Bonum Certa Men Certa

Microsoft GitHub Exposé — Part XVIII — The Story of NPM

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism... and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub


  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman's Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)


  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation


  16. Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on
  17. Microsoft GitHub Exposé — Part XVII — Backsliding Into 1990s-Style Digital Slavery by Microsoft
  18. YOU ARE HERE ☞ The Story of NPM


GitHub: Where everything comes to die



Summary: The time seems right to resume this series, more so now that the Software Freedom Conservancy (SFC) [1, 2] and the Free Software Foundation (FSF) [1, 2, 3] grapple with the legal chaos caused by Team Mono inside Microsoft's GitHub

A few years ago Microsoft bought NPM through its tentacle (mind the pun!) known as GitHub, in effect controlling more of the "supply chain" while hiring NSA veterans to run GitHub. This is a major security fiasco, a blunder in the making. Remember that when NPM ships malware the media rushes to blame the victims (like GNU/Linux users who receive that malware) instead of blaming the company responsible for actually sending that malware. Meanwhile, with GitHub Actions, many projects have foolishly outsourced the build process to "the clown" -- in essence losing control of the compiler, instead trusting Microsoft and the NSA to manage that for them. It's a sort of subsidy (selling CPU cycles) in exchange for control. Who by? Microsoft.

It has been months since we published the arrest record of Balabhadra (Alex) Graveley, whom we'll leave outside it for a moment. He has court hearings and it's possible he'll be behind bars for a very long time. Those who were connected to him or defended him have long regretted it, possibly left their job, or "resigned" to avoid public embarrassment. We'll come back to them later in this series and maybe we'll have some updates from the courts.

"Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities)."As the state of journalism in general (not just on technical matters) is so appalling these days little actual investigation of the NPM takeover was conducted. Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities).

A rather reliable source recently told us a few details about the NPM story; "I remember all that drama with TJ Holowaychuk leaving the NPM scene," our sourced recalled. "Wondering if that was related to Microsoft acquiring NPM."

What shocked me most at the time was the lack of press coverage or scrutiny. Like nothing actually happened! Or like it didn't matter...

"A bit off topic but that whole event seemed strange," our source noted. The motivation is still barely known or explored; it's shrouded in mystery as there's no actual business model other than taking control of people. NPM wasn't about making money; the same was true about GitHub. The way we see it, Microsoft is trying to swallow all the code and repos as well (NPM). It's about control.

"The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict."TJ's [Holowaychuk] departure "was a pretty big event," our source explained. "At that point in time TJ had written like 60% of the node.js projects that everyone uses. Mostly by himself. Some people thought he wasn't a real person for a long time. Like they thought he was a collective..."

The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict. They can remotely take over all sorts of things. Remember that they hired from the NSA for GitHub management. This is all very well documented. What sort of company would do this??? Heck, they can even plant back doors in downloads, custom-made or tailored to specific downloaders, never mind the above-mentioned compilation process. Why would anyone trust Microsoft after the NSA leaks? They work hand-in-glove with the NSA on back doors.

"TJ is just a legend and influenced my personal coding style," our source told us. "There was another issue with the guy who originally wrote node.js [...] He wrote it then quit [...] Joyent hired him..."

"Ryan Dahl apparently thinks writing node.js was a mistake [...] Interesting he's also from Rochester or just went to school there [as Graveley] is from there [and] they're about the same age..."

NPM was acquired by GitHub two years after the Microsoft acquisition. It was mentioned by Nat Friedman on 16 March 2020.

According to our source, TJ's "complaints about node.js mostly seemed technical, but who knows..."

As a side note, it's worth mentioning that node.js and OpenJS became a Microsoft infiltration vector inside the Linux Foundation, as noted in Techrights several times in the past.

Now that the FSF and SFC are writing a lot more about Copilot (see links in the summary above) we intend to revisit the topic, probably some time next Monday. Graveley will walk into the darkness or some prison cell while we're left to pick up and grapple with the damage he and his "best friends" the Friedmans have caused.

Recent Techrights' Posts

Richard Matthew Stallman, or rms (RMS), Turns 72 This Coming Weekend
This coming Sunday he deserves a cake
 
