Microsoft’s GitHub is snapping up node packpage manager (npm), with plans for integration between the platforms. In a blog post, GitHub CEO Nat Friedman announced the news, but did not share a purchase price.
Despite the acquisition, Friedman reassured users that it will not be shuttering npm and that it will always remain free. The focus instead is a three pronged approach: improve the core experience, engage with the community, and improve the registry infrastructure and platform.
“We will work to improve the everyday experience of developers and maintainers, and support the great work already started on the npm v7 CLI, which will remain free and open source,” Friedman said. “Some bigger features that we’re excited about are Workspaces and improvements to the publishing and multi-factor authentication experience. “
This announcement could also shed some light on Microsoft’s activity in recent times. In January, it pointed out an npm package that has been stealing the data of UNIX users. GitHub also previously introduced the ability to publish npm packages. It makes sense that it would look closely at a platform it’s planning to acquire, but users will want to know what GitHub is planning to do to improve safety going forward.
Freidman admits that security will be a focus in the future. This will come partially from the GitHub integration, which will let you trace a change from a GitHub pull request to the resolution. It will also be looking at measures it recently launched on its own platform, such as the GitHub Security Lab and built-in security advisories.
Essentially, this purchase could lead to significant improvements in the open-source community, and Microsoft has a good track record with Typescript. Still, while GitHub remains a separate entity from its parent company, there will always be those who view it as another step away from decentralization.