Home › blog
So long, and thanks for all the packages!
Announcing my departure from npm
On September 29th, 2019, npm turned 10 years old and we all celebrated the incredible story of npm. Today, I’m announcing my departure from npm, and that has me looking back at the last 10 years and my own story. A lot has changed, I got married, bought a house, adopted a dog… an exciting and happy story of personal growth! Over on the professional side of my life, the story has also been equally exciting, and that’s because it has centered on three themes that are deeply important to my professional growth: building engineering teams, improving developer experience, and creating open source developer tools.
So when I got the opportunity to join npm as CTO, and improve the developer experience for millions of developers around the world, it was a match made in developer heaven! I took on the role with two very clear goals:
First, ensure the Registry stays stable and reliable for the millions of developers who rely on it everyday to do their jobs. This has always been the top priority for all of us at npm, and in taking on leadership of the technology team, it was now my responsibility. Second, and maybe most importantly, I needed to bring the people and teams I would lead— Product, Engineering, Security, and Support — together into a cohesive organization that could achieve the mission.
This past year has been an incredible journey with this incredible team, and though now it feels like time flew past too fast, we did actually accomplish the mission we set out to do. In fact, looking back at all the accomplishments the team delivered, I am amazed that we managed to do so much in such a short amount of time! So I want to take some time and recognize some of the many accomplishments this team was able to achieve:
In June 2019, the npm Registry crossed the 1 million packages mark, and today that number has crossed 1.3 million! The npm Registry is serving around 125 billion requests at a whopping 6 petabytes per month! None of this would be possible without having a committed and passionate team of Software Engineers and Site Reliability Engineers keeping the registry operational for 12 million developers around the world, who rely on the npm Registry for both open source and private package management.
This is a testament to the resilience and commitment of the npm team, and I couldn’t be more proud of each and every individual who helped share this story so far.
Building and sustaining a registry that serves 12 million developers is not an easy technical task, but answering questions and offering support to 12 million developers is an even more challenging task, and our Support team has met that challenge and built a strong and lasting relationship with our users. In 2019 alone, the Support Team received and resolved over 20,000 tickets!
None of the technical accomplishments we made would mean anything if we didn’t have the backing of our Support team to represent us to our users.
The Security Team built and launched into beta, the Security Insights API, which takes the complete corpus of malware published on the npm Registry that we meticulously curated over the years, and exposes it as a GraphQL API for researchers to use in building the next generation supply chain security tools! All while continuing to review, build and grow our security advisory database which has now crossed 1300 vulnerabilities, and the not-so-little accomplishment of protecting 13 million USD worth of cryptocurrency from theft by catching the Komodo Agama wallet backdoor.
The Open Source & Community Team took on the monolithic effort of overhauling our community communications, docs & open source libraries all while maintaining and improving the npm CLI codebase, adding much needed performance improvements and many feature requests by the community. Then topped it off by launching npm fund in collaboration with the OpenJS Foundation’s Package Maintenance working group.
As with all good stories, there is a happy ending, and Isaac told it best in announcing npm joining GitHub. Not only a perfect fit for npm, but also a perfect way to finish this story.
Now that npm is set up for success within GitHub, my story here is complete, so I will be looking into new opportunities and adventures in the near future. As it is officially spring time, I’ll use this opportunity to disconnect and enjoy the change in seasons and think about what the next 10 years will look like, and what story I can tell in building engineering teams, improving developer experience, and creating open source developer tools.
I wish the npm team the best of luck going forward, and I’ll keep an eye on what they accomplish next from my very own GitHub account.