Last week we launched npm Enterprise, a fact that might come as a surprise to those of you who’ve been paying attention and know that we’ve had an enterprise product since 2014. The new Enterprise is a totally different beast, the result of recognizing that the way npm works is fundamentally new and different to previous package ecosystems.
Dependency management used to be a discrete process. You could have a conversation about it or a meeting. You could fill in a form that listed the open-source software you depended on (early investors in npm asked us to list the open source we use and were surprised to receive a list containing tens of thousands of items that was usually 5 or 10 items long). Fundamentally, things were moving at a human speed and in numbers that your dev team could be expected to handle manually.
This creates a difference in quantity that becomes a difference in kind. Enterprise security and change management processes did not anticipate this kind of scale. When your application has two thousand dependencies, you can’t inspect them all yourself. You can’t hope they’re all secure. You can’t assume they’ve all got permissive licenses. And at least one of the packages you’re using will get an update every single day. You have to move from manual, discrete processes to automated, continuous processes.
Our earliest enterprise customers saw the public registry the way they saw previous package repositories: an unreliable source. They wanted a package management solution they could host themselves, where they could lock everything down to specific versions, where they could inspect everything for security. They wanted to be disconnected from the public npm Registry.
So the new npm Enterprise is designed to feel exactly like npm. Its website looks just like npm’s, with full READMEs and world-class search. It supports all the npm commands, not just install, and it’s just as fast as the public registry. Your npm Enterprise runs on its own dedicated hardware on a securely isolated network, but is plugged directly into the Registry, and run by the same team. You get package updates the moment they happen, and you get security updates the moment we have them, often days before third-party security products.
We saw too many products that tried to do package management that were the bane of developers’ lives. They would complain about missing features, poor performance, mysterious bugs. They were in conflict with IT and security departments that needed stronger guarantees around auditability, security and uptime. With npm Enterprise, we can satisfy both camps. The developers get the smooth, uninterrupted experience they’ve been wanting, and IT and security get the insight they need to sleep at night.
npm Enterprise is enterprise-grade security and collaboration software that works the way npm does: quickly, silently, and so trouble-free you forget it’s even there. It’s so reliable that it becomes invisible. That’s the way it should be, and we hope you like it as much as we do.
To learn more about the ways npm Enterprise can help your business, visit our product page.