
Is Npm worth $2.6MM? - Corrado
http://words.steveklabnik.com/is-npm-worth-26mm
======
ChuckMcM
It is an interesting insight that a VC can improve their internal rate of
return by investing in open source. It seems like a continuation of the
process of outsourcing manufacturing engineering for hardware.

It will be interesting when this becomes pitch material, something like "Hey
all your portfolio companies need an HR resume/lead management system, fund us
to build an awesome open source HR system and they can all use it for free!"

~~~
camus2
since npm doesnt scale they will sell private repos to big
businesses...kidding. well almost,since the only money to be made with npm is
in consulting fees.

------
csmattryder
Surely any money going into FOSS technologies, be it $2.60 or $2.6MM, is good
news for everyone involved?

I don't use Node.js - RoR is more my thing - but if this money allows the
project to hire talent and increase the quality of the codebase and
documentation, they're going to attract developers from other frameworks.

Even the die-hard supporters that refuse to budge, Node may develop new
paradigms that can be ported over.

Investment in FOSS is a good thing, IMO. Just because it came from a VC
shouldn't discredit its possibilities.

~~~
rhubarbquid
Sure it's likely good for the FOSS community, but he's addressing the question
of if it's good for the investor. On the face of it, an open source package
management system doesn't have an obvious profit model, so it's not obvious to
many people how anyone would expect to make a return on investing in NPM.

~~~
frankydp
The recent interview on Javascript jabber with the NPM guys was very
interesting, and covered some of this.

~~~
nawitus
Link: [http://javascriptjabber.com/099-jsj-npm-inc-with-isaac-
schlu...](http://javascriptjabber.com/099-jsj-npm-inc-with-isaac-schlueter-
laurie-voss-and-rod-boothby/)

------
icambron
> This means that a16z and GitHub management are protected from a acquisition,
> and can retain control of GitHub.

I don't know what this means, exactly. Avoiding acquisition isn't like
avoiding, say, snipers; you can just say no. Certainly acquisition is, for the
moment, not feasible, but that's not exactly protection (it's actually the
removal of an option). Protected from the need to be acquired, maybe?

I'm not trying to be pedantic; I'm honestly confused by the phrasing.

~~~
arthur_debert
Not always, i.e. drag along rights. Depending on how you structure your deal
investors can override founders on acquisition offers.

~~~
icambron
Good point, but I can't quite square that with the article, so I don't think
that's what it has in mind.

------
ricardobeat
> Someone has to pay that S3 (I guess CouchDB) and EC2 bills

Previous package managers have done well running on public mirrors donated by
universities and businesses around the globe. rubygems finances itself via a
non-profit. There is nothing _necessary_ about NPM's business model, IMO it's
just a side-effect of the incredible tolerance for private ownership within
the node ecosystem. I can't imagine this model would fly for any other
language/platform.

~~~
twerquie
Scala seems roughly similar.

~~~
frowaway001
How?

~~~
twerquie
It is owned by a single corporate entity who is also its primary sponsor,
Typesafe. This is similar to how Joyent owns node, and how they sponsor it's
development, along with NodeJitsu, Microsoft, Heroku and others.

~~~
frowaway001
No. It's "owned" by the EPFL.

------
jzelinskie
As someone not so familiar with venture capital, why do you denote million
with "MM" and not just "M"?

~~~
jonnathanson
Technically speaking, the roman numeral "M" stands for one thousand. So "MM" =
"thousand thousand," or million.

These days it's a matter of preference as to which abbreviation to use. You'll
see different people and different firms using either/or. (And a lot of people
are now using "k" for thousand and "M" for million.)

If we want to get even wonkier, we could note that the English word "million"
derives from the French word "mille," meaning "thousand." ("Mille" derives
from the Latin, and the original Latin denotation is used to mean "thousand"
in familiar words like "millennium," "millisecond," and "millipede.") The word
"million" was originally invented to mean "a great thousand," or "a thousand
thousand."

~~~
lostlogin
I thought MM would be 2000 if one used the Roman system. It's some sort of
weird Roman system with maths in between the the Ms assuming I'm correct.

~~~
jonnathanson
True. I'll confess that I'm not 100% sure how "MM" originally came to be used
in financial and accounting notation. But it's been used to mean "million" by
way of "thousand x thousand."

It's possible the M's in the financial notation system are not actually Roman
numerals, so much as abbreviations of the word "mille" (or some equivalent
thereof).

------
lovemenot
Enlightened self-interest does not usually achieve preservation of the
commons. It is not clear from this article, what specific additional insights
into the community an investor can expect to receive as a consequence of their
investment. i.e. over and above npm being a public resource available to all
(including free-riders). Perhaps it is better to think of these infrastructure
services as baubles of the VC. Much as a Venetian merchant might have
"invested" in opera or a cathedral. Anyway, I don't think the hit-and-miss
nature of VC justifies this type of investment; where it is known _in advance_
that a particular company does not make its 10X return.

------
ilaksh
I think that the investors may not just be looking to solidify infrustructure
for other investments. The majority of start ups have little income and
relatively few customers. Npm has a huge number of customers and whether it
can generate a huge amount of income through private registries or whatever
services, the fact that it is a core piece of infrastructure is a huge
advantage in launching services. So a VC has good reason to expect a useful
amount of income. That isn't actually the case for many investments. I don't
see how anyone could suggest that this is a large investment for such a core
piece of infrastructure.

