This article is more than 1 year old

Now GitHub has gulped down NPM Inc, what's next for the JS package registry? Well, some stability will be nice

CTO Ahmad Nassri announces intention to bow out

GitHub has completed its acquisition of JavaScript package registry NPM Inc, leading CTO Ahmad Nassri to announce his departure "in the near future".

Jeremy Epling, GitHub's director of product management, made it official just one month after news of the sale agreement broke. According to GitHub CEO Nat Friedman, and confirmed by Epling, the company has three immediate areas of focus.

The first is to "make the investments necessary to ensure that npm is fast, reliable, and scalable". Both GitHub and NPM are heavily used sites. In his farewell post, Nassri revealed that "the npm registry is serving around 125 billion requests at a whopping 6 petabytes per month". He added that the number of packages in the registry has increased from 1 million to 1.3 million since June 2019.

GitHub's own reliability record is not spotless, with significant outages on 27 February and 2 April, for example. On NPM's side, there were a couple of partial outages on 10-11 February. The sites do work well most of the time, though, with NPM reporting 100 per cent uptime in March and April, and 99.13 per cent in February, while GitHub cited 99.91 per cent, 100 per cent and 99.76 per cent (so far) for those three months. Uptime is critical since millions of developers rely on GitHub and/or NPM to do their work.

More important than the technical aspect is that Microsoft-owned GitHub is a stable home for NPM after a chaotic period in which Bryan Bogensberger was hired as CEO in January 2019 only to resign the following September. The business model behind running a free public registry is challenging, depending mainly on signing up paying customers for private registries, and Microsoft's motivation may be as much about gaining favour with developers as for any obvious commercial benefit. Friedman said: "Later this year, we will enable NPM's paying customers to move their private npm packages to GitHub Packages – allowing NPM to exclusively focus on being a great public registry for JavaScript."

The way NPM founder Isaac Z Schlueter tells it: "The npm registry is a significant and concrete strategic asset serving GitHub's mission of eliminating transaction costs in software development."

GitHub's other goals for NPM include improving the everyday experience for developers, including work on npm workspaces, which let you manage multiple packages from a single top-level package, and improving security. "Open source security is an important global issue," Friedman noted. ®

More about

More about

More about


Send us news

Other stories you might like