Bonum Certa Men Certa

Microsoft GitHub Exposé — Part XVIII — The Story of NPM

Series parts:

  1. Microsoft GitHub Exposé — Part I — Inside a Den of Corruption and Misogynists
  2. Microsoft GitHub Exposé — Part II — The Campaign Against GPL Compliance and War on Copyleft Enforcement
  3. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud
  4. Microsoft GitHub Exposé — Part IV — Mr. MobileCoin: From Mono to Plagiarism... and to Unprecedented GPL Violations at GitHub (Microsoft)
  5. Microsoft GitHub Exposé — Part V — Why Nat Friedman is Leaving GitHub


  6. Microsoft GitHub Exposé — Part VI — The Media Has Mischaracterised Nat Friedman's Departure (Effective Now)
  7. Microsoft GitHub Exposé — Part VII — Nat Friedman, as GitHub CEO, Had a Plan of Defrauding Microsoft Shareholders
  8. Microsoft GitHub Exposé — Part VIII — Mr. Graveley's Long Career Serving Microsoft's Agenda (Before Hiring by Microsoft to Work on GitHub's GPL Violations Machine)
  9. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him
  10. Microsoft GitHub Exposé — Part X — Connections to the Mass Surveillance Industry (and the Surveillance State)


  11. Microsoft GitHub Exposé — Part XI — Violence Against Women
  12. Microsoft GitHub Exposé — Part XII — Life of Disorderly Conduct and Lust
  13. Microsoft GitHub Exposé — Part XIII — Nihilistic Death Cults With Substance Abuse and Sick Kinks
  14. Microsoft GitHub Exposé — Part XIV — Gaslighting Victims of Sexual Abuse and Violence
  15. Microsoft GitHub Exposé — Part XV — Cover-Up and Defamation


  16. Microsoft GitHub Exposé — Part XVI — The Attack on the Autonomy of Free Software Carries on
  17. Microsoft GitHub Exposé — Part XVII — Backsliding Into 1990s-Style Digital Slavery by Microsoft
  18. YOU ARE HERE ☞ The Story of NPM


GitHub: Where everything comes to die



Summary: The time seems right to resume this series, more so now that the Software Freedom Conservancy (SFC) [1, 2] and the Free Software Foundation (FSF) [1, 2, 3] grapple with the legal chaos caused by Team Mono inside Microsoft's GitHub

A few years ago Microsoft bought NPM through its tentacle (mind the pun!) known as GitHub, in effect controlling more of the "supply chain" while hiring NSA veterans to run GitHub. This is a major security fiasco, a blunder in the making. Remember that when NPM ships malware the media rushes to blame the victims (like GNU/Linux users who receive that malware) instead of blaming the company responsible for actually sending that malware. Meanwhile, with GitHub Actions, many projects have foolishly outsourced the build process to "the clown" -- in essence losing control of the compiler, instead trusting Microsoft and the NSA to manage that for them. It's a sort of subsidy (selling CPU cycles) in exchange for control. Who by? Microsoft.

It has been months since we published the arrest record of Balabhadra (Alex) Graveley, whom we'll leave outside it for a moment. He has court hearings and it's possible he'll be behind bars for a very long time. Those who were connected to him or defended him have long regretted it, possibly left their job, or "resigned" to avoid public embarrassment. We'll come back to them later in this series and maybe we'll have some updates from the courts.

"Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities)."As the state of journalism in general (not just on technical matters) is so appalling these days little actual investigation of the NPM takeover was conducted. Some sites announced that Microsoft had taken over NPM and that was it (they actually said "GitHub" to perpetuate the illusion that Microsoft and GitHub are separate entities).

A rather reliable source recently told us a few details about the NPM story; "I remember all that drama with TJ Holowaychuk leaving the NPM scene," our sourced recalled. "Wondering if that was related to Microsoft acquiring NPM."

What shocked me most at the time was the lack of press coverage or scrutiny. Like nothing actually happened! Or like it didn't matter...

"A bit off topic but that whole event seemed strange," our source noted. The motivation is still barely known or explored; it's shrouded in mystery as there's no actual business model other than taking control of people. NPM wasn't about making money; the same was true about GitHub. The way we see it, Microsoft is trying to swallow all the code and repos as well (NPM). It's about control.

"The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict."TJ's [Holowaychuk] departure "was a pretty big event," our source explained. "At that point in time TJ had written like 60% of the node.js projects that everyone uses. Mostly by himself. Some people thought he wasn't a real person for a long time. Like they thought he was a collective..."

The way we saw it (at the time of the acquisition), NPM is a piece for Microsoft's "supply chain" plan, which also helps the NSA's objectives, especially at times of conflict. They can remotely take over all sorts of things. Remember that they hired from the NSA for GitHub management. This is all very well documented. What sort of company would do this??? Heck, they can even plant back doors in downloads, custom-made or tailored to specific downloaders, never mind the above-mentioned compilation process. Why would anyone trust Microsoft after the NSA leaks? They work hand-in-glove with the NSA on back doors.

