GitHub is expanding the scope of its code repository to include support for publishing software packages, the company annoucned Friday afternoon.
After teasing an announcement all week on Twitter, GitHub will unveil the GitHub Package Registry during a live stream Friday afternoon starting at 1:30 pm PDT. The new service will allow developers to publish software packages — collections of code and metadata that allow source code to execute on a computer — on GitHub, or within private repositories used by paying customers inside their software-development organizations.
“When you work on a project that has dependencies on packages, it’s important for you to trust them, understand their code, and connect with the community who built them,” Pasat wrote. The last few years have seen a huge increase in the automation and velocity of much of the software development process, but companies have started to realize they are vulnerable to security issues within their “software supply chains,” including software packages disguised as something benign that actually mine bitcoin or snoop on network traffic.
“Software development is deeply collaborative,” said Nat Friedman, GitHub CEO, during the event Friday afternoon. Packages help developers incorporate code from outside sources through APIs, and inside larger companies packages help developers ship new software faster, he said.
Earlier this week at Build, Microsoft announced several new updates involving Azure services and the popular code repository, linking GitHub repositories to Azure Active Directory and Visual Studio Code. Microsoft has promised to use a “light touch” in managing GitHub, which continues to operate as a separate company, and GitHub Package Registry is one of the biggest products it has unveiled since the deal closed last October.
[Editor’s note: This post was updated several times as more information became available.]