Bonum Certa Men Certa

Microsoft GitHub Exposé — Part XVIII — The Story of NPM

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism... and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub


  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman's Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)


  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation


  16. Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on
  17. Microsoft GitHub Exposé — Part XVII — Backsliding Into 1990s-Style Digital Slavery by Microsoft
  18. YOU ARE HERE ☞ The Story of NPM


GitHub: Where everything comes to die



Summary: The time seems right to resume this series, more so now that the Software Freedom Conservancy (SFC) [1, 2] and the Free Software Foundation (FSF) [1, 2, 3] grapple with the legal chaos caused by Team Mono inside Microsoft's GitHub

A few years ago Microsoft bought NPM through its tentacle (mind the pun!) known as GitHub, in effect controlling more of the "supply chain" while hiring NSA veterans to run GitHub. This is a major security fiasco, a blunder in the making. Remember that when NPM ships malware the media rushes to blame the victims (like GNU/Linux users who receive that malware) instead of blaming the company responsible for actually sending that malware. Meanwhile, with GitHub Actions, many projects have foolishly outsourced the build process to "the clown" -- in essence losing control of the compiler, instead trusting Microsoft and the NSA to manage that for them. It's a sort of subsidy (selling CPU cycles) in exchange for control. Who by? Microsoft.

It has been months since we published the arrest record of Balabhadra (Alex) Graveley, whom we'll leave outside it for a moment. He has court hearings and it's possible he'll be behind bars for a very long time. Those who were connected to him or defended him have long regretted it, possibly left their job, or "resigned" to avoid public embarrassment. We'll come back to them later in this series and maybe we'll have some updates from the courts.

"Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities)."As the state of journalism in general (not just on technical matters) is so appalling these days little actual investigation of the NPM takeover was conducted. Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities).

A rather reliable source recently told us a few details about the NPM story; "I remember all that drama with TJ Holowaychuk leaving the NPM scene," our sourced recalled. "Wondering if that was related to Microsoft acquiring NPM."

What shocked me most at the time was the lack of press coverage or scrutiny. Like nothing actually happened! Or like it didn't matter...

"A bit off topic but that whole event seemed strange," our source noted. The motivation is still barely known or explored; it's shrouded in mystery as there's no actual business model other than taking control of people. NPM wasn't about making money; the same was true about GitHub. The way we see it, Microsoft is trying to swallow all the code and repos as well (NPM). It's about control.

"The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict."TJ's [Holowaychuk] departure "was a pretty big event," our source explained. "At that point in time TJ had written like 60% of the node.js projects that everyone uses. Mostly by himself. Some people thought he wasn't a real person for a long time. Like they thought he was a collective..."

The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict. They can remotely take over all sorts of things. Remember that they hired from the NSA for GitHub management. This is all very well documented. What sort of company would do this??? Heck, they can even plant back doors in downloads, custom-made or tailored to specific downloaders, never mind the above-mentioned compilation process. Why would anyone trust Microsoft after the NSA leaks? They work hand-in-glove with the NSA on back doors.

"TJ is just a legend and influenced my personal coding style," our source told us. "There was another issue with the guy who originally wrote node.js [...] He wrote it then quit [...] Joyent hired him..."

"Ryan Dahl apparently thinks writing node.js was a mistake [...] Interesting he's also from Rochester or just went to school there [as Graveley] is from there [and] they're about the same age..."

NPM was acquired by GitHub two years after the Microsoft acquisition. It was mentioned by Nat Friedman on 16 March 2020.

According to our source, TJ's "complaints about node.js mostly seemed technical, but who knows..."

As a side note, it's worth mentioning that node.js and OpenJS became a Microsoft infiltration vector inside the Linux Foundation, as noted in Techrights several times in the past.

Now that the FSF and SFC are writing a lot more about Copilot (see links in the summary above) we intend to revisit the topic, probably some time next Monday. Graveley will walk into the darkness or some prison cell while we're left to pick up and grapple with the damage he and his "best friends" the Friedmans have caused.

