Now you can create tokens with fine-grained permissions for automating your publishing and organization management workflows. And a new code explorer allows you to view content of a package directly in the npm portal.
|This is part of our Octoverse 2022 report, which explores the state of open source software, its impact on companies, and key trends shaping software development.|
At GitHub, we have seen a remarkable change over the past decade:
More companies are actively investing in open source software, contributing to projects, and even releasing their own open source projects.
This isn’t happening in a vacuum. Organizations are increasingly recognizing their own reliance on open source software—according to Synopsys’ recent report, 97% of applications leverage open source code. That’s leading to a more concerted effort among companies to better understand what they’re using, what they’re contributing back, and how to manage programs, processes, and security risks around those projects.
There’s also a realization of the material benefits companies can reap from engaging in open source. These include everything from building a public technology and open source brand that improves your ability to recruit developers to leveraging software that is more secure and supported from developers around the world.
This has led a growing number of companies adopting open source program offices (OSPOs) to be centers of competency for an organization’s open source operations and structure. By our count at GitHub, over 30% of Fortune 100 companies have now implemented OSPOs to help structure organizational policies and procedures around open source—and we expect this number to increase.
We see this as a net positive for the open source community—and a curious turnaround given the history between proprietary and open source software. The benefits to the larger community range from increased investment via sponsorships to a larger talent pool of contributors to heightened awareness and focus on supply chain security.
But there are pain points that companies are facing. First and foremost, there is no one-size-fits-all approach to building an OSPO. Every organization is unique in terms of its needs, legal obligations, engineering resources, and approach to engaging in open source. Moreover, there is a lack of tooling companies can use to track their open source investments, get insights into project growth and health, and understand the mix of internal and external contributions to open source projects.
At GitHub, this is something we’re actively working to solve for in partnership with other organizations. Because when more companies can adopt OSPOs, more people can engage in and sustain open source. And that’s a benefit to everyone.
More adoption of OSPO teams across companies, a greater emphasis on investing in open source software, and the creation of more dedicated and standardized tooling to help open source communities and companies fully understand their project health and sustainability.
|You can find more expert predictions from our Octoverse 2022 report on the following topics:|