[no_wizard]

For all the features GitHub has, this is the only one that myself and those that I know personally have made us care and watch very closely what GitHub does with this.

We've been looking for a simple way to streamline releases. Right now everything we have at my job is on GitLab and I use GitLab personally (though I have a github account, of course).

I prefer GitLab in every way, but this feature alone might be a good enough reason to switch. It would make releases just so darn easy. The only thing I hope (which is not made clear) is that the stipulation that you can't easily delete a package on the registry (According to the link, its only for GDPR requests and legal reasons) is something that, for instance, an Enterprise account wouldn't have. I already have our purchasing team looking into it, thats how serious this is.

If the API for hitting these packages is any good, its gonna be so hard to resist.

I really hope GitLab has a good response to this.

To wit, since GitLab is custom hosted, I wonder how hard it would be to add this into the CE edition....

With all that said, I wonder what the hidden limits will be. Imagine if instead of NPM maintaing all of its servers, it was just a thin database that had better routing to github releases? Would that fall afoul with GitHub?

I mean, whats the point of maintaining your own distribution server when GitHub can front all the hosting costs and all you have to do is map the name of a package to its Github Package Release URL. I could see NPM, PyPI et. al. just doing that, instead of having their own servers. Maybe its a good idea to run additional cache nodes, but GitHub being the main place where release code lives for you package index would cut the bills significantly no?

[itslennysfault]

This is a feature Azure DevOps (formerly Visual Studio Team Services) has had for at least 3 years now. Their repositories Maven, Gradle, Pip, and NuGet in addition to NPM. I'm always surprised more people don't use it. It's a full featured ticket system, git (PRs / etc), package feeds, and ci/cd in one neat package.

[no_wizard]

I did not know that. Though, we aren't on Azure for anything at all (AWS for some HIPAA stuff, Google Cloud or our own proxmox cluser for the rest).

I know Azure Pipelines is becoming the sort of defacto automated CD/CI pipeline though (used to be Travis for so long) and I've heard nothing but good things about that. Might have to take a look.

[GordonS]

It's called Azure DevOps, but beyond technically being (transparently) hosted in Azure data centers, the "Azure" part of the name is pretty meaningless.

[tr-gitlab]

GitLab PM here: The GitHub registry looks really interesting. I like how they incorporated search and how they are encouraging people to host their packages on GitHub instead of npm.

At GitLab, the CE edition currently offers a container registry, that allows users to build, push and share images using the Docker client and/or GitLab CI/CD.

The EE edition offers an NPM and Maven registry, that allows users to publish, download and share dependencies. Both also integrate with GitLab CI/CD. We are currently working on Conan (C/C++) and NuGet (.NET). We are evaluating moving these features to CE as well.

We also offer a proxy to for Docker images (which will be extended to each registry) that improves reliability and performance and (in the future) will help mitigate and remediate open source risk.

If you end up trying GitHub's registry, I'd love to hear more about what you thought.

[sytse]

At GitLab we already have a package stage and support Docker, npm, and C packages. More are in the works.

GitLab can also work as a proxy to upstream registers for performance and in the future for security.