That's because they're generally extremely easy to replicate. "Repository" generally implies that all of the intelligence is baked into the client, and the server is just some minor variation on an FTP or HTTP server (as Linux repos tend to be, PyPI afaik is largely the same way, I don't think NPM does anything super clever server side).
The flip side of that is something closer to a CDN, where clients are dumb and the server/network is smart. Those are monetizable because the servers have to be featureful, so you can win on features and charge money for those features.
I struggle to think of any really great value add features for a repository. There's vulnerability scanning, but the successes with that seem largely meh, and there are dozens of competitors in that space already.
I think they were hoping to ride on the "enterprise" crew, because no one gets fired for buying the canonical implementation. But then RedHat acquired Quay and that was basically the end of the end, since RedHat is enterprise and already has about a half dozen products in the ops space.
The flip side of that is something closer to a CDN, where clients are dumb and the server/network is smart. Those are monetizable because the servers have to be featureful, so you can win on features and charge money for those features.
I struggle to think of any really great value add features for a repository. There's vulnerability scanning, but the successes with that seem largely meh, and there are dozens of competitors in that space already.
I think they were hoping to ride on the "enterprise" crew, because no one gets fired for buying the canonical implementation. But then RedHat acquired Quay and that was basically the end of the end, since RedHat is enterprise and already has about a half dozen products in the ops space.