Bonum Certa Men Certa

Microsoft GitHub Exposé — Part XVIII — The Story of NPM

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism... and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub


  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman's Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)


  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation


  16. Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on
  17. Microsoft GitHub Exposé — Part XVII — Backsliding Into 1990s-Style Digital Slavery by Microsoft
  18. YOU ARE HERE ☞ The Story of NPM


GitHub: Where everything comes to die



Summary: The time seems right to resume this series, more so now that the Software Freedom Conservancy (SFC) [1, 2] and the Free Software Foundation (FSF) [1, 2, 3] grapple with the legal chaos caused by Team Mono inside Microsoft's GitHub

A few years ago Microsoft bought NPM through its tentacle (mind the pun!) known as GitHub, in effect controlling more of the "supply chain" while hiring NSA veterans to run GitHub. This is a major security fiasco, a blunder in the making. Remember that when NPM ships malware the media rushes to blame the victims (like GNU/Linux users who receive that malware) instead of blaming the company responsible for actually sending that malware. Meanwhile, with GitHub Actions, many projects have foolishly outsourced the build process to "the clown" -- in essence losing control of the compiler, instead trusting Microsoft and the NSA to manage that for them. It's a sort of subsidy (selling CPU cycles) in exchange for control. Who by? Microsoft.

It has been months since we published the arrest record of Balabhadra (Alex) Graveley, whom we'll leave outside it for a moment. He has court hearings and it's possible he'll be behind bars for a very long time. Those who were connected to him or defended him have long regretted it, possibly left their job, or "resigned" to avoid public embarrassment. We'll come back to them later in this series and maybe we'll have some updates from the courts.

"Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities)."As the state of journalism in general (not just on technical matters) is so appalling these days little actual investigation of the NPM takeover was conducted. Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities).

A rather reliable source recently told us a few details about the NPM story; "I remember all that drama with TJ Holowaychuk leaving the NPM scene," our sourced recalled. "Wondering if that was related to Microsoft acquiring NPM."

What shocked me most at the time was the lack of press coverage or scrutiny. Like nothing actually happened! Or like it didn't matter...

"A bit off topic but that whole event seemed strange," our source noted. The motivation is still barely known or explored; it's shrouded in mystery as there's no actual business model other than taking control of people. NPM wasn't about making money; the same was true about GitHub. The way we see it, Microsoft is trying to swallow all the code and repos as well (NPM). It's about control.

"The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict."TJ's [Holowaychuk] departure "was a pretty big event," our source explained. "At that point in time TJ had written like 60% of the node.js projects that everyone uses. Mostly by himself. Some people thought he wasn't a real person for a long time. Like they thought he was a collective..."

The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict. They can remotely take over all sorts of things. Remember that they hired from the NSA for GitHub management. This is all very well documented. What sort of company would do this??? Heck, they can even plant back doors in downloads, custom-made or tailored to specific downloaders, never mind the above-mentioned compilation process. Why would anyone trust Microsoft after the NSA leaks? They work hand-in-glove with the NSA on back doors.

"TJ is just a legend and influenced my personal coding style," our source told us. "There was another issue with the guy who originally wrote node.js [...] He wrote it then quit [...] Joyent hired him..."

"Ryan Dahl apparently thinks writing node.js was a mistake [...] Interesting he's also from Rochester or just went to school there [as Graveley] is from there [and] they're about the same age..."

NPM was acquired by GitHub two years after the Microsoft acquisition. It was mentioned by Nat Friedman on 16 March 2020.

According to our source, TJ's "complaints about node.js mostly seemed technical, but who knows..."

As a side note, it's worth mentioning that node.js and OpenJS became a Microsoft infiltration vector inside the Linux Foundation, as noted in Techrights several times in the past.

Now that the FSF and SFC are writing a lot more about Copilot (see links in the summary above) we intend to revisit the topic, probably some time next Monday. Graveley will walk into the darkness or some prison cell while we're left to pick up and grapple with the damage he and his "best friends" the Friedmans have caused.

Recent Techrights' Posts

More Microsoft-Red Hat Cross-Pollination as the Company Loses a Managing Director
some people move from Microsoft to Red Hat and some do the opposite
Cloudflare Gives Us All Another Reason to Boycott Cloudflare
If Cloudflare wants to use its vast surveillance network (which is what it does as a CDN) to foist paywalls and maybe something worse (like DRM on top), then Cloudflare should be more widely rejected as a company
The Free Software Foundation (FSF) Has Un-cancelled the Best People, Just in Time for the Big 4-0
Mr. Oliva should have been there all along (since 2019)
Most "Modern" Technology Makes You Slower and Dumber
Because proprietary software makes you worse off
"What Comes After Free Software?" Wrongly Insinuates We've Reached the Goal (Prison is Not the Goal)
The oil tycoons use similar tactics against environmentalists, giving them fake "wins"
Making More Work Space
I learned the hard way that less is more in circumstances where more means distraction
MAHA is a Lie, Public Officials Never Valued Citizens' Health (They Still Value Private Businesses, Their Sponsors)
Reject demagogues
 
