Nicholas Zakas

Yeah, it seems to me these other languages usually follow a predictable pattern of, at some point, some developer was like, we need a package manager.

They made one.

People started using it.

They started a foundation or a nonprofit or something that just kind of gets donations to keep it up and running.

And I think that that's where the JavaScript story kind of went sideways, right?

It was started as a side project by Isaac Schluter.

And trying to find a home for that, he started NPM Inc., a for-profit business.

And I think that that was probably the point at which the divergence from other languages hurt

the long-term plan for the registry.

Because again, once you become a startup, you take VC, you're on the hook for making money, you're figuring out how.

And then if you can't figure out how, they want you to sell to try to get as much money as possible.

get it back, like maybe in some ideal world, the NPM registry would have ended up instead of at a for-profit company in, at the time, the jQuery Foundation, which went on to become the OpenJS Foundation.

I think that in an ideal world, that is probably what would have happened, although I don't know.

ESLint is part of the OpenJS Foundation, so I do have some insight into how the foundation works.

And I also don't know how the foundation would have been able to afford to keep the registry running.

It seems like the profit incentive

Could be there, though.

And when you see companies like Vault and companies like Socket springing up, basically because of these problems, it seems like there's some possibility there of GitHub just saying, like, look,

There are companies that are willing to pay for these types of services.

Maybe we can offer those services and use that to offset some of the costs of implementing these changes on NPM.