Startup npm indicates that the software packages in their registry are downloaded no less than 75 billion times a month. The user base that the startup claims to have consists of about 12 million software developers. The price of the acquisition has not been disclosed.
Integration within GitHub
In concrete terms, the now acquired startup will soon be fully integrated within GitHub. Especially to guarantee the security of the open source software supply chain. In addition, this integration should ensure that customers are able to fully monitor a change in a GitHub pull request to the npm package version that solves the problem. The open source community is already investing enough to ensure that npm remains fast, reliable, and scalable.
For the future of npm, GitHub, through CEO Nat Friedman, indicates that the npm registry will remain free for the time being and that improvements for the npm CLI will continue to be worked on. For this, npm will receive full support from parent company Microsoft, among others.
Also the customers of the paid versions will still be supported. However, these customers will later be given the option to switch to their own software package products launched last year; GitHub Packages.
For GitHub, already the world’s largest open source code library, the acquisition is very interesting. With the acquisition of the largest package registry in the world, the open source community under the flag of tech giant Microsoft will obviously strengthen its dominant position within the open source community.
For example, GitHub took over Semmle in recent quarters. This is a tool for discovering vulnerabilities in code. Pull Panda was also acquired. This company specializes in automation software for software development.