Science is Under Attack
Oligarchy prefers a dumbed-down population
Someone Expiring Certificates on the Day of the 9/11 Attacks is Not Someone I Would Want Controlling My PC (or Deciding What's Authorised for Booting)
"social justice warriors"
The Solicitors Regulation Authority (SRA) Has Reportedly Failed People With Wrong Advice
At the moment the SRA has a PR blunder
The Man Suing Brett Wilson LLP and Gervase de Wilde (5RB)
Now he's probably using the (almost) 200,000 pounds he's supposed to receive to sue Brett Wilson LLP and former colleagues/partners
Slopwatch: A World Wide Web That's Rotting for Companies That Won't Even Exist in a Few Years
some of the junk Google News is promoting
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 23, 2025
IRC logs for Tuesday, September 23, 2025
Links 24/09/2025: Qt Creator 18 Beta, Microsoft Cannot Bail Out "ChatGPT" Anymore, China and US Intensify Censorship
Links for the day
Gemini Links 24/09/2025: Gemlogs and Politics
Links for the day
Links 23/09/2025: Japan Limits Uses of Skinnerboxes ('Smartphones') With Toxic "Apps", Fentanylware (TikTok) Tapped by "MAGAts"
Links for the day
Brett Wilson LLP Has Just Been Sued (by Their Own Clients!)
Vladimir and Alla Yanpolsky sued Brett Wilson LLP in BL-2025-001167 at the end of last week
The Complaint About Brett Wilson LLP - Part II - UK SLAPPs for Americans, SLAPPs for Profit
Brett Wilson LLP has a track record of this kind
Mayday: Optus emergency calling crisis
Reprinted with permission from Daniel Pocock
Links 23/09/2025: Massive Data Breach, Slop Versus Productivity, and Vista 11 Update Breaks Things Again
Links for the day
Code of Censorship
Extortion is peace
Free Software Foundation (FSF) Has a New Press Kit for the Weekend After Next Weekend (40th Anniversary)
miles better than social [sic] media [sic] quips, moderated by narcissists and oil tycoons.
Microsoft Had Two Waves of Mass Layoffs This Month (That We Know of) and It'll Get Worse for Microsoft Soon
Will the axe fall again by month's end?
Gemini Links 23/09/2025: Happy Equinox, Photronic Arts, and Perception Cognition
Links for the day
Lessons We've Learned After 17 Years of American Hosting
GAFAM is "all-in" with the "Trump agenda"
Back to Normal Now, We Plan to Do More In-Depth Series (or Multi-part Stories)
Articles (or series thereof) that contain philosophy are important to us
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 22, 2025
IRC logs for Monday, September 22, 2025
Microsoft Media is Panicking Amid Mass Layoffs Every Month, H-1B Fees, and "Seattle’s Tech Scene in Trouble"
In "late stage Microsoft", copyleft becomes proprietary
The Next Wave of IBM/Red Hat Layoffs Being Discussed Already
Red Hat is sort of disappearing the way Tivoli did
New Techrights Turns 2
Today starts the third year of the SSG-based Techrights
What Scares Them the Most is Independent News Sites That They Cannot Control and Censor
Wikileaks was a good example of this
If You Don't Control Your Online Platform, Then Someone Else is Controlling You
be (or become) independent
Oracle Started This Year With Slop. Then It Stopped.
Passing fads are like this
Distros That Run on PCs Made 20 Years Ago and Don't Use Systemd
Betas for now
The Solicitors Regulation Authority (SRA) Has a Policy on Racism and Sexism
In then future we'll show the misogyny and racial slurs
The Complaint About Brett Wilson LLP - Part I - Abusing British Women on Behalf of American Men Who Abuse American Women
Transparency is important to us, so we've decided to make this series
Slopwatch: Google News and the Evident Slopfarm Infestation
This is what people get about Linux when they query Google for Linux
Links 22/09/2025: Murdochs Might Join Fentanylware (TikTok) 'Investors' (Masters), United Kingdom Recognises Palestinian Statehood
Links for the day
Gemini Links 22/09/2025: Esperanto Music History and Apps For Android
Links for the day
Links 22/09/2025: More American 'Censorship' (Retaliation for Journalism), Cheeto "Might Be Losing His Race Against Time"
Links for the day
The Blob Slop
Give me more words, give me some text
The 50-Pound Note Experiment and the "War on Cash"
Britain is actually seeing a rebound in cash payments, and it's not a temporary phenomenon
Slopwatch: Blaming the Victims for Microsoft's Failures and Plagiarising Phoronix
That's what Google has been reduced to: slop and slopfarms
Links 22/09/2025: Breaches, Windows TCO, and Arrests
Links for the day
Gemini Links 22/09/2025: Rabbit Hole and DeGoogling Fairphone
Links for the day
Links 22/09/2025: Russian War Planes Invade NATO Airspace While Dihydroxyacetone Man Escalates Attack on Free Speech Because of Critics
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 21, 2025
IRC logs for Sunday, September 21, 2025