GitHub, part of Microsoft, is investing heavily in the open source software community. Recently, the startup and open source registry for JavaScript software packages npm was taken over.
With the takeover, the well-known open-source community gets a software package regisrty with a total of 1.3 million software packages written in JavaScript. JavaScript is the most popular programming language for software in the world and is the basis of many websites. In addition, npm also provides commercial versions of its service. These are intended for companies who want to use them to manage the components of their internal JavaScript projects.
Startup npm indicates that the software packages in their registry are downloaded no less than 75 billion times a month. The user base that the startup claims to have consists of about 12 million software developers. The price of the acquisition has not been disclosed.
Integration within GitHub
In concrete terms, the now acquired startup will soon be fully integrated within GitHub. Especially to guarantee the security of the open source software supply chain. In addition, this integration should ensure that customers are able to fully monitor a change in a GitHub pull request to the npm package version that solves the problem. The open source community is already investing enough to ensure that npm remains fast, reliable, and scalable.
Future developments
For the future of npm, GitHub, through CEO Nat Friedman, indicates that the npm registry will remain free for the time being and that improvements for the npm CLI will continue to be worked on. For this, npm will receive full support from parent company Microsoft, among others.
Also the customers of the paid versions will still be supported. However, these customers will later be given the option to switch to their own software package products launched last year; GitHub Packages.
GitHub’s strategy
For GitHub, already the world’s largest open source code library, the acquisition is very interesting. With the acquisition of the largest package registry in the world, the open source community under the flag of tech giant Microsoft will obviously strengthen its dominant position within the open source community.
For example, GitHub took over Semmle in recent quarters. This is a tool for discovering vulnerabilities in code. Pull Panda was also acquired. This company specializes in automation software for software development.