GitHub Acquires npm, Plans to Improve Infrastructure and Experience

GitHub announced yesterday that it had acquired the popular JavaScript package service npm for an undisclosed amount. npm, Inc. was the company behind the Node package manager, npm Registry, and npm CLI. The company is shuttering its doors, but the future of the npm service looks bright with this acquisition.

Currently, npm serves over 1.3 million packages with 75 billion downloads every month. Over the past decade, the service has solidified itself as a vital part of the modern web. At least 12 million developers use npm to manage JavaScript dependencies.

In recent years, it has become a necessary piece of core WordPress, plugin, and theme development. The WordPress software currently has 71 packages available through the public npm registry. As the platform continues relying on JavaScript in the coming years, the number of packages should continue increasing.

“There are few unmitigated successes or failures in the real world,” wrote Isaac Schlueter in a post on the npm blog. “But this is a win, and a good one, for me and the team and the entire JavaScript community.”

The merging of npm and GitHub will make sense for many developers. Because the two services are used in conjunction so often, it can be hard to tell where one ends and the other begins to the uninitiated. GitHub is an online service built to make it easier to collaborate and work on top of the Git version control system. It is social-coding on a massive scale. Many JavaScript repositories hosted on GitHub are then submitted to the npm registry. Other developers can then use npm to manage their dependencies on a per-project level.

Nat Friedman, CEO of GitHub, said npm will always remain available and free of charge in the company’s announcement. GitHub plans to invest in the registry infrastructure and improve the core experience, particularly with work that has already gone into version 7 of the npm CLI. He also stressed the company will garner feedback from the JavaScript community to mold npm’s future.

“Looking further ahead, we’ll integrate GitHub and npm to improve the security of the open source software supply chain, and enable you to trace a change from a GitHub pull request to the npm package version that fixed it,” wrote Friedman. “Open source security is an important global issue, and with the recent launch of the GitHub Security Lab and GitHub’s built-in security advisories, we are well-positioned to make a difference.”

Schlueter expressed that he feels like this is an ideal move for npm, largely in part to GitHub’s commitment to open source. “As we dug into the technical and strategic plans for how npm would fit into the vision of GitHub moving forward, it became clear that this isn’t just a good option for the JavaScript community – it’s significantly better than what npm, Inc., can provide on its own,” he said. “I’ve said countless times before that I wouldn’t let the registry go someplace that won’t take care of it.”

For JavaScript programmers, this change should not cause any issues. It should be business as usual. With a company as large as GitHub and the infrastructure it can provide, developers will likely be looking for new features and improved tools.

“There are some awesome opportunities for improvement in the npm experience, to meaningfully improve life for JS devs in countless large and small ways,” said Schlueter. “We’ll be making things more reliable, convenient, and connected for everyone across our vast interdependent JavaScript ecosystem.”


9 responses to “GitHub Acquires npm, Plans to Improve Infrastructure and Experience”

  1. It worths remembering that GitHub is owned by Microsoft.
    So ultimately, npm is owned by Microsoft now.

      • Why is this a problem?

        Products owned by corporations can disappear at any time. Remember Windows Phone?

        • This particular product was already owned by a corporation — npm, Inc. What changed is the corporation that owns it.

          There’s probably always going to be a little distrust of Microsoft within the open-source world. However, they have kept GitHub running without really changing the existing formula. GitHub, at least to me, has only continued improving. I don’t see npm going anywhere given how Microsoft has embraced open-source in recent years and how much of the modern web relies on it.

      • I don’t think the problem is that NPM was acquired by Microsoft or any other big corporation out there. The problem is that those big corporations are buying companies and the web is getting centralized around just a couple of them.

    • Whether a company acquired by a large corporation worries or trusts it is today. Tomorrow is always refreshing.
      So use it today and backup if you need it.

  2. I think that´s not a problem that Microsoft or GitHub has now bought NPM.
    I see the whole thing positively. A large corporation with enough capital ensures that good tools stay free and rewards the teams behind the tools for their great work.

    Thanks for the good article.


  3. Discuss: Would it be a problem for you if Microsoft or Google would buy Automattic Inc.?

  4. congratulations to npm, Inc and the team behind it. Future of npm definitely looks very bright. I Have no problem if a big corporation like Github or Mircosoft buys npm. Good Luck to everyone involved :-).


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: