GitHub today will introduce the GitHub Package Registry, a service to allow software developers to publish and manage public or private software packages for a variety of programming languages.
The GitHub Package Registry supports the package management clients associated with these services. It is intended to complement existing registries, said Bryan Clark, director of product Management for open source at GitHub, in a phone interview with The Register a few hours ago.
However, if developers wish to express a vote of no confidence in existing registry operations, they have the option to upload packages to GitHub exclusively.
"We can provide a lot of value in this space and it's something that customers have been asking about for a while," GitHub's Clark told us.
That value includes statistical data about package usage, GitHub's identity and permissions system, and GitHub's search, browsing, and management tools. GitHub also offers automation tools, to enable programmatic workflows via webhooks and GitHub Actions.
GitHub is in a position to improve the security of software packages through its security alerts for vulnerable dependencies. Clark said the Microsoft-owned biz plans to make some security announcements related to its Package Registry at its Satellite conference in Berlin, Germany, later this month.
While GitHub Package Registry may complement other registries, it could become a significant competitor for enterprise customers. Companies may well prefer to pay for private package hosting through GitHub, which they likely already use for source version control and CI/CD, instead of NPM or Docker.
Clark said GitHub plans to support more programming languages in the future and to boost community involvement. "The goal over the summer some time is to try to open source the server component," he said.
The GitHub Package Registry arrives as a limited beta service, and is free for open source use. Pricing details for other licensing models and uses should be published shortly. ®