Recent Techrights' Posts

Apparently Confirmed: IBM Layoffs in Canada Today, Hundreds Affected
Impacting "177 people", says one person, "in Ottawa"
[Video] Dr. Richard Stallman's Keynote Speech in Kerala Finally Uploaded
In non-free format and proprietary YouTube, but perhaps that's better than nothing
 
Microsoft Canonical Continues Its FUD (Fear, Uncertainty, Doubt) Campaign, Reveals Google Too Sponsored It
They're paid-for lies from a Chinese company that takes GAFAM money to write puff pieces about them
Android Rises Above 76% in Mozambique, Leaving Windows in the Dust
Windows may soon be measured as smaller than Apple's iOS
IBM, Red Hat and Microsoft Probably Also Manipulate Metrics (It Helps Con the Shareholders)
Wall Street's credibility will depend on enforcement of "checks and balances"
Slopwatch: trendhunter.com and Other Pure Junk From "Google News"
The need to vet sources is hardly new; anyone can spew out anything, anywhere. There's a need for vetting.
Gemini Links 28/03/2025: Rewatching The X-Files, Slop Concerns, and NOSTR Censorship
Links for the day
Links 28/03/2025: Australia at Risk, EPO Grants Illegal Patents With Illegal Effect
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, March 27, 2025
IRC logs for Thursday, March 27, 2025
Links 27/03/2025: Obituary to a Shop, Russia Trying to Buy Time
Links for the day
Links 27/03/2025: Slop, Autosuggestions, and Nostr
Links for the day
When Windows Was Dominant (1990s) Browser Monopoly Meant MSIE, But Now Google Android is Dominant and the Web in a 'Webapps' Era Works With (or Is Designed for) Chrome-isms
We've been there before
Slopwatch: BetaNews, LinuxSecurity.com, and the Attack on Web Search Using Fake and Likely Plagiarised Pages
Changing a few words here and there won't change the fact that it's not properly authored
Links 27/03/2025: U.S. Honeybee Deaths Reach Record High, Legal Occupation Next in Line After War on Science
Links for the day
Using Courts for 'Revenge' is Always a Losing Strategy
Trying to cause someone you dislike to spend a lot of money
IBM CFO James Kavanaugh Refers to Firing of Almost 10,000 Americans as "Workforce Rebalancing" (Shifting IBM's Centre of Balance to Low-salary Contracts/Countries)
The scale of IBM layoffs is getting too large to evade WARN Notices
Islands Are Leaving Microsoft Behind, According to statCounter
Android has had a very strong year
EPO Management Fails to Deny That the Office is Discriminating Against Women
Europe's second-largest institution isn't just exceedingly corrupt but also immoral
In Some Countries the Market Share of Vista 11 is Going Down, Not Up
despite being released in 2021
Rumour: Mass Layoffs in IBM Canada Today
Maybe later today some people from Canada will say something firmer and maybe some media will even talk about that
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 26, 2025
IRC logs for Wednesday, March 26, 2025
Gemini Links 27/03/2025: X-Files' "Kill Switch", Orlando, and ASN (Autonomous System Number) 'Hack'
Links for the day
Links 26/03/2025: Healthcare Cuts and Turkey's Own "2025 Project" (Culling Opposition)
Links for the day
LLM Slopfarm: A Site's Last Incarnation Before Throwing in the Towel, Going Offline Permanently
A lot of coverage that claims to be about Finland is chatbot-generated nonsense or poorly-plagiarised work
Microsoft Canonical Pays IDG to Spread FUD (Fear, Uncertainty, Doubt)
this seems a tad exploitative and reminds us of the time Novell kept telling companies that using anything other than SUSE was dangerous
Gemini Links 26/03/2025: GTD, Zenshuu, and Geminispace Community
Links for the day
Links 26/03/2025: Media's Failures, Arrests of Journalists, Limitations of End-to-End Encryption
Links for the day
LLM Slop (Lots of It Spewed Out by Microsoft) Versus Linux
Microsoft is a very, very evil company. It doesn't mind destroying the Web if there's a chance it'll make a buck in the process or mess up people's brains (in Microsoft's favour).
Slopfarms (Sites That Only Ever Publish LLM Slop) Are Killing Google News
pair of slopfarms still propped up by Google News
Microsoft's Serial Strangler's Law Firm Has a Long History of Fronting for People Who Do Bad and/or Illegal Things
Whose terrible idea was this?
Novell and Microsoft Apologist/Booster Bruce Byfield Writing About the FSF is a Recipe for Problems
Totally not shoehorning some agenda
Looking Forward to the Fall of UPC and Revocation of the Unified Patent Court (UPC) Agreement, Which Was Always Illegal and Unconstitutional
We'll try to keep abreast of any progress in this case
Slopwatch: Google News, LinuxSecurity.com, and the General Demise of the Web
many supposed or so-called "news" pages are just spewed out by some chatbots (or tools which help plagiarise original articles without getting caught; detection gets harder)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 25, 2025
IRC logs for Tuesday, March 25, 2025