npm Blog (Archive)

The npm blog has been discontinued.

Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.

npm, Inc. Update: 2016

npm, Inc. is now 2 years old, and we’ve come a long way from where the project and community were at the beginning of 2014. Here’s a brief overview of what happened this year, and what’s planned for 2016.

Huge Growth!

Reliance on modular JavaScript is increasing, the community of npm users is growing incredibly quickly, and the rate at which these figures grow is also increasing. In the last year, npm users downloaded 25 billion packages.

This kind of growth means our “most of these things happened in the last year” metrics will almost certainly be repeated next year — and it also means that the dominant majority of our users are brand new.

Events like Node School and other community efforts are helpful for getting newcomers integrated. In 2016, a major priority for npm, Inc. will be to help newcomers succeed at using npm in their projects, both for Open Source and at work.

New Products, New Hires, New Space

Since Private Packages debuted in April, many thousands of you have signed up. Support for organizations shipped a few months ago, and we continue to work to improve it.

The npm On-Site team has been busily cranking away to make it easier than ever to get the full npm experience behind a corporate firewall.

npm, Inc. went into 2015 with 11 employees and came into 2016 with 27. A key part of this has been building out teams for support, sales, and marketing — so that everyone everywhere can hear about npm and be successful with it.

This increase in people meant that we were tripping over one another in our old office, so we moved into a much larger space on Lake Merritt. If you come to an Oakland Node School event, you can enjoy our couches and coffee while you learn how to write JavaScript packages.

OSS Love

As I write this, our registry uptime has been 100% over the last month. Superstition dictates I shouldn’t brag too much about this, but the hard work of our registry and ops team means registry reliability has become something the rest of us can usually forget about.

One of this company’s initial goals was to make registry uptime remarkably unremarkable, boring, and expected. We’re still committed to making it even less noticeable. With a community as fast-growing as ours, staying ahead of exponentially increasing usage has to be a top priority.

The npm CLI team has been working hard to pay down technical debt and continue to maintain good Open Source discipline. Part of this has been conducting weekly calls as public hangouts, and establishing a clear set of priorities to help guide the vision of the project.

In the next year, you’ll see npm get faster, more reliable, and easier to understand.


In 2015, the Node Foundation was created as a home for the Node.js project. npm, Inc. was one of the initial Silver Sponsors, and several members of our team have actively participated in the Foundation since before it was even called that — when it was the Node Advisory Board and the io.js Technical Committee.

In 2016, it’s my personal goal to move the open-source npm CLI project away from single-company ownership. The npm CLI belongs in a more standard and mature Open Source governance structure: within a foundation.

Exact plans for this transition and governance structure are still being drawn up. The worst possible outcome would be to damage something that works well. We’re taking very deliberate steps and weighing the pros and cons of every choice.

The ideal arrangement creates clear lines of accountability from the CLI team to the community they serve, and provides a structure for more people to get involved with the open-source project in a productive way.


InnerSource means applying the culture, practices, and tools of Open Source Software to the domain of commercial software development.

InnerSource is what we do at npm, Inc. It’s at the heart of our skills and passion, and it’s the clearest way to create value for our customers. As a long-time OSS participant, I’ve tried to bring some of the best aspects of open participation to this company, and our products are designed to help you use well-established open source methodologies at your job.

I originally wrote npm because I wanted an easier way to share JavaScript code and experiment with what other people were creating. We started this company when we saw a movement happening: people taking what works in Open Source, and bringing it into their companies.

Companies have slightly different needs than individual Open Source developers, but these aren’t that different. They need control of their infrastructure, protection against accidentally violating software licenses, better support for managing teams, and visibility into what everyone across the company is working on.

npm On-Site provides a full-featured solution for companies that want an npm registry — complete with the website, first-class support of all npm features, and a whitelist (or other extensible policy) to control what gets installed behind the firewall. With a few small additions, it’s literally the exact same code that runs npm’s public registry and website for Open Source devs. You can’t get more InnerSource than that.

npm Private Packages provides a SaaS for companies that want to use npm to manage their private code, but don’t want or need to run the registry within their own network.

More importantly, we’re not alone in this approach. A lot of important dev tool companies are coming into an almost identical three-part strategy: free for Open Source, paid SaaS, and full-featured on-site enterprise software.

Expect to hear more about this from us and our friends in the coming year.

We Need You

npm literally would not exist without the contributions of our community, and npm, Inc. continues to depend upon your input, PRs, packages, and feedback. Please don’t be shy to get in touch.

Have an improvement? Send us a pull request (and score free socks!).

Need help? Contact support or find us on Twitter.

Any thoughts? I want to hear from you. Drop me a line: If you have an npm account, then you probably got this message in your inbox, and can reply to it. (And if you don’t, then go create one!)