NPM Inc, which controls the development of the NPM package manager and maintains the NPM repository, has announced the sale of its business to Microsoft-owned GitHub Inc, which operates as an independent business unit. The transaction amount is not called.
The main development vectors are mentioned as increasing the reliability, scalability and productivity of the repository and infrastructure, as well as improving the convenience of the daily work of developers and those accompanying the package manager. Of the significant innovations expected in npm 7, workspaces are called (Workspaces - allow you to aggregate dependencies from several packages into one package for installation in one step), improve the process of publishing packages and expand support for multifactor authentication.
To increase the security of publishing and package delivery processes, it is planned to integrate NPM into the GitHub infrastructure. Integration will also allow using the GitHub interface for preparing and placing NPM packages - changes in packages can be tracked in GitHub from the receipt of a pull request to the publication of a new version of an npm package. The vulnerability detection and vulnerability reporting tools provided by GitHub in the repositories will also apply to NPM packages. GitHub Sponsors service will be available to finance the work of accompanying and authors of NPM packages.
Isaac Z. Schlueter, creator of NPM, will continue to work on the project and will be provided with additional resources and a more relaxed working environment. The founder of NPM believes that as part of GitHub NPM will receive additional support from one of the largest global companies behind the largest developer community. Currently, the NPM repository serves more than 1.3 million packages, which are used by about 12 million developers. About 75 billion downloads are recorded per month, and this figure is growing steadily.
Get more at the NPM's blog.