Bonum Certa Men Certa

Microsoft GitHub Exposé — Part XVIII — The Story of NPM

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism... and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub


  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman's Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)


  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation


  16. Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on
  17. Microsoft GitHub Exposé — Part XVII — Backsliding Into 1990s-Style Digital Slavery by Microsoft
  18. YOU ARE HERE ☞ The Story of NPM


GitHub: Where everything comes to die



Summary: The time seems right to resume this series, more so now that the Software Freedom Conservancy (SFC) [1, 2] and the Free Software Foundation (FSF) [1, 2, 3] grapple with the legal chaos caused by Team Mono inside Microsoft's GitHub

A few years ago Microsoft bought NPM through its tentacle (mind the pun!) known as GitHub, in effect controlling more of the "supply chain" while hiring NSA veterans to run GitHub. This is a major security fiasco, a blunder in the making. Remember that when NPM ships malware the media rushes to blame the victims (like GNU/Linux users who receive that malware) instead of blaming the company responsible for actually sending that malware. Meanwhile, with GitHub Actions, many projects have foolishly outsourced the build process to "the clown" -- in essence losing control of the compiler, instead trusting Microsoft and the NSA to manage that for them. It's a sort of subsidy (selling CPU cycles) in exchange for control. Who by? Microsoft.

It has been months since we published the arrest record of Balabhadra (Alex) Graveley, whom we'll leave outside it for a moment. He has court hearings and it's possible he'll be behind bars for a very long time. Those who were connected to him or defended him have long regretted it, possibly left their job, or "resigned" to avoid public embarrassment. We'll come back to them later in this series and maybe we'll have some updates from the courts.

"Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities)."As the state of journalism in general (not just on technical matters) is so appalling these days little actual investigation of the NPM takeover was conducted. Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities).

A rather reliable source recently told us a few details about the NPM story; "I remember all that drama with TJ Holowaychuk leaving the NPM scene," our sourced recalled. "Wondering if that was related to Microsoft acquiring NPM."

What shocked me most at the time was the lack of press coverage or scrutiny. Like nothing actually happened! Or like it didn't matter...

"A bit off topic but that whole event seemed strange," our source noted. The motivation is still barely known or explored; it's shrouded in mystery as there's no actual business model other than taking control of people. NPM wasn't about making money; the same was true about GitHub. The way we see it, Microsoft is trying to swallow all the code and repos as well (NPM). It's about control.

"The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict."TJ's [Holowaychuk] departure "was a pretty big event," our source explained. "At that point in time TJ had written like 60% of the node.js projects that everyone uses. Mostly by himself. Some people thought he wasn't a real person for a long time. Like they thought he was a collective..."

The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict. They can remotely take over all sorts of things. Remember that they hired from the NSA for GitHub management. This is all very well documented. What sort of company would do this??? Heck, they can even plant back doors in downloads, custom-made or tailored to specific downloaders, never mind the above-mentioned compilation process. Why would anyone trust Microsoft after the NSA leaks? They work hand-in-glove with the NSA on back doors.

"TJ is just a legend and influenced my personal coding style," our source told us. "There was another issue with the guy who originally wrote node.js [...] He wrote it then quit [...] Joyent hired him..."

"Ryan Dahl apparently thinks writing node.js was a mistake [...] Interesting he's also from Rochester or just went to school there [as Graveley] is from there [and] they're about the same age..."

NPM was acquired by GitHub two years after the Microsoft acquisition. It was mentioned by Nat Friedman on 16 March 2020.

According to our source, TJ's "complaints about node.js mostly seemed technical, but who knows..."

As a side note, it's worth mentioning that node.js and OpenJS became a Microsoft infiltration vector inside the Linux Foundation, as noted in Techrights several times in the past.

Now that the FSF and SFC are writing a lot more about Copilot (see links in the summary above) we intend to revisit the topic, probably some time next Monday. Graveley will walk into the darkness or some prison cell while we're left to pick up and grapple with the damage he and his "best friends" the Friedmans have caused.

Recent Techrights' Posts

Google as a 'Bullshit Generator' Disguised as Intelligence
It'll probably cause Google to get sued a lot, both by individuals and companies
As Expected, Google in the UK Now Experiments With Slop Instead of Web Search
At this point more people ought to stop and think: Does Google's search engine deserve trust?
Sabotaging Linux on Behalf of Microsoft With UEFI 'Secure' Boot (De Facto Remote 'Kill Switch'), Then Defaming, Stalking and Harassing Critics of 'Secure' Boot for 12 Years, Then SLAPPing Their Spouses and Them
The sorts of stubborn lunatics we've been dealing with
 
