in repositories will also apply to NPM packages. A service will be available to fund the work of maintainers and authors of NPM packages. .
Isaac Z. Schlueter, creator of NPM, will continue to work on the project and will be given additional resources and a more relaxed environment to work with. The founder of NPM believes that as part of GitHub, NPM will receive additional support from one of the largest companies in the world, behind the largest developer community. Currently, the NPM repository maintains over 1.3 million packages, which are used by about 12 million developers. About 75 billion downloads are recorded per month and this figure is growing steadily.
Recall that last year, NPM Inc experienced a change of leadership, a series of layoffs and a search for investors. Due to the current uncertainty about the future of NPM and the lack of confidence that the company will defend the interests of the community, not investors, a group of employees led by a former NPM CTO package repository . The new project was intended to eliminate the dependence of the JavaScript / Node.js ecosystem on one company that completely controls the development of the package manager and the maintenance of the repository. According to the founders of Entropic, the community does not have the leverage to hold NPM Inc accountable for its actions, and the focus on making a profit prevents the implementation of primary from the point of view of the community, but not bringing money and requiring additional resources, such as support for digital signature verification.
Source: opennet.ru