npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Announcing npm Enterprise and why it matters to the community!

Today we announced a new product: npm Enterprise. It is a key component in enabling open source style collaboration and workflows in enterprise teams. But why should the community care about this?

When a company is built up to support a commons or an open source project, the health of the community becomes tied inextricably to that company. The structure of our economy is such that for-profit corporations are often the only way to cover the costs associated with the sort of staggering growth our larger community has seen.

There are two concerns around this sort of commercialization:

The first is that companies come and go. Is the company here for the long haul? Will they still be here in five years? Ten?

The second is all about incentives. Are they building a business that treats their users as a commodity, as advertising-based models do? Does their product compete with what you use for free, thus incentivizing them to make the free one worse?

I think npm has good answers to both of these concerns and that's why it's important for the community to pay attention to this. Any company built up around a community owes that community a clear understanding of its business model so they can answer these questions for themselves.

So what is npm selling?

We've been offering organization accounts for a few years now. They provide team based access controls and the ability to publish private modules. I've always explained this as "think about what Github sells" and that's been a pretty reasonable explanation. This is well suited toward smaller organizations and works best when you have one mid-sized team using it. You can also get one for free for your open source projects where all of your modules are public.

With the announcement and release of npm Enterprise, we're now offering your own personal instance of the registry. It is wired into the public registry, so you still get access to the modules that your software is built on, but because you have your own private copy of the software running for you it can support key enterprise features like SSO, enterprise wide discovery and multiple namespaces. It's also a foundation on which you'll see us adding innovative security features, deep insight into how the enterprise as a whole is using JavaScript and the tools to meet the compliance needs of larger companies.

And what does that mean?

The first thing of note is that npm is not following the "open core" model, where the open source tool itself is what's being commercialized. Instead we're building services around the registry to help teams at companies both small and large work faster and more efficiently. And maybe more importantly, services that help teams work with each other without incurring the kind of communication penalty that keeps individual team sizes modest across the industry.

Our users are not our product. We aren't selling ads. We aren't selling data. Our enterprise product doesn’t compete with the free services we provide or the open source tools we produce. We don’t have to choose between serving our customers and serving our community. Your success drives our success.

I and the rest of the teams at npm are proud of what we have achieved as a company and the kind of company that we’ve grown into. I look forward to a bright future, one where the community is even stronger, our open source projects are even better and our company thrives!

P.S. Our sales team asks me to remind you that if npm Enterprise does sound up your alley you should get them on the phone!

Great work!

I would caution against offering production-critical, enterprise services on .IO domains, however: domains RE: "Managing JavaScript in the Enterprise"

I had no idea about that, thanks for sharing!