Login

Register

Login

Register

#cybersecurity | #hackerspace |

Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure


Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.

In 2018 when Microsoft acquired Github, many in the developer community had a cautious, even emotional response. Given today’s announcement that GitHub is acquiring npm — the same concerns are likely to surface again since JavaScript is one of the world’s most popular programming languages and since the commons of the global JavaScript community reside within the fabric of npm.

On one hand, such concern is understandable. After all, open source projects are created by the community and they exist to serve the community. I can imagine the argument going like this, “npm as the central repository of JavaScript can only provide value if the community at large trusts those who are responsible for running it.” But, what is “trust”? And how do public repositories like npm, Maven Central, or even Microsoft’s NuGet gallery go about earning the trust of a global developer community?

At Sonatype we’ve been the stewards of the Central Repository (Central), the world’s largest component repository of Java and other JVM related components since 2007. Based on this experience, I’ve learned first hand how challenging it can be to serve as the steward for a public repository. I know how hard it is to gain and keep the trust of millions of open source software developers. In my humble opinion, earning trust starts with “picking up a shovel” and solving a problem on behalf of a community to help it grow and flourish. Community trust is further amplified when you can muster enough resources to solve the same problem in a reliable and scalable manner over a period of many years.

But, here’s the thing; operating a public repository in support of millions (Read more…)





Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW