Bonum Certa Men Certa

Microsoft GitHub Exposé — Part XVIII — The Story of NPM

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism... and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub


  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman's Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)


  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation


  16. Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on
  17. Microsoft GitHub Exposé — Part XVII — Backsliding Into 1990s-Style Digital Slavery by Microsoft
  18. YOU ARE HERE ☞ The Story of NPM


GitHub: Where everything comes to die



Summary: The time seems right to resume this series, more so now that the Software Freedom Conservancy (SFC) [1, 2] and the Free Software Foundation (FSF) [1, 2, 3] grapple with the legal chaos caused by Team Mono inside Microsoft's GitHub

A few years ago Microsoft bought NPM through its tentacle (mind the pun!) known as GitHub, in effect controlling more of the "supply chain" while hiring NSA veterans to run GitHub. This is a major security fiasco, a blunder in the making. Remember that when NPM ships malware the media rushes to blame the victims (like GNU/Linux users who receive that malware) instead of blaming the company responsible for actually sending that malware. Meanwhile, with GitHub Actions, many projects have foolishly outsourced the build process to "the clown" -- in essence losing control of the compiler, instead trusting Microsoft and the NSA to manage that for them. It's a sort of subsidy (selling CPU cycles) in exchange for control. Who by? Microsoft.

It has been months since we published the arrest record of Balabhadra (Alex) Graveley, whom we'll leave outside it for a moment. He has court hearings and it's possible he'll be behind bars for a very long time. Those who were connected to him or defended him have long regretted it, possibly left their job, or "resigned" to avoid public embarrassment. We'll come back to them later in this series and maybe we'll have some updates from the courts.

"Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities)."As the state of journalism in general (not just on technical matters) is so appalling these days little actual investigation of the NPM takeover was conducted. Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities).

A rather reliable source recently told us a few details about the NPM story; "I remember all that drama with TJ Holowaychuk leaving the NPM scene," our sourced recalled. "Wondering if that was related to Microsoft acquiring NPM."

What shocked me most at the time was the lack of press coverage or scrutiny. Like nothing actually happened! Or like it didn't matter...

"A bit off topic but that whole event seemed strange," our source noted. The motivation is still barely known or explored; it's shrouded in mystery as there's no actual business model other than taking control of people. NPM wasn't about making money; the same was true about GitHub. The way we see it, Microsoft is trying to swallow all the code and repos as well (NPM). It's about control.

"The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict."TJ's [Holowaychuk] departure "was a pretty big event," our source explained. "At that point in time TJ had written like 60% of the node.js projects that everyone uses. Mostly by himself. Some people thought he wasn't a real person for a long time. Like they thought he was a collective..."

The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict. They can remotely take over all sorts of things. Remember that they hired from the NSA for GitHub management. This is all very well documented. What sort of company would do this??? Heck, they can even plant back doors in downloads, custom-made or tailored to specific downloaders, never mind the above-mentioned compilation process. Why would anyone trust Microsoft after the NSA leaks? They work hand-in-glove with the NSA on back doors.

"TJ is just a legend and influenced my personal coding style," our source told us. "There was another issue with the guy who originally wrote node.js [...] He wrote it then quit [...] Joyent hired him..."

"Ryan Dahl apparently thinks writing node.js was a mistake [...] Interesting he's also from Rochester or just went to school there [as Graveley] is from there [and] they're about the same age..."

NPM was acquired by GitHub two years after the Microsoft acquisition. It was mentioned by Nat Friedman on 16 March 2020.

According to our source, TJ's "complaints about node.js mostly seemed technical, but who knows..."

As a side note, it's worth mentioning that node.js and OpenJS became a Microsoft infiltration vector inside the Linux Foundation, as noted in Techrights several times in the past.

Now that the FSF and SFC are writing a lot more about Copilot (see links in the summary above) we intend to revisit the topic, probably some time next Monday. Graveley will walk into the darkness or some prison cell while we're left to pick up and grapple with the damage he and his "best friends" the Friedmans have caused.

Recent Techrights' Posts

Rust is Starting to Seem More Like Microsoft-hosted "Digital Maoism", Not a Legitimate Effort to Improve Security
Maybe this is very innocent, but they seem to have taken a solid, stable program from a high-profile Frenchman and looked for ways to marry it with GitHub, i.e. Microsoft/NSA
 