For Second Day in a Row, Top Story in The Register MS is "Microsoft Says"
The editor in chief exercises control over everybody else
LLMs as Attack Method Against Free Software and Programming
DDoS in "hey hi" (slop) clothing
Stability and Reliability, Backward Compatibility
I don't fancy relying on social control media as "sources"
What "the News" Looks Like in 2025
The "says" (or "sez") phenomenon
History Will Be Distorted, Sometimes Intentionally, Under the Guise of Intelligence (Manipulated/Curated Slop)
Militarised misinformation or military-grade chaff is a national security threat, even domestically
Financial Engineering Companies: A Company Worth 4 Trillion Dollars Would Not Borrow 100+ Billion Dollars at Interest Rates Like Today's
Many headlines perpetuate the lie Microsoft had just 2 waves of layoffs
Microsoft is Googlebombing "Linux" While Paying Former News Sites to Publish SPAM
How much lower will IDG sink?
The Data You Don't Give Away is Your Advantage
stop sharing data that does not need to be shared
Being Obedient or Doing the Right Thing
The world always changes for the better because of people who think "Outside the Box", not the cogs
Gemini Links 01/08/2025: Happy Hacking Keyboards and New Gemini Arrivals
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 31, 2025
IRC logs for Thursday, July 31, 2025
Moving on in Techrights, Geeks Gonna Geek
In the coming weeks we plan to focus (as we explained last week) on patents, GNU/Linux issues, and the occasional philosophical essays
Slopwatch: Google News Has Lost the Plot
Almost the majority of articles returned for "Linux" are fakes
Links 31/07/2025: Australia Restricts YouTube Access, Personal Privacy at Risk
Links for the day
Links 31/07/2025: Spotify Collapses and Spotify Now Forcing Some Users to Undergo Face-Scanning
Links for the day
A Lot of Supposedly "Successful" Businesses Are Just Debt-Racking Vessels Without Any Prospects of Financial Sustainability
The probability of bankruptcy of any business is more than 0%
theregister.com: The Voice of Microsoft US?
It basically sold out
Yes, You Can Love and Adore Things Whilst Also Criticising Them
Is society being divided and groomed/primed to be resistant to constructive criticism?
Links 31/07/2025: War in Ukraine, Security News, and Cyberattacks Against Journalists on the Rise
Links for the day
Gemini Links 31/07/2025: Fake Money and Gemini Diaries
Links for the day
An Illusion and Cult Worship of Magnitude (Ubiquity as "Victory")
GNU has been around for over 40 years and it'll likely continue to exist for another 40 (in some form)
Google: From Pointing to Relevant Sites to Pointing to Social Control Media to Actually Parroting Social Control Media as "Facts"
Google has become a misinformation company
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 30, 2025
IRC logs for Wednesday, July 30, 2025
How to Report Apple Layoffs Without Saying the "L" Word
don't look for the "L" word
Wall Street Does Not Care About Microsoft's Impending (August) Layoffs, It Believes Lies From Microsoft, Whose Debt Grows Rapidly
If Microsoft is doing so well and swimming in money, why so many cuts (about 29,000 layoffs so far this year)?
Wayland Considered Harmful (to GNU/Linux Adoption)
it's not limited to games
My Experience With Judges Has been Positive, But We Must Still Pursue SLAPP Reform in the United Kingdom
We believe it'll be a "feather in the cap" if we can help change laws in the UK to better protect investigative reporters
Slopwatch Makes the Web Better
Remember what happened to BetaNews?
Slopwatch: Google News is Pumping in Lots of Web Traffic Into Fake Sites That Say "Linux"
somewhere between 30% and 40% of today's "news" about "Linux", as seen by Google News, is LLM slop
Links 30/07/2025: Climate Calamities Highlighted, Kyrgyzstan Crackdown on Expression/Freedoms
Links for the day
Gemini Links 30/07/2025: Watson’s List of Limits, Lysenko 2000
Links for the day
Riot for peace & Love: Catholic Influencers and Digital Missionaries welcome Jubilee of Youth
Reprinted with permission from Daniel Pocock
Some People See What Others See... But Only 40 Years Later
When people deviate from "the norm" they typically get ridiculed and dismissed as "crazy"
Links 30/07/2025: Tea Class Action and Google Killing the Web With Slop
Links for the day
Last Month Our IRC Community Turned 17
Funnily enough we never missed a single day when it comes to logging
"The Unix Kernel"
Linux was inspired by MINIX
The Register Relays Microsoft Marketing, Dubs That Marketing "Research"
Hours ago they did a "Microsoft sez" piece
Dealing With Sociopaths, Liars, and Cranks
A dysfunctional society such as this would never develop
Not Owning Mobile Phones
It's not about resistance; it's common sense
Google 'Search' is Fast Becoming No Better Than Social Control Media Infested With Bots
Google emerged almost 30 years ago as a company looking to organise the Web and direct people towards informative pages. That Google is dead.
PCLinuxOS Had Functional Backups Before the House Fire, the Site Will be Restored in New Webhost
This is the direction we want for GNU/Linux, not some IBM sales strategy
Gemini Links 30/07/2025: Two Sides of Me and "Hooked on Cosmic Voyage"
Links for the day
Microsoft Will Continue Resorting to Crimes in Order to Keep GNU/Linux Usage Down
It is a real problem and we'll revisit it later this week
GAFAM 'Revolving Doors' at The Register and a "Bribe Price List"
"an analyst at Microsoft"
Microsoft Rapidly Shrinking (No, It's Not About Efficiency, It's About Unbearable Debt)
We'll soon see how much debt grew in the past quarter
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 29, 2025
IRC logs for Tuesday, July 29, 2025
Corruption is the Standard Operating Procedure at the European Patent Office (EPO)
The EPO is a dictatorship that stains Europe
Local Staff Committee Munich (LSCMN) at the European Patent Office (EPO) Requests an Urgent Meeting to Avoid Abolishing the Office
This is dictatorship led by the most corrupt
Slopwatch: Fake 'Linux' 'Articles' and Spamfarms/Slopfarms
at least 5 fake articles in one day