GitHub has completed its acquisition of NPM

312 点作者 0xedb大约 5 年前

24 条评论

For those who were having deja vu, this is a notification that GitHub completed its acquisition of NPM.

评论 #22884714 未加载

评论 #22885066 未加载

VonGuard大约 5 年前

This is a good thing. When they were independent, NPM was a disaster area. The company spent 100% of its time chasing down social issues and insanity in the community and never figured out how to make money, or at least, it took them FOREVER to figure that out.Years ago, they introduced "orgs" which they sat there and explained to me with slides and pictures and concepts and business bullshit for an hour. I did not understand a thing they'd said. Finally, they were like "We're selling private namespace in the npm registry for blessed packages for groups or businesses." I understood that. If they'd just said that up front....They had some great people, some very smart folks like CJ, but they completely biffed every business decision they ever made, and when you'd go in and talk to the leadership, they were always acting as if they had some sort of PTSD from the community. I mean, people were putting spam packages in NPM just to get SEO on some outside webpage through the default NPM package webpages. People were squatting and stealing package names. Leftpad... the community management here is nightmarishly hard, and I was never convinced they'd ever make money on it. MS doesn't NEED to make money on it. They can just pump in cash and have a brilliant tool for reaching UX developers around the world, regardless of whether they use Windows or not.I feel like the GitHub group at Microsoft is now some sort of orphanage for mistreated developer tool startups. GitHub had similar management issues: they refused to build enterprise features at all for years unless they were useful to regular GitHub.com. And there were other people issues at the top for years. Chris seemed more interested in working with the Obama administration on digital learning initiatives than with running GitHub, for example.

评论 #22885002 未加载

评论 #22887601 未加载

评论 #22887502 未加载

评论 #22885046 未加载

评论 #22884978 未加载

评论 #22889706 未加载

sytse大约 5 年前

Someone asked "Would this have made sense for a company like GitLab if they didn't have the corporate backing of something like MS?" and deleted their comment while I was writing the answer below:Being the canonical registry for a language (Rubygems) or technology (DockerHub) tends to be a huge expense.The main expenses are cloud costs (bandwidth and storage) and security (defense and curation).I've not seen examples of organizations turning this into a great business by itself. For example Rubygems is sponsored by RubyCentral <a href="http://rubycentral.org/" rel="nofollow">http://rubycentral.org/</a> who organize the annual RubyConf and RailsConf software conferences.Please note that running a non-canonical registry is a good business. JFrog does well with Artifactory <a href="https://jfrog.com/artifactory/" rel="nofollow">https://jfrog.com/artifactory/</a> and we have the GitLab Package Registry <a href="https://docs.gitlab.com/ee/user/packages/" rel="nofollow">https://docs.gitlab.com/ee/user/packages/</a> that includes a dependency proxy and we're working on a dependency firewall.

评论 #22886362 未加载

评论 #22888377 未加载

评论 #22886199 未加载

评论 #22884965 未加载

评论 #22886975 未加载

评论 #22885011 未加载

评论 #22884996 未加载

montroser大约 5 年前

I never quite got a warm-fuzzy feeling from npm -- the tool, the service, the company. This announcement does nothing to help, from my perspective. Is my dependency on this or that JavaScript library something that really needs to be owned by a for-profit company?I also kind of wonder what is the real value of a centralized repository versus just directly referencing git repos. I haven't used this gpk[0] project yet, but it looks like an interesting alternative, on paper.[0]: <a href="https://github.com/braydonf/gpk" rel="nofollow">https://github.com/braydonf/gpk</a>

评论 #22884879 未加载

评论 #22884827 未加载

评论 #22884942 未加载

评论 #22884891 未加载

animalCrax0rz大约 5 年前

This brought up in my mind the thought that while Deno is still WIP (for example, packaging of Rust plugins is not yet resolved) and the ecosystem around it barely exists it was designed to have no dependency on 3rd party tools like npm and yarn.

