
NPM staff fired after trying to unionize – complaints - adamnemecek
https://www.theregister.co.uk/2019/04/22/npm_fired_staff_union_complaints/#
======
evv
All of the drama around the npm firings has sparked an interesting discussion
in the JS community: does it even make sense to trust a for-profit corporation
with the world's supply of JS?

One of the creators of unpkg.com is considering a fork of the registry:
[https://twitter.com/mjackson/status/1119355707055165441](https://twitter.com/mjackson/status/1119355707055165441)

Meanwhile, yarn (a popular alternative to the npm client), uses a proxy to NPM
so they can change the default registry of all yarn clients, if they choose
to.

As it stands, npm is the centralized source of truth for all our JS packages,
and historical versions. We have no guarantees about the future of npm. Aside
from a relatively clean history, we have no reason to trust them. For every
dollar of VC money that they have taken, we have a reason to believe the
registry won't last in its current form. This is scary.

~~~
krapp
>does it even make sense to trust a for-profit corporation with the world's
supply of JS?

No. Javascript, despite its flaws, was already one of the freest, easily
accessible and deployable programming languages in existence. It flourished
throughout the web without any gatekeepers or centralized authority, and it
never _needed_ the ecosystem of overwrought complexity and BS that it has.

Not only does it not make sense for NPM to have de facto control over that
language through a single, proprietary registry and a single package manager,
it further makes no sense that in the intervening years, with all of the
issues NPM has had, no serious attempt at competition or re-decentralization
of the JS community has even been attempted.

Unfortunately, I feel like the baby has long ago been thrown out with the
bathwater, and NPM's ubiquity and network effect has made it "too big to
fail," despite failing constantly. Maybe we can just start over once NPM has
finally burned to the ground and taken the web with it.

~~~
mattmanser
I feel this is proved false by history, if npm wasn't needed because
everything was fine, it wouldn't have flourished.

~~~
krapp
You seem to assume that all successful projects succeed on their own merit in
a fair market, but that's not always the case. NPM's success is due in large
part to enterprise investment and hype. Part of the reason for enterprise
investment is controlling costs by not having to train or recruit developers
for another language besides Javascript, which was already commonplace.

And even if NPM did solve a needed problem, better solutions cannot be
considered due to those entrenched business interests and the extreme
centralization of the javascript community, not because NPM is already the
best possible solution to whatever problems it claims to solve.

JQuery was revolutionary in its own time, but you didn't see a JQuery
Foundation serving all JQuery plugins from a closed repository through a buggy
package manager that everyone was expected to use. It is possible to innovate
and not monopolize, but what NPM has done, at best, is monopolize innovation
and stop it dead in its tracks.

------
paxys
NPM Inc. last raised a Series A round in April 2015. Now, 4 years later, they
still have no business model, no revenue and no more funding. Even in their
very limited space there are competitors that perform better (Yarn).

At this point it's clear that a union isn't going to save NPM. The company is
really in no position to guarantee anyone anything.

~~~
the_duke
It's noteworthy though that they were able to operate for 4 years with a small
8 million series A round.

Since NPM is so essential to the Javascript ecosystem, it's interesting to
consider a hypothetical bankruptcy. I'm sure someone big would buy them, or
they could pivot to a non profit with a crowd funding/donation based model.

~~~
paxys
The ideal scenario would be NPM existing as a foundation rather than a for-
profit company. The more likely one is them folding and Facebook taking over
as the source of truth for JS packages, which is bad for everyone.

~~~
hnzix
It would be darkly hilarious if NPM gets bought out by a state actor, although
Facebook would be nearly as bad.

~~~
TeMPOraL
Doubly hilarious if that state actor wasn't the US or one of its close allies.

------
eberkund
I was doing some research recently on various private NPM registry
implementations. My company wanted a way to share internal libraries and
frontend apps in their local network. I was surprised to find out how poor
most of the options were. I ended up settling on Azure DevOps (self-hosted)
but an open-source fork of NPM wouldn't be the worst thing in the world. If
the infrastructure went down tomorrow I'm sure most people could switch to
Yarn without too much trouble.

~~~
ssalka
>If the infrastructure went down tomorrow I'm sure most people could switch to
Yarn without too much trouble.

Generally true, except in the case of private scoped NPM packages. AFAIK if
you want to switch to the yarn registry then you need to add exceptions that
map your scoped package names to repositories that you host elsewhere.

~~~
krainboltgreene
There's no such thing as a yarn registry. The uri is just a CNAME to npm Inc.

------
bithavoc
Wow, the Nodejitsu vs NPM, Inc drama[0] was nothing compared to this. Why
isn't the Node.js foundation managing the registry?

[0][https://gist.github.com/mikeal/9242748](https://gist.github.com/mikeal/9242748)

------
pavlov
I think Microsoft will step in and buy NPM Inc.

It’s such an obvious ecosystem complement to Github and the Atom+VSCode
editors they already own.

They’re probably just waiting for a better price when the VCs on NPM’s board
get impatient.

------
tuananh
i know running a registry isn't easy. i was wondering can github handle this
kind of thing as backbone of a registry?

~~~
javagram
I think CocoaPods used GitHub as their backbone.

2016:
[https://news.ycombinator.com/item?id=11245652](https://news.ycombinator.com/item?id=11245652)

------
qmanjamz
It's pretty shoddy journalism for the title of the article to assert this as
fact even though it's just an allegation that hasn't even been investigated
yet.

~~~
cjbprime
But they did investigate. They interviewed sources who confirmed that
unionizing was planned before people were fired, which is the title. And they
read the lawsuit and talked to the lawyers, who obviously said the same thing.

~~~
qmanjamz
The title allows the reader to infer a causation that hasn't been proven or
investigated. Given that the people making the allegation are bitter ex-
employees who have a financial incentive for it to be true, it's an allegation
that should be met with a healthy dose of skepticism.

You probably don't see the bias in the article because you support
unionization. If the article was instead titled "Sexual harassment complaints
double after NPM staff unionize," you'd probably be complaining about bias the
same as I am.

~~~
bartread
> You probably don't see the bias in the article because you support
> unionization.

Erm, yeah, I'm not sure where to begin with this other than a "people in glass
houses" style comment.

I don't support unionization, for at least a couple of reasons[1], yet I still
can't see where you're coming from with these assertions.

 _[1] I don 't think either is relevant to this discussion._