"TJ is just a legend and influenced my personal coding style," our source told us. "There was another issue with the guy who originally wrote node.js [...] He wrote it then quit [...] Joyent hired him..."

"Ryan Dahl apparently thinks writing node.js was a mistake [...] Interesting he's also from Rochester or just went to school there [as Graveley] is from there [and] they're about the same age..."

NPM was acquired by GitHub two years after the Microsoft acquisition. It was mentioned by Nat Friedman on 16 March 2020.

According to our source, TJ's "complaints about node.js mostly seemed technical, but who knows..."

As a side note, it's worth mentioning that node.js and OpenJS became a Microsoft infiltration vector inside the Linux Foundation, as noted in Techrights several times in the past.

Now that the FSF and SFC are writing a lot more about Copilot (see links in the summary above) we intend to revisit the topic, probably some time next Monday. Graveley will walk into the darkness or some prison cell while we're left to pick up and grapple with the damage he and his "best friends" the Friedmans have caused.

Recent Techrights' Posts

GNOME Foundation is in Reliable Hands (Executive Director)
Growing some good in one's garden
'Confidential Computing'? More Like a Giant Back Door.
CacheWarp AMD CPU Attack Grants Root Access in Linux VMs
 
Links 03/12/2023: New 'Hey Hi' (AI) Vapouware and Palantir/NHS Collusion to Spy on Patients Comes Under Legal Challenge
Links for the day
IRC Proceedings: Saturday, December 02, 2023
IRC logs for Saturday, December 02, 2023
Links 03/12/2023: CRISPR as Patented Minefield, Lots of Greenwashing Abound
Links for the day
Over at Tux Machines...
GNU/Linux news
Professor Eben Moglen: In 1991 Richard Stallman Thought GNU/Linux Was Doomed Due to Software Patents
Back when Linus Torvalds was about to release Linux Prof. Moglen and Dr. Stallman had already spent years developing GNU and refining its licence, the GPL, which Linux would later adopt
Montana’s TikTok Ban Was to Protect Free Speech and the United States' First Amendment
TikTok does not embrace Free speech
GNU/Linux Surges to Almost 4% Worldwide on Desktops/Laptops, 2% in Latest Steam Survey (Ubuntu Not the Top Distro)
We've fortunately bet on a winning platform
Links 02/12/2023: ChatGPT Drowns in Bad Press, Censorship Worldwide Increases Some More
Links for the day
Cybercrimes and Online Abuse From Extremists and Militants on a VPN/Tor
A straitjacket or lobotomy won't solve this issue
Links 02/12/2023: Pfizer Sued for Lies About Efficacy, Censorship of Scientific Dissent, More Pfizer Layoffs
Links for the day
Selling Free Software
by Richard Stallman
[Meme] Screenshots of Web Pages (Relevant to One's Article) Are Not Copyright Infringing Anywhere in the World
bullying and hate crimes
IRC Proceedings: Friday, December 01, 2023
IRC logs for Friday, December 01, 2023
A Year of Doing Techrights 'Full Time'
been a year!
Microsoft and Its Boosters Worsen Linux Security
The circus goes on and on
Links 01/12/2023: Facebook Infested With Malicious Campaigns by Imposters, ACLU Gives Advice on Doxxing and Online Harassment
Links for the day
Just Like Its Budget Allocation, the Linux Foundation Devotes About 3% Of Its Latest Newsletter to Linux, Devotes More to Linux's Rivals
It's just exploiting the brand
Links 01/12/2023: Google Invokes Antitrust Against Microsoft
Links for the day
Over at Tux Machines...
GNU/Linux news
UK Government Allowing Microsoft to Take Over Activision Blizzard Will Destroy Jobs
Over 30,000 fired this year? More?
It's Cheaper to Pay Bribes (and Produce Press Releases) Than to Pay Fines (After Lots of Negative Publicity)
Does the UK still have real sovereignty or do corporations from overseas purchase decisions and outcomes?
November 2023 Over With GNU/Linux at All-Time Highs According to statCounter
ChromeOS+GNU/Linux combined are about 7% of the "market"
New Report Provides Numerical Evidence That Google Hired Too Many People From Microsoft (and Became Malicious, Evil, Sociopathic)
"Some 12,018 former Microsoft employees currently work for the search and data giant"
Google: Keep Out, Don't Save Your Files, and Also Let Us Spy on Everything You Do
Do you still trust "clown" storage?
IRC Proceedings: Thursday, November 30, 2023
IRC logs for Thursday, November 30, 2023
Links 01/12/2023: Many Suppressions in Hong Kong and Attempts to Legitimise Illegal and Unconstitutional Fake Patent 'Court' in EU (UPC)
Links for the day