~~~
Oculus
> Npm has a huge number of customers

> VC has good reason to expect a useful amount of income

I'm going to be pedantic, but within reason: users != customers. I know you
mentioned that they have yet to attempt to monetize, but until they try we
can't make accurate predictions on their level of revenue. I think the author
is trying to say VC's aren't trying to play a game of make believe when it
comes to future revenue, but rather are making the investment in the
community.

------
marcamillion
This is definitely interesting and insightful, especially the lead-gen aspect
of investing in OSS with the prospect of future leads. Kind of like a16z
investing in PandoDaily - surely that won't provide a legit return, but it
will give high visibility into the ecosystem.

However, I disagree about the Github portion.

The Github investment was the perfect type of investment. They conquered the
consumer side of the market, they knew their customer acquisition cost, were
growing quickly and were profitable. It was the perfect example of just
pouring gasoline on a fire to accelerate things.

The next logical step is to move into the enterprise, which they have been
doing. I suspect that their customer acquisition costs into the enterprise are
just as low as the consumer side - because they will have internal advocates
from the same developers that either have a free/paid account on the consumer
side.

So it is the perfect, de-risked, investment for any investor. A16Z happens to
be cream of the crop, so they were lucky enough to get that deal.

Aside from that...OSS companies actually do make a lot of money. See Sun,
RedHat, etc. Selling enterprise versions and support can be VERY lucrative.
The only way to do that is to grow significantly and become a major player in
the industry - which npm was slowly getting there, with the investment it did
accelerate that likely. So I don't think they would see it as a loss-leader
just to build out a funnel for future deals. That was likely just a bonus, or
even "down-side protection" as it were.

------
DigitalSea
I think this is great news. NPM is as vital to Node.js as Gems are to Ruby on
Rails. If funding means NPM can provide better packages, better services and
overall a better product as a result of the investment: everyone who uses
Node.js wins in the end.

------
dirtyaura
Although the idea of investing because of indirect benefits is interesting, I
think the investment thesis is much simpler: You can build profitable business
around open source, even if you make money by selling consulting.

Redhat has $10B market cap, MySQL was sold for $1B back in the days. nginx
inc. received a substantial investment. Can you build profitable business
around package manager? Sure, there is a big community of developers that are
using npm on daily basis for mission critical work. It's really hard to build
that kind of community of professionals in any field. I don't see why you
couldn't build business around that.

------
JoelMcCracken
I thought basically the same thing when I heard about it, but from a different
angle: what would happen to VC investments if NPM imploded? Some stability for
these companies is valuable.

I'm not sure of some of the implications of this article though; open source
and money are not inextricably connected. While open source may be a loss
leader in some cases, it does not need to be. All of what we now consider open
source descends from a time when it was considered radical to think it was
possible to make money from open source.

