June 23, 2019
- 2014: Founded.
- 2015: Already had 2 funding rounds amounting to $10.6M.
- 2016: Unpublished a package just because they could.
- 2018: The CLI had a bug by which running
sudo npmon Linux systems would change the ownership of system files, permanently breaking the system, WTF?
Another bug got NPM credentials stolen through eslint-scope package.
Another bug made a dependency of event-stream steal bitcoins from certain applications.
Not sure about this one, but those bugs don’t appear in the incidents history of npm?
Hired a new CEO, who’s job is to take the company from $3M in annual revenue to $30M-$60M…
- 2019: Conducted a series of meetings with their employees asking for honest feedback, then fired everyone that gave honest feedback.
Fired everyone that tried to unionize.
Some of the ones that weren’t fired, left out of solidarity.
Some of the ones that weren’t fired nor left, put their work on hold.
The firings were conducted by third party contractors, no one inside knew this was comming.
Tried to buy the silence of the ones fired with non-disparagement clauses.
As a result of the firings, the npm cli has spent 3+ months without any commit.
At the end of June 2019 the new CEO tells employees that it’s secured a deal that removes ‘the threat of running out of money’ until early 2020, GREAT! 6 more months…
I also found this recently,
As a quick observation, the company is reported to have $3M in annual revenue by its own CEO, with somewhere around 70-80 employees, offices in Oakland, CA, USA, the cost of running servers at that scale… I’m pretty certain they have been losing money every single year and one can’t help but wonder how much longer is this going to last, even more so, given the recent news?
As of March of 2020, NPM has been acquired by GitHub, which is the same as to say NPM has been acquired by Microsoft, who owns GitHub, so yay! I guess NPM is not going to disappear anytime soon and hopefully has a bright and stable future under this new ownership.