NPM Inc. which controls the development of the NPM package manager and maintains the NPM repository, has announced the sale of its business to GitHub Inc (which is currently owned by Microsoft), which operates as an independent business unit (the amount of the transaction for the purchase has not been disclosed).
For the part of the purchase it is argued that the ownership change will not affect the NPM repository and that this will continue to exist and will remain publicly available and free of charge for open source developers. The development of the NPM package manager will continue with additional resources, which can be an incentive for its more active development as GitHub intends to actively work with the JavaScript community to gather ideas and determine the future of NPM.
Regarding the changes that Microsoft has prepared After the purchase is completed, it is mentioned that the main development vectors will be: increase the reliability, scalability and productivity of the repository and infrastructure, as well as improve the convenience of the daily work of the developers and those who accompany the package manager.
Of the important innovations expected in version 7 of NPM, the workspaces are named (which allow to add dependencies of several packages in a single package for installation in a single step), improve the process of publishing packages and expand support for multi-factor authentication.
To increase the security of the package posting and delivery processes, NPM is planned to be integrated into the GitHub infrastructure.
The integration will also allow you to use the GitHub interface to prepare and drop NPM packages- Package changes can be tracked on GitHub from receiving a pull request to publishing a new version of an npm package.
The vulnerability detection and vulnerability reporting tools provided by GitHub in the repositories will also apply to NPM packages. The GitHub sponsor service will be available to fund the work of NPM package authors and companions.
In addition to this, Isaac Z. Schlueter is mentioned (the creator of NPM) will continue working on the project and you will be provided with additional resources and a more relaxed work environment.
In the announcement made by him, he shares the following:
What I really didn't expect at the beginning of the acquisition process was how much I would sincerely like everyone I met on GitHub, starting with my initial conversations with Nat, as well as everyone on the team that he has trained ...
NPM founder believes that as part of GitHub, NPM will receive additional support from one of the largest global companies behind the largest developer community. Currently, the NPM repository serves more than 1.3 million packages, which are used by about 12 million developers. There are approximately 75 billion downloads per month, and this number is constantly growing.
Recall that last year NPM Inc experienced a leadership change, a series of layoffs and the search for investors.
Due to the uncertainty surrounding the future fate of NPM and the lack of confidence that the company will defend the interests of the community, not investors, a group of employees led by a former technical director of NPM founded the Entropic package repository.
The new project was designed to remove the dependency on the JavaScript / Node.js ecosystem in a single company that completely controls the development of a package manager and maintains a repository.
According to the founders of Entropic, the community does not have the ability to hold NPM Inc accountable for the actions taken, and the profit orientation prevents the implementation of the primary activities of the community, but does not bring money and requires additional resources, features, as a support for digital signature verification.
Si you want to know more about the note, you can check the original publication in the following link.