------
Illniyar
Is there any evidence that this thinking is true? has any VC employee ever
implied that VCs invest in infrastructure firms to increase the probability of
their other investments succeeding?

~~~
eaurouge
Of course not. It's pure speculation. But it was an interesting read.

------
evantahler
I have nothing insightful to add, but I like this writing style.

------
bjterry
This post is interesting, but I don't think it is entirely on target (the
latter portion could be, but I'd need more evidence to be swayed). The author
essentially paints a picture where open source startups are losers on their
own, but that the smartest investors fund them to provide infrastructure to
the community, like they are cooperating in a giant prisoner's dilemma of some
sort. Also, that by investing in infrastructure you gain insight and access
(this is the part I may agree with).

I don't think that investors (even Andreesen Horowitz) look at ANY investment
and think, "Well, some of my investments are going to fail, I can take on this
one and accept the hit to my returns." Getting LP commitments is very
competitive, and you are stack-ranked. You can't afford to make investments
that you don't think are going to be winners. To be fair, if there is anyone
that could do this, it's Andreesen Horowitz, but that doesn't make them
smarter, it's because they have the benefit of the doubt with LPs.

He says that these smarter investors will fund an open source project to
multiply the returns of their other investments, but that ignores a likely
truth. The opportunity cost of investing in the open source company to benefit
from the infrastructure isn't that the infrastructure doesn't exist. It is
that it is created slightly more slowly and you still get to benefit from the
majority of its power, or that you are forced to use the next best
infrastructure, which, if we are being honest, is quite nearly as good. I
think it's likely that the next best alternative to npm is going to be 90%+ as
good for your project with the same developers. Optimizing on a thin margin
like that with respect to your other investments doesn't seem like good
strategy.

Another factor to consider is that there have been open source companies that
provided good returns to investors. MySQL sold for 20x invested capital, for
example. You don't need to appeal to tenuous arguments about ancillary
benefits of an investment when it could simply be that a company sponsoring an
open source project with a boatload of traction just happens to be, from a
risk-reward perspective, well-positioned to make returns in all sorts foreseen
and unforeseen ways. We also don't know the valuation or deal structure, which
could mean that the $2.6m investment is quite a bit more favorable to the
investors than one's first impression.

I believe the strongest point he made is the last one, "They get insight and
access at unprecedented levels into the future of Node, at the cost of
something they can already afford to lose." Much of the effort in being a VC
actually relates to "access." If you can get into some of the hot node deals
by being known to be a shop that favors node, I could see how that might be
worth it, though I'd need more evidence to be convinced they are thinking this
way or that it's a good strategy. (Andreesen Horowitz can probably get into
any deal they want, which is not the case for True Ventures) But that's
different from thinking that by investing in npm you are going to make your
other companies stronger by making npm available to them.

As miscellaneous commentary on his examples: GitHub is minting money, so
investing in them was a crazy good decision no matter what the reason. Even if
you think the liquidity event could be challenging for some reason, it still
provides good reward for risk, and ultimately there are ways to handle lack of
liquidity events (I also suspect that Andreesen Horowitz are more flexible in
this regard for structural reasons, venture capital partnerships are quite
complex in the details). Jeff Bezos doesn't have LPs so he can invest in
37Signals/Basecamp even if they are never selling, he just punches his
dividend checks like the other owners, which can be just as good a return. The
focus on liquidity events is a quirk of the standard fund structure rather
than inherent to the asset class.

~~~
mbesto
> _I don 't think that investors (even Andreesen Horowitz) look at ANY
> investment and think, "Well, some of my investments are going to fail, I can
> take on this one and accept the hit to my returns."_

I'm not sure that's what the OP was saying. a16z is a $2.5b fund, so spending
$100MM is only 4% of their fund. The point that he's making, is that the micro
risk gained on just GitHub decreases the macro risk overall the whole
portfolio. In other words, keep the assumptions concrete and businesses that
utilize those assumptions will flourish.

Imagine you're an auto company, and money stops going into road construction,
and therefore less people use the roads. A smart auto company may invest in
construction companies. The only argument here is now do these constructions
really need any extra money to keep them going? (I would argue no, they're
already making enough money) In the same vein, does GitHub need more money to
be motivated? (the answer is probably no, but as you point out, it's an
extremely safe bet) That being said, it doesn't hurt to throw a small percent
of your fund into road construction.

------
nivertech
In my opinion it's OK as long as NPM Inc will follow the same model as github
and docker, i.e. free public open source repositories and paid private
repositories.

Another reason why VCs invest in open-source ecosystem is that it indirectly
helps their other portfolio companies, even if original investment doesn't pay
off.

------
dagi3d
I made this question to myself and couldn't understand how would they make
money. Now with these great insights the answer is clear: they don't need to

I just wonder what will happen when they run out of money. Will be they able
to raise another funding round?

------
lostlogin
Slightly off topic, but mm or MM as an abbreviation bothers me. Isn't there
something better? How does it even work? Is is some sort of bastardisation of
the Roman system where is would mean 2000? Am I missing something?

------
ksikka
There are a lot of great insights in this post that most people who talk and
write about startups completely overlook. Thanks for bringing reason and logic
to HN.

------
nixgeek
If the seed round was for $2.6MM, does anyone have an inkling as to what
valuation that was done against?

~~~
frankydp
If you are referring to the model and not the amount, it will simply be
private repo management.

------
midas007
Then RubyGems (thoughtbot) would be worth more after gem signing security is
set to MediumSecurity by default (warn on unsigned gems) and certificates are
managed.

Can do it today yourself instead... ~/.gemrc:

    
    
        gem: ... --trust-policy MediumSecurity # add this

------
stephenbez
Headline is incorrect. The actual value is $2.6MM.

~~~
morgante
That's referenced in the article itself. The phrasing was intentional, to
fulfill Betteridge's law of headlines.

[http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines](http://en.wikipedia.org/wiki/Betteridge's_law_of_headlines)

------
dmourati
No.

