NPM, Inc, the company behind the widely used NPM JavaScript package repository, stands for Node Package Manager. Inside the small but vital biz, the name gave rise to an alternative de-abbreviation, Nice People Matter – but that might be about to change.

For those who don't know, NPM is the default package manager for the JavaScript runtime environment Node.js, and NPM Inc serves billions of package downloads a week as a result.

The San Francisco startup's dismissal of five people two weeks ago didn't strike observers as particularly considerate. For an outfit that proclaims, "Compassion is our strategy," it rubbed those let go and members of the JavaScript community the wrong way.

Frédéric Harper, a developer advocate who was among those who lost their jobs, posted at length about the situation on Twitter. His concerns, he said, did not come from being laid off. That happens, he said, and will happen again. "It’s the total lack of respect, empathy and professionalism of the process," he said.

In an email to The Register, he said there appeared to be a disconnect between the company's professed values and its behavior.

We know what you did last summer

The layoffs actually started last summer. The biz hired a new CEO, Bryan Bogensberger, to take the company from about $3m in annual revenue to 10x-20x that, explained an early NPM employee who spoke with The Register on condition of anonymity.

Bogensberger, a Canadian, has been running the organization since around July or August 2018, our source explained, but wasn't actually announced as CEO until January 2019 because his paperwork wasn't in order.

He brought his own people in, displacing longtime NPM staffers. "As he stacked the management ranks with former colleagues from a previous startup, there were unforced errors," our source explained.

For example, one employee fired last month was a month away from having stock options vest. The individual could have retained those options by signing a non-disparagement clause, but refused.

Our source described a culture of suspicion and hostility that emerged under the new leadership. There was recently an all-hands meeting at which employees were encouraged to ask frank questions about the company's new direction. Those who spoke up were summarily fired last week, the individual said, at the recommendation of an HR consultant.

One of the those who left shortly after Bogensberger's arrival was CJ Silverio, CTO at the time. In a phone interview with The Register, she said, "I was out almost immediately in August. It was a culture change. I could not cope with putting engineers in crunch mode for no good reason."

Silverio went on sabbatical over the summer and was fired by text message in December. She said she was among five people dismissed in the months following the installation of the new regime. Together with the five in the layoffs in March, that makes about 10 people axed in the management transition, which amounts to about 20-25 per cent of the business, depending upon the date you count the number of employees.

The recent round of pink slips seems unjustified to Silverio. "People were very surprised by the layoffs," she said. "There was no sign it was coming. It wasn't skills based because some of them heard they were doing great."

In one instance, our source said, the hiring manager was given the budget to immediately rehire one of the terminated positions.

The Register asked NPM to discuss the layoffs. The upstart declined, but said it's hiring.

“We can not comment on confidential personnel matters," CEO Bryan Bogensberger told The Register. "However, since November 1, we have approximately doubled in size to 55 people today, and continue to hire aggressively for many positions that will optimize and expand our ability to support and grow the JavaScript ecosystem over the long term.”

Gagging orders in action, or not

Silverio and Harper have been speaking publicly about the layoffs because they too declined to sign the non-disparagement clause NPM included in its severance package.

A California law that took effect in January (SB 1300) prohibits non-disparagement clauses to cover up wrongdoing. But in general such clauses are legal.

NPM not tied in knots over Yarn rival project READ MORE

According to our source, NPM needs to show revenue growth to attract further funding, but that's been difficult with organization accounts that cost just $7 per month and developer accounts that are free. The organization needs an enterprise product but it's more than a year late delivering NPM Enterprise.

Silverio worries about how the remade NPM will handle its stewardship of a critical piece of JavaScript infrastructure.

"The actual concern I have is that the JavaScript package manager and language commons are in the hands of a VC-funded company, which may or may not be having financial trouble," she said. "If they're not okay, this is something the entire JavaScript language community needs to pay attention to now."

Musing about the worst possible outcome, she said, "You could imagine this new CEO selling the company to Oracle."

If NPM had chosen to speak with us, there would no doubt be individuals who disagree with that assessment and insist they too care about the JavaScript community. The problem is that when companies make statements like "Nice People Matter" or, as Google did, "Don't be evil," and their behavior doesn't follow, it becomes hard to take such claims at face value. ®