Links 08/05/2025: Mass Layoffs at Google Again, India/Pakistan Tensions Continue to Grow, New Pope (US) Selected
Links for the day
"Victory Day" - Part I: That is the Day Microsofters Who Assault Women Pay for Their Actions in Foreign Land (Using "Guns for Hire" Who Attack Their Own Country for American Dollars)
Adding a friend from Microsoft to the docket didn't help
Gemini Links 08/05/2025: Practical Gemini Use Case, Shutdown of the Blanket Fort Webring
Links for the day
Links 08/05/2025: "Slop Presidency", US Government Defunds Public Broadcasting
Links for the day
Lasse Fister, Organiser of Libre Graphics Meeting, Points Out the Code of Conduct is Likely Violated by the Same People Who Promote Codes of Conduct (and Then Bully Him Into Cancelling a Keynote)
I am starting to see Lasse Fister as another victim
LLM Slop Attacks Not Only Sites of Free Software Projects But Also Bug Reporting Systems (Time-wasting, in Effect "DDoS")
Microsoft, the leading purveyor and promoter of slop, is a cancer
The Richard Stallman (RMS) "European Tour" Carries on In Spite of the Nuremberg Incident
Some people spoke about how they saw yesterday's talk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 07, 2025
IRC logs for Wednesday, May 07, 2025
The CoC Means the Founder of GNU/Linux Cannot Talk and a 72-Year-Old Man With Cancer is Somehow a "Safety" Risk?
Those who don't like RMS are not forced to attend his talks
Gemini Links 07/05/2025: A Shopping Spree and Digital Gardening
Links for the day
Links 07/05/2025: Pegasus Guilty and a Path Towards EU Without Russian Energy
Links for the day
People Used to Talk
If pets can live a measurably happy life without gadgets and "apps", why can't humans?
Outsourcing GNU/Linux to Microsoft GitHub Promoted by Microsoft LLM Slop and Army Officers
Something doesn't seem right
Weaponisation of For-Profit Dockets - Part III: No More Media Lawsuits From Brett Wilson LLP This Year, One Can Only Guess Why
People leak a lot of material to Techrights because they know, based on the track record, that the sources will be protected and whatever gets published will stay online, in full, no matter how stubborn an effort (even lawsuits and blackmail) will be sent its way
Gemini Links 07/05/2025: Adopting GrapheneOS, Further Enshittification of Flickr
Links for the day
Links 07/05/2025: CISA Gutted, Debt-Saddled (Likely Insolvent) 'Open' 'AI' (Proprietary Slop) Faking Its Financial State Again
Links for the day
Finland, Lithuania, and Latvia Fortify Their Digital Border With GNU/Linux
This month's data from statCounter is particularly interesting near the Baltic Sea
The European Patent Office (EPO) Has a Very Profound Corruption Issue, Far More Urgent an Issue Than Pronouns
a rather long document
Richard Stallman Gives Public Talk at Technical University of Liberec, Czech Republic
"For programs that you could run, and for network services that could do your own computing, under what circumstances is it reasonable to trust them?"
Today We Turn 18.5
The eighteenth "and a half" anniversary
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 06, 2025
IRC logs for Tuesday, May 06, 2025
Microsoft Finally Admits That XBox is ****
In this case, "enshittification" is an understatement
Another Wave of Microsoft Layoffs Comes Shortly. Microsoft Propaganda Sites and Slopforms Powered by Microsoft LLMs Already Spew Out Face-Saving Nonsense.
Based on last month's leak, some very extensive layoffs are now imminent [...] Perhaps we can expect a lot of noise, some of it spewed out by bots, to distract from or belittle the impending mass layoffs
Ubuntu Becomes Microsoft GitHub, Based on Decision Made by British Army Officer
You're hopeless, Canonical
Slopwatch: Microsoft Slop, Anti-Linux Slop, and IBM Marketing Itself as a Slop Company
Microsoft-controlled LLM spewing out garbage about "Linux"
Links 06/05/2025: Microsoft's Assassination of Skype After Years of Failure, Slop Hallucinations Are Getting Worse
Links for the day
Links 06/05/2025: Changing Places and StarGrid for PalmOS
Links for the day
Windows and Microsoft Causing Serious Data Breaches, Media Rushes to Blame That on "Linux" Somehow
While selling us some rusty old propaganda about how moving to Microsoft GitHub (Rust) will improve security
Making Site Archives More Easily Accessible (Approaching 50,000 Blog Posts)
Efforts to censor us have always backfired badly
Weaponisation of For-Profit Dockets - Part II: Hiding Behind Lawyers and Barristers Who Lack Standards so as to Engage in Classic Corporate Extortion
They're trying to scare people and they misuse their licence to operate
Links 06/05/2025: LLMs/Chatbots Attract More Scrutiny (Getting Worse Over Time), PwC Has Many Layoffs
Links for the day
Thanks for listening. How can this Morse feed be further improved?
Right now any and all feedback on the audio would be helpful
statCounter: Bing's Market Share Lower Right Now Than It Was When LLM Hype Began (With "Bing Chat")
If anybody gains at Google's expense in search, it is BRICS' alternatives such as Yandex
Gemini Links 06/05/2025: Failure and Proxmox Cluster
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 05, 2025
IRC logs for Monday, May 05, 2025