Links 13/03/2025: Calculators and Spreadsheets, Returning to a Human Internet
Links for the day
Links 13/03/2025: Further Assaults on Science and Education in the US
Links for the day
Expect XBox to Be Shut Down Like Skype
"hey hi"-washing fools nobody
Truth Hurts (Especially Some Dishonest and/or Greedy People), But Reporting Truth is What Makes Journalism Valuable to the General Public and Helps Protect Society From Abuse by Sociopaths or Pathological Liars
When it comes to reporting, we're on the side of female victims, not the men who strangle them.
New Paper Reveals the Web (and Net) Drowns in LLM Slop, "Linux" is Impacted Too
It will be getting harder to trust anything on the Web
Links 13/03/2025: RIP, Carl Lundström; Tesla (the Company, Not Scientist It Piggybacks) Besieged by Public Backlash
Links for the day
Gemini Links 13/03/2025: MElon "Greek Tragedy" and Going Offline More
Links for the day
Links 13/03/2025: COVID-19 Legacies and "Modern" Cars as Spying Machines on Wheels
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 12, 2025
IRC logs for Wednesday, March 12, 2025
The Fall of the Open Source Initiative (OSI): Microsoft-Sponsored OSI is Probably Not Even the Real Steward of the Open Source Definition, It's More Like an Identity Thief at This Point (Like "FSFE", a Microsoft-Sponsored Imposter of FSF)
As we'll show later, many people (even inside OSI) are very angry at the OSI right now
Gemini Links 12/03/2025: Cataloging Books, Ramen, and MElon
Links for the day
Links 12/03/2025: Anti-Union Actions and New Efforts at Truce/Ceasefire in Ukraine
Links for the day
Sponsored by Linux Foundation
All the pages are full of 'Linux' Foundation ads that are not about Linux
CodeWeavers Ads Weaved by LLM Slop at BetaNews
How much of this was even touched by a human being?
It's Hard to Dispose or Get Rid of Swasticars Now
'Memecars' only sell as long as people have a 'belief' in them
Springtime Plans
We currently have two long series underway
In Australia, iOS Estimated to be Bigger Than or Equal to Windows
Not even counting macOS
Brett Wilson LLP Does Not Deny Microsoft or Another "Third Party" Secretly Funds the SLAPPs Against Techrights, Bankrolling Despicable People Who Deserve Criticism
Writing about crime is not a crime
Gemini Links 12/03/2025: LLM Slop Lacks a Future, Wordle Clone Comes to Gemini Protocol
Links for the day
Using FUD That Blames "Linux" for Typos, Turning It Into LLM Slop That Blames "Linux" for Typos
It is probably the "leader" at LLM slop (fake 'articles') about "Linux"
Links 12/03/2025: Big Cuts to US Education and Science (e.g. NOAA)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 11, 2025
IRC logs for Tuesday, March 11, 2025
Crossbow murders: prevention, missed opportunities
Reprinted with permission from Daniel Pocock
This yt-dlp Bug Report Shows Us That the Future of YouTube is DRM and It's Time to Leave (yt-dlp Should Also Leave Microsoft GitHub, Which Censors YouTube Downloaders)
GAFAM traps aren't "free hosting"; they herd us all into a world of tollbooths and locks, surveillance and planned obsolescence (you own nothing, you only rent)
Ukraine Didn't Take Twitter/X Down, Microsoft or Windows Likely Did
There are many debunkings (to likely false accusations), but won't that just be another example of Windows TCO, exacerbated externally in the form of Windows botnets?
The Fall of the Open Source Initiative (OSI): Worse Than What the Media Has Focused on, Losing Sight of Who Owns and Runs the OSI
Members' dues are less than 3% of the income; where does the 97+ percent come from other than Microsoft?
Apple Seems to Have Run Out of Things to Boast About After Apple Vision Pro Failed Spectacularly
With "Apple Intelligence", Apple has finally named a product after what target customers lack
Slopwatch: Reckless FUD and Machine-Generated Spam from LinuxSecurity.com, cybersecuritynews.com, and gbhackers.com (Google Boosts LLM Slop About "Linux")
Google and so-called 'Google News' continue to yield anti-Linux misinformation
Gemini Links 11/03/2025: 'Chainsaw Politicians' and Proprietary Software Hell
Links for the day
Links 11/03/2025: Covid-19 5 Years On and Violence in Syria
Links for the day
Links 11/03/2025: NASA Besieged and "DOGE Has Become What It Claimed To Destroy"
Links for the day
Fresh IBM Layoffs Reported in Europe and North America, Jobs Allegedly Moved to South Asia (Low Salaries)
As usual, IBM does not talk about this
Illuminating Injustice is Critical When Reckless Microsofters and Law Firms Try to Silence Reporters of Violence Against Women
I want to clarify that I'm well within my right (and not running afoul of any rules) by explaining what goes on here
EPO Central Staff Committee: "The Strategy of the Office Lacks Transparency and Cannot be Understood"
Microsoft and the EPO violate data protection laws
Microsoft Has Not Much Left to Show Investors, Shares Fall Almost 20%
It's not even clear how Microsoft makes money anymore
Links 11/03/2025: Spring and Misfin Server
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 10, 2025
IRC logs for Monday, March 10, 2025