This article is more than 1 year old

NPM today stands for Now Paging Microsoft: GitHub just launched its own software registry

GitHub Package Registry provides libraries and other bits and bytes for Java, JavaScript, Ruby, .NET and more

GitHub today will introduce the GitHub Package Registry, a service to allow software developers to publish and manage public or private software packages for a variety of programming languages.

Software packages are collections of code, scripts, and other resources that provide specific functionality for application developers. There are already various community-led organizations and companies that provide package registries and package management tools for different programming languages, including Docker (Docker images), Maven (Java), NPM (JavaScript), NuGet (.NET), and RubyGems (Ruby).

The GitHub Package Registry supports the package management clients associated with these services. It is intended to complement existing registries, said Bryan Clark, director of product Management for open source at GitHub, in a phone interview with The Register a few hours ago.

However, if developers wish to express a vote of no confidence in existing registry operations, they have the option to upload packages to GitHub exclusively.

Given the frustration in the JavaScript community over recent layoffs at NPM Inc, such selective package distribution could become a way to voice dissatisfaction beyond Twitter parody accounts. NPM Inc is used by millions of programmers to download and bolt packages onto their apps, and its npm client is the default package manager of the widely used Node.js.

"We can provide a lot of value in this space and it's something that customers have been asking about for a while," GitHub's Clark told us.

That value includes statistical data about package usage, GitHub's identity and permissions system, and GitHub's search, browsing, and management tools. GitHub also offers automation tools, to enable programmatic workflows via webhooks and GitHub Actions.

Here's a screenshot showing how one would use the npm client with GitHub Package Registry rather than NPM Inc's JavaScript registry:

GitHub Package Registry

GitHub is in a position to improve the security of software packages through its security alerts for vulnerable dependencies. Clark said the Microsoft-owned biz plans to make some security announcements related to its Package Registry at its Satellite conference in Berlin, Germany, later this month.

While GitHub Package Registry may complement other registries, it could become a significant competitor for enterprise customers. Companies may well prefer to pay for private package hosting through GitHub, which they likely already use for source version control and CI/CD, instead of NPM or Docker.

Clark said GitHub plans to support more programming languages in the future and to boost community involvement. "The goal over the summer some time is to try to open source the server component," he said.

The GitHub Package Registry arrives as a limited beta service, and is free for open source use. Pricing details for other licensing models and uses should be published shortly. ®

More about


Send us news

Other stories you might like