GitHub launches Package Registry to easily generate packages from your code
techrepublic cheat sheet
Code hosting website GitHub announced today a new service for its customers that will allow developers and organizations an easy way to generate "packages" from their code.
Packages are specially-crafted archives that can be installed by package managers --special software that simplifies the loading of libraries and modules inside coding projects.
GitHub's new feature --called the GitHub Package Registry-- will support generating packages for package managers such as:
- npm (JavaScript)
- Maven (Java)
- RubyGems (Ruby)
- NuGet (.NET)
- Docker images (for Docker's OS virtualization software)
Other package managers will also be supported in the future, GitHub product manager Simina Pasat said in a blog post today.
A new tab will be added to the GitHub interface where an account or organization's packages will be listed.
GitHub's new Package Registry will also support pre-releases, so organizations and open-source communities can test packages internally with employees or fellow project members, before releasing a public version.
Once a public package is generated from the GitHub project's source code, the project can be hosted on GitHub, exclusively, or promoted to a public package manager's infrastructure.
Advantages to using GitHub's new Package Registry
While some might think that GitHub is taking a jab at central package manager repositories by trying to subvert their userbases, this is not so. Developers will continue to use tools like npm, RubyGems, Maven, and NuGet to install packages in their code.
All that GitHub is doing is to provide an easier way to generate these packages, and optionally distribute them from its site for situations that require private package hosting.
Furthermore, besides an automated package-generation process and private hosting, there are other benefits to using GitHub's new service, such as the company's extensive security features, Pasat said.
This includes having the ability to control the entire flow of a project from its inception, coding, and publication. Controlling this entire process only from GitHub accounts, without having to switch to npm, RubyGems, or Maven profiles, reduces entry points that attackers can exploit to poison a project's artifacts.
GitHub accounts are notoriously difficult to crack, benefiting from two-step verification protections, enhancements against brute-force attacks, activity logging, and more.
On top of this, GitHub also alerts developers about vulnerabilities in a project's downstream libraries for Java, .NET, JavaScript, Ruby, and Python repositories, and GitHub also scans a project's source code for API keys and tokens that a developer might have forgotten inside by accident.
GitHub is today's top code hosting destination. The startup was acquired by Microsoft in June 2018 for $7.5 billion.