settlement.js not found: JavaScript package biz NPM scraps talks, fights union-busting claims

CEO speaks to The Reg as we dig into labor complaints, future of npm CLI

Special report JavaScript package registry and aspiring enterprise service NPM Inc is planning to fight union-busting complaints brought to America's labor watchdog by fired staffers, rather than settle the claims.

A National Labor Relations Board (NLRB) hearing has been scheduled next month at the agency's office in Oakland, California. The three ex-employees filed complaints to the board accusing NPM Inc of violating protected labor rights in April, specifically their right to unionize.

NPM Inc, for the uninitiated, oversees npm, the default package manager for the widely used JavaScript runtime environment Node.js. The small but vital Oakland-based startup serves billions of package downloads a week to millions of developers and their deployments as a result.

An NLRB filing obtained by The Register alleges several incidents in which those terminated claim executives took action against them in violation of labor laws. On February 27, 2019, the filing states, a senior VP "during a meeting with employees at a work conference in Napa Valley, California, impliedly [sic] threatened employees with unspecified reprisals for raising group concerns about their working conditions."

The document also describes a March 25, 2019, video conference call in which it was "impliedly [sic] threatened that [NPM Inc] would terminate employees who engaged in union activities," and a message sent over the company's Keybase messaging system that threatened similar reprisals "for discussing employee layoffs."

The alleged threats followed a letter presented to this VP in mid-February that outlined employee concerns about "management, increased workload, and employee retention."

The Register has heard accounts of negotiations between the tech company and its aggrieved former employees, from individuals apprised of the talks, during which a clearly fuming CEO Bryan Bogensberger called off settlement discussions, a curious gambit – if accurate – given the insubstantial amount of money on the table.

In a phone interview on Thursday, Bogensberger declined to discuss the negotiations, citing people's privacy.

Strike bullhorn

NPM is Not Particularly Magnanimous? Staff fired after trying to unionize – complaints


Since NPM Inc brought in Bogensberger last summer, and announced his appointment in January this year, friction with longstanding employees over the company's vision, values and direction has led to a series terminations and departures.

While disputes between management and employees occur in every industry, they're particularly problematic where open-source software is concerned because they erode the goodwill between organizations and the community that forms around their code projects.

Bogensberger stressed that despite the March firings – for which the company apologized – NPM Inc has grown from around 30 people in December to more than 50 today and is still hiring. The company brought on a new CTO, Ahmad Nassri, last month.

But talent acquisition amid the turnover had a recent hiccup. Earlier this month, two job offers, for a platform engineer and a QA engineer, were rescinded.

"A couple of offers that went out that were a little premature," Bogensberger explained. "The situation around these two job offers was basically miscommunication."

Former employees who have spoken with The Register contend company leadership is driving away sources of institutional knowledge within the organization.

"I think it’s time to break the in-case-of-emergency glass to assess how to keep JavaScript safe," said one former worker. "Soon there won’t be any knowledgeable engineers left."

NPM Inc has defended its moves as necessary to establish a sustainable business, but in prioritizing profit – arguably at the expense of people – it has alienated a fair number of developers who now imagine a future that doesn't depend as much on NPM's resources.

The situation has deteriorated to the point that former staffers say the code for the npm command-line interface (CLI) suffers from neglect, with unfixed bugs piling up and pull requests languishing. The Register understands further staff attrition related to the CLI is expected.

It's claimed the situation has led investors, alarmed by the turmoil and its implications for further funding rounds, to do their own interviews to assess employee attitudes. The Register reached out to one of the VC firms backing the company, True Ventures, to inquire about this but we've not heard back.

Broader topics

Other stories you might like

  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not.

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • Intel plans immersion lab to chill its power-hungry chips
    AI chips are sucking down 600W+ and the solution could be to drown them.

    Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

    The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

    Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022