draft

vim ./src/drafts/openjs-message-to-board.md

Subject: npm in OpenJS

Hello, Board.

At our last board meeting, we discussed moving the npm CLI project into the OpenJS foundation. This provides a number of benefits for the company, provided we can secure a deal with certain characteristics.

Before this goes any further, I'd like to check in with you all and make sure that we're still aligned on the goals, so as to prevent obstacles later on in the negotiation process. Please reply with your thoughts or concerns, or a simple "looks good to me!" if this all seems fine.

To review, the benefits to npm, Inc. as we see them are:

  1. More contributions to the open source npm CLI project so that we can maintain our lead and stay ahead of projects like Yarn.
  2. Better reputability and standing within the community, guarding against distracting drama and controversy.
  3. More open lines of communication between npm, Inc. and our constituents within Node.js and other major JavaScript projects.
  4. Lastly, since the project is already open source and developed in the open, there's very little we give up in the way of secret sauce or proprietary business advantages.

The must-have deal characteristics we discussed were:

  1. npm continues to ship with Node.js.
  2. Our registry remains the default registry in the npm distribution.
  3. A seat on the executive board and the CPC (Cross-Project Council) foundation governance boards.

I've spoken with several influential people within the OpenJS foundation and have plans to step through this process in a way that will help ensure a successful outcome that I believe will meet these objectives and satisfy our community.

  1. Establish (internally) a draft governance structure that will be agreeable to OpenJS and to npm, Inc. once the project is in the foundation.

  2. Within that governance structure, begin accepting contributions from developers who will likely be participating in the project once it's in the foundation.

  3. Announce that we are evaluating the governance of the project, in partnership with developers from these companies, while leaving open the possibility that it will be either in a foundation, or in OpenJS, or remain with npm, Inc.

  4. Work out the specifics of the trademark and IP licensing with the foundation.

  5. While this is underway, the team working on the project tackles these objectives:

    a. Standalone build and deployments for an "install npm" capability that does not rely on the Node.js distribution's timelines.

    b. Implement a plugin system such that npm, Inc. can continue to deliver proprietary features on the registry, but in a way that does not appear to be as "vendor locked" as our current approaches.

    c. Document the registry API, including the plugin interface.

  6. Finalize the deal, and announce that the npm CLI will be joining the foundation, and that it will take 6-9 months to work out the details.

  7. Open up the (now play-tested) governance docs to the community, as part of moving various open source pieces into a foundation-controlled GitHub repository.

The first three points are ready to go, and we have buy in from devrel folks at Microsoft, Google, IBM, and NearForm indicating that they're interested in participating. I'd like to get a public announcement out next week so that we can get some positive buzz during the JSConf EU conference in Berlin at the start of June.

If we're going to pull the emergency brakes on this thing, now is the time.

Let me know what you think.

Thanks.

--i

drafts