Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News GitHub Package Registry Integrates Source Code and Packages

GitHub Package Registry Integrates Source Code and Packages

This item in japanese

GitHub launched a limited beta of its new Package Registry, aiming to simplify publishing public or private packages under the same user interface as source code. GitHub Package Registry supports npm, Maven, RubyGems, NuGet, and Docker images, and support for more package management tools is already on its roadmap.

It is important to understand GitHub Package Registry aims to be compatible with as many package management tools as possible, but it does not aim to replace them. In particular, a great use case for GitHub Package Registry is to publish non-official, development versions of your packages, so you can try them out or integrate them within other programs without hitting the official public registry for that kind of package.

The biggest advantages of using GitHub Package Registry stem from the tight integration between your code and packages that makes it possible not only to manage both using the same known interface, but also leverage the same project setup, including organizations, teams, permissions, and so on.

Specifically, you can use the same set of credentials for both source code and packages, with packages inheriting the same visibility and permissions of their parent repository. Similarly to what you do when working with source code, you can use organizations to control who has access to your private packages, who can create new packages, etc.

Besides being integrated with GitHub search and browsing UI, GitHub packages are also integrated with the rest of GitHub management tools, including webhooks and GitHub Actions. This will allow to integrate the creation and publishing of packages from your source code within your CI pipeline.

Another useful feature of the GitHub Package Registry is the possibility of accessing a number of details and statistics about packages, called Package Insights. Package Insights are accessible to anyone, and according to GitHub may contribute to building trust and letting you double-check if the package you would like to add as a dependency is what you expect it to be.

As mentioned, GitHub is providing a limited beta access to its GitHub Package Registry. According to GitHub product manager Simina Pasat, the GitHub Package Registry will be free for open source packages, in keeping with the usual GitHub pricing policies, with paid tiers for private uses.

Rate this Article