npm is joining GitHub



npm是JavaScript世界的重要組成部分。 npm團隊在過去十年中的工作以及成千上萬的開源開發人員和維護人員的貢獻,使npm擁有130萬個軟件包,每月下載量達750億次。 他們共同幫助JavaScript成為世界上最大的開發者生態系統。 GitHub上的我們很榮幸成為npm故事的下一章的成員,並幫助npm繼續擴展以滿足快速增長的JavaScript社區的需求。

對於每天使用公共npm註冊表的數百萬開發人員而言,npm將始終可用且始終免費。 交易完成後,我們的重點是:

  • 投資於註冊表基礎結構和平台。 JavaScript生態系統規模龐大且發展迅速。 它需要堅如磐石的註冊表。 我們將進行必要的投資,以確保npm快速,可靠和可擴展。
  • 改善核心體驗。 我們將努力改善開發人員和維護人員的日常體驗,並支持npm v7 CLI上已經開始的出色工作,它將繼續保持免費和開源。 我們感到興奮的一些更大的功能是 工作區 以及對發布和多因素身份驗證體驗的改進。
  • 與社區互動。 我們將積極與JavaScript社區互動,以獲取您的想法並幫助我們定義npm的未來。

展望未來,我們將集成GitHub和npm來提高開源軟件供應鏈的安全性,並使您能夠跟踪從GitHub拉取請求到修復它的npm軟件包版本的更改。 開源安全是一個重要的全球性問題,並且隨著 GitHub Security Lab 的最新發布 和GitHub的內置 安全公告 ,我們已做好充分準備,可以發揮作用。 此外, GitHub Sponsors 已經向開源貢獻者支付了數百萬美元,我們很高興探索將其擴展到npm生態系統的高雅方式。

對於使用npm Pro,Team和Enterprise託管私人註冊表的付費客戶,我們將繼續為您提供支持。 我們還在GitHub Packages上進行了大量投資,作為與GitHub完全集成的出色的多語言包註冊中心。 今年晚些時候,我們將使npm的付費客戶將其私有npm軟件包移至GitHub軟件包中,從而使npm可以專注於成為JavaScript的大型公共註冊表。

我們也歡迎您對npm的未來提出想法。 在接下來的幾天裡,我們將與團隊中的一些人一起主持Reddit AMA。

每天出現在npm中的工作都證明了數百萬JavaScript開發人員的驚人能量和創造力。 我們很榮幸以新的方式支持該社區。 npm和JavaScript生態系統的未來非常光明。


I’m excited to announce that GitHub has signed an agreement to acquire npm.

npm is a critical part of the JavaScript world. The work of the npm team over the last 10 years, and the contributions of hundreds of thousands of open source developers and maintainers, have made npm home to over 1.3 million packages with 75 billion downloads a month. Together, they’ve helped JavaScript become the largest developer ecosystem in the world. We at GitHub are honored to be part of the next chapter of npm’s story and to help npm continue to scale to meet the needs of the fast-growing JavaScript community.

For the millions of developers who use the public npm registry every day, npm will always be available and always be free. Our focus after the deal closes will be to:

  • Invest in the registry infrastructure and platform. The JavaScript ecosystem is massive and growing quickly. It needs a rock-solid registry. We will make the investments necessary to ensure that npm is fast, reliable, and scalable.
  • Improve the core experience. We will work to improve the everyday experience of developers and maintainers, and support the great work already started on the npm v7 CLI, which will remain free and open source. Some bigger features that we’re excited about are Workspaces and improvements to the publishing and multi-factor authentication experience. 
  • Engage with the community. We will actively engage with the JavaScript community to get your ideas and help us define the future of npm.

Looking further ahead, we’ll integrate GitHub and npm to improve the security of the open source software supply chain, and enable you to trace a change from a GitHub pull request to the npm package version that fixed it. Open source security is an important global issue, and with the recent launch of the GitHub Security Lab and GitHub’s built-in security advisories, we are well-positioned to make a difference. In addition, GitHub Sponsors has already paid out millions of dollars to open source contributors, and we’re excited to explore tasteful ways to extend it to the npm ecosystem.

For paying customers who use npm Pro, Teams, and Enterprise to host private registries, we will continue to support you. We are also investing heavily in GitHub Packages as a great multi-language packages registry that’s fully integrated with GitHub. Later this year, we will enable npm’s paying customers to move their private npm packages to GitHub Packages—allowing npm to exclusively focus on being a great public registry for JavaScript.

We also welcome your ideas on the future of npm. We’ll be hosting a Reddit AMA with some of the people on the team in the coming days.

The amazing energy and creativity of millions of JavaScript developers is evident every day in the work that appears in npm. We are honored to support that community in a new way. The future of npm and the JavaScript ecosystem is very bright.