GitHub Package Registry Lets You Manage Dependencies With Repos

For many, repos are collections of dependencies or packages of code. A new product from GitHub, Package Registry, will allow you the freedom to manage and use repos and packages, separately or together.

Package Registry fills a niche between Gists and repos, allowing anyone to host packages or dependencies “next to your source code.” It has all the same management features of Gists or Repos, and will be searchable via GitHub. Packages on GitHub can be private or public, and used widely or within an organization. On launch, Package Registry will support NPM (JavaScript), Maven (Java), RubyGems (Ruby), NuGet (.NET), and Docker images.

You won’t need to alter your workflow, either. GitHub Package Registry is not a package or dependency manager. Those who want to access GitHub-hosted packages simply need to make some back-end changes (fire up your Terminal!) to install packages and have their preferred package manager communicate with GitHub.

Github isn’t saying what “packages” mean, if there are limitations on what can be hosted, or if they’ll start categorizing repos and Gists accordingly. Some repos are packages, or bunches of packages… or dependencies. Some Gists could probably be packages, too. It doesn’t sound like GitHub is going to get dogmatic about how we list our code, but we wouldn’t be surprised to see it suggest what form code should take in the future. (There’s a joke about Clippy – “It looks like you’re trying to host a package!” – in here somewhere.)

GitHub Package Registry

Package hosting will be free for open-source projects, and Github says further details on pricing will come later. This is an interesting note because it recently detonated its paid and free tiers for repos to include unlimited private repos for free.

But it also serves Actions (GitHub’s last major product announcement), which lets you string together actionable items to better automate your workflow. Ironically, the example GitHub used in announcing Actions was publishing a test to NPM. At the time, we likened Actions to a micro-dependency; GitHub said Actions was a bit like Siri Shortcuts, where smaller interactions can be linked to make something bigger happen.

Hosting packages and dependencies widens the mouth of GitHub’s vortex. Post Microsoft-acquisition, GitHub has made a genuine effort to have all code hosted on its platform, and packages seem like the last piece of that puzzle. There’s also the Spectrum acquisition to consider, which the company suggested may also come into play in this context. In its blog post announcing Package Registry, it notes a need for developer to “connect with the community who built [packages].”

GitHub Package Registry is currently in a limited public beta, which definitely means dog-fooding – and 100 percent means it’s got a lot of rough edges. But if you’ve ever been bitten by a dependency that is no longer supported, GitHub opening its doors to packages (and allowing you to use the package manager you currently use) is a welcome sign.