Shawn Wildermuth's Rants and Raves

Thanks for visiting my blog! See more about me here: About Me

What Does the GitHub Registry Mean to Developers?
What Does the GitHub Registry Mean to Developers?
May 12, 2019

As you might have heard, GitHub has created it’s own package registry. On the face of it, it might just feel like an opportunity to get more ‘buy-in’ into using GitHub, but I think something else is going on.

While most people are focusing on the support in NPM for the GitHub registry, they’re actually supporting a package repository for a handful of package services. These include Nuget, Ruby Gems, Maven, and Docker. Why are they doing this?

The biggest benefit for people already using GitHub is to be able to expose their code as packages directly in the same environment. This limits the number of steps involved.

GitHub has promised that it will be free for public and open source projects. I suspect a big benefit will be for private repositories to be able to expose their company’s projects as part of one of these Package stores. I also expect that will generate some revenue for GitHub, though I am not sure Microsoft considers it a profit center.

That’s all good, but there is something else happening that I think is interesting. As we’ve seen with NPM, trusting a package (and who actually published it) has bitten users of NPM as of late. By tying the source code to the exposing of the package, this might help us (as a community) be able to find bad package owners more easily (since we can see the ownership in the code diffs). I could be wrong though.

The other situation that this helps me feel better about is what is happening at NPM these days. They’re in the middle of labor troubles (which concerns me for the future of NPM and that developers aren’t being treated well):

businessinsider.com/npm-employees-open-letter-2019-5

I like that we might have a backup registry for NPM (et al.) in case things go badly at this center of a ton of web development. I certainly wouldn’t be worried about it in the short term, but I’d keep an eye on it.

In terms of the NPM, it also provides more pressure on Yarn and NPM. More players usually equals more competition, which I would never decry. The fact that this is also coming to other packagers that I use (e.g. Nuget), more the better. As Microsoft owns both, we might even see GitHub take over the for Nuget.com. That might be for the better. I’m signing up for the beta for my packages, you might want to as well:

GitHub Repository Beta

Am I right?