Image: iStockphoto/comzeal

Everyone has an opinion on what NPM should do next, both as a company (npm, Inc.) and as the package manager (npm) made essential by Node.js. That’s not surprising: More than 11 million JavaScript developers use npm (and associated npm registry) to build their applications, whether they use Node.js or not. It’s also not a particularly easy question to resolve, given the turmoil npm Inc. has experienced over the past year, what with the introduction (and eventual departure) of CEO Bryan Bogensberger and employee unrest in his wake.

Talking to npm founder and Chief Open Technologies officer Isaac Schlueter, however, the right strategy for “building a sustainable engine behind an open source labor of love” might well be a return to npm’s roots.

SEE: 10 ways to prevent developer burnout (free PDF) (TechRepublic)

Getting lost, getting found

According to Schlueter, npm started as a side project. One of the earliest and most active contributors to Node.js, Schlueter eventually took over leadership of Node.js and built out npm while working at Joyent. The package manager took off as a central piece of the open source Node.js ecosystem, becoming the package manager for all JavaScript in the process.

Which led to the founding of npm, Inc. in 2014.

As explosive as was the growth around npm, the company’s success has involved more of a struggle. When Schlueter decided to take venture capital money, it stoked controversy, with developers worried that capitalists would overrun a fabulous community resource.

Several years later, that concern remains.

As Schlueter tells it, raising venture money “allowed us to get some help in commercializing npm and to fund the experiment for a longer time.” Indeed, if you review the last year or two of npm, Inc.’s existence, the company has clearly been in serious experimentation mode. Most visibly, the company introduced a direct-to-enterprise approach, one that “really doesn’t leverage our strengths,” Schlueter admitted. Going big with enterprise requires an equally big go-to-market motion, which means expensive sales and marketing people and processes. As one npm registry user told me, “npm needs a way to make money that doesn’t involve extorting money from big tech companies. If not, folks will flock to alternatives.”

In retrospect, Schlueter says, this simply isn’t who npm is. Instead, he goes on, a bottom-up, developer-led approach is both right and feasible for the company (and its community). At the same time, npm, Inc. remains focused on ways to keep its registry open to all for free, while limiting overuse of the registry “commons” by a small population of larger enterprises.

So where does npm/npm, Inc. go from here?

Listening to the community

“The most successful products we’ve built have been where the community has dragged us along,” Schlueter said. The key for npm, Inc., he continued, is to “watch for patterns and try to remove friction for developers in getting things done with npm.” Developers will pay for this convenience; no, not enterprise sales kind of cash, but enough for npm, Inc. to flourish, Schlueter believes. “This gives us a much more npm-y way of growing into the enterprise space.”

SEE: Telephone interview cheat sheet: Web developer (TechRepublic Premium)

As for proposed new product areas, it’s not yet clear what npm will do. The company has built an impressive degree of testing security software, and sits on one of the world’s largest corpuses of malware, putting the company in a position to boost the security of payloads pushed to npm from GitHub. Maybe someone will pay for this?

Schlueter also remains committed to helping the community of JavaScript developers figure out how to sustain the open source work that they do. “Frequently open source JavaScript development is a second job for these developers,” he said, “And yet there are millions of people getting value from the code these developers build.” The role npm can play in resolving this disconnect isn’t yet clear, but Schlueter’s interest in helping is very clear.

As is his comfort level at going back to his developer roots. In his mind, “A bottom-up strategy gives you the chance to really focus on the day-to-day welfare of the developers who work for and with you. A top-down strategy introduces friction: You’re constantly selling something you don’t yet have.” Getting back to a bottom-up, developer-led strategy for npm, Inc. has Schlueter reenergized and hopeful. Perhaps the best of npm is yet to come.

Disclaimer: I work for AWS but in that work have no involvement, direct or indirect, with npm. The views expressed here are my own and in no way reflect those of my employer.