GitHub is expanding the scope of its code repository to include support for publishing software packages, the company annoucned Friday afternoon.
After teasing an announcement all week on Twitter, GitHub will unveil the GitHub Package Registry during a live stream Friday afternoon starting at 1:30 pm PDT. The new service will allow developers to publish software packages — collections of code and metadata that allow source code to execute on a computer — on GitHub, or within private repositories used by paying customers inside their software-development organizations.
Available as a limited public beta for now, GitHub Package Registry supports several commonly used package formats, including “JavaScript (npm), Java (Maven), Ruby (RubyGems), .NET (NuGet), and Docker images, with more to come,” the Microsoft-owned company said in a blog post. The millions of developers who are already using GitHub to store their source code will find it easier to work on projects if they can also find software packages through the same interface and login, said Simina Pasat, director of product management at GitHub, in the post.
“When you work on a project that has dependencies on packages, it’s important for you to trust them, understand their code, and connect with the community who built them,” Pasat wrote. The last few years have seen a huge increase in the automation and velocity of much of the software development process, but companies have started to realize they are vulnerable to security issues within their “software supply chains,” including software packages disguised as something benign that actually mine bitcoin or snoop on network traffic.
“Software development is deeply collaborative,” said Nat Friedman, GitHub CEO, during the event Friday afternoon. Packages help developers incorporate code from outside sources through APIs, and inside larger companies packages help developers ship new software faster, he said.
Earlier this week at Build, Microsoft announced several new updates involving Azure services and the popular code repository, linking GitHub repositories to Azure Active Directory and Visual Studio Code. Microsoft has promised to use a “light touch” in managing GitHub, which continues to operate as a separate company, and GitHub Package Registry is one of the biggest products it has unveiled since the deal closed last October.
[Editor’s note: This post was updated several times as more information became available.]
