Is Nodejs.org's Governance Biased Towards Corporate Giants (Google, Microsoft)?

TL;DR

A Project (my project in fact)... NiM which has been linked from Nodejs.org's site for years, was removed because of (in my opinion) nepotism toward corporations, and a governance model which is currently operating on an uneven playing field. I should add that my intent is in no way to attack anyone, certainly not single individuals, and not even the corporations that are mentioned... because frankly, as individual developers and more pointedly as singular human beings, it's my sincere hope that we all have the best of intentions in mind. I think the goal is that of self reflection with the hope that we re-calibrate to a state where our view of software products (and the people behind them) is tinted with a lense that helps to magnify good in projects and the true motivation behind them, and similarly the potential benefits to continuing to share them with the wider community.

Brief History

I started developing NiM out of a burgeoning interest in Node.js and not with any business in mind. Upon noticing the warm reception I was receiving from developers in the Node community, I decided to open up a PR so as to spread the love! And of course like any self directed developer in the game for more than just a paycheck, my reward came more so in the form of feedback... dare I say, validation... of, well of many things but we'll just say for our purposes here, validation of a job well done. To my great satisfaction, said PR was merged ON THE SAME DAY!!! WOAH, talk about a an organization being on top of things, particularly when this problem was a major pain point in the Node workflow at the time. I was ecstatic to say the least.

https://res.cloudinary.com/june07/image/upload/c_scale,q_auto:best,w_500/v1562476223/brakecode/CaptureNiMOriginalPR.png

Speaking more to the logic and some of the decision making process that went into writing the software behind NiM, and the individual components it was built of...

I definitely took notes from the bigger kids on the block (in terms of including analytics) like Google and Microsoft. However, unlike them, I've never been sneaky about what was being done... and in fact have never even had the forsight to conceptualize reasons to be "sneaky" or for that matter reasons why the analytics I was collecting was such a sought after prize for these bigger brothers. I could barely see past the joy of crafting this piece of software I called my own, this software that not only was helpful to me but to a swath of other developers all across the world, who on a sufficient enough basis chimmed in