评论 #22884946 未加载

评论 #22885166 未加载

mtm7大约 5 年前

Out of curiosity, what benefits does Microsoft/GitHub get from owning a package registry? I'd be fascinated to learn more about their long-term strategy here.

评论 #22884832 未加载

评论 #22885034 未加载

评论 #22885010 未加载

评论 #22885492 未加载

评论 #22884802 未加载

评论 #22886047 未加载

评论 #22887119 未加载

评论 #22886977 未加载

评论 #22888700 未加载

评论 #22884829 未加载

评论 #22885140 未加载

评论 #22884860 未加载

rl3大约 5 年前

Curious world we live in, where the infrastructure behind so many OSS projects can simply be acquired.What's preventing the dream of decentralization from taking off? We have the technology.

评论 #22884747 未加载

评论 #22884750 未加载

评论 #22884866 未加载

评论 #22885615 未加载

评论 #22884741 未加载

评论 #22884729 未加载

评论 #22887204 未加载

评论 #22885183 未加载

评论 #22884792 未加载

doctoboggan大约 5 年前

Question from a new JS developer: Should I be using NPM to manage my dependencies?I have recently started getting into JS programming. I have thus far avoided NPM, because I've been trying to use CDNs for all my external dependencies.My thinking is that it saves me bandwidth costs and potentially saves my user's bandwidth as well if they get a cache hit.I get the downsides are that I don't control the CDN and they could go offline, but honestly I expect I am much more likely to go down from some mistake in my own deployment rather than a well known CDN being offline.I am wondering if I am missing something though, because absolutely every JS package I read about suggests you use NPM (some also link a CDN, many don't). Should I be using NPM to manage my JS dependencies instead of using CDNs?

评论 #22886006 未加载

评论 #22888202 未加载

评论 #22886511 未加载

评论 #22886517 未加载

fzil大约 5 年前

dang, Microsoft going around acquiring dev tools like its a monopoly game

评论 #22884849 未加载

评论 #22884840 未加载

评论 #22884837 未加载

Pmop大约 5 年前

I don't have a good feeling about this kind of centralization.

pavlov大约 5 年前

“DEVELOPERS DEVELOPERS DEVELOPERS!” — Steve Ballmer, 2000

评论 #22887215 未加载

judge2020大约 5 年前

I hope this only goes as far as being able to sign up with and link a GitHub account to NPM. Any tighter integration seems like it would be in bad faith, in terms of allowing integration with other git services/non-GH package hosting.

评论 #22884732 未加载

rhacker大约 5 年前

They just made Github teams free, so I imagine npm private repos is next?

评论 #22884690 未加载

评论 #22886952 未加载

aforty大约 5 年前

I like how Microsoft basically just acquired a whole slew of open source tools and no one seems to notice or care.

评论 #22886269 未加载

评论 #22885743 未加载

评论 #22885760 未加载

评论 #22892599 未加载

wp381640大约 5 年前

I'd say the three biggest namespaces in dev are github, npm and docker hub - will Microsoft go 3 for 3?Docker Hub feels a bit neglected - it could be aliased to docker.pkg.github.com and that'd be a huge improvement

评论 #22884997 未加载

kalium_xyz大约 5 年前

NPM is joining GitHub => NPM has joined GitHub

chvid大约 5 年前

It would be nice to have free private npm repositories like the free private github repositories ...

asiachick大约 5 年前

Hopefully they'll revisit the decision to allow ads in install scripts that NPM sanctioned.

anm89大约 5 年前

Npm has joined Microsoft

评论 #22885656 未加载

SenHeng大约 5 年前

I'm curious what's the roadmap for the npm CLI tool. Any word?

tobyhinloopen大约 5 年前

If you cannot beat them, buy them.

bamboozled大约 5 年前

Which is now owned by Microsoft? :)

sdan大约 5 年前

Next is pypi

评论 #22888967 未加载

metreo大约 5 年前

What does that do for overall code quality on GitHub I wonder?

评论 #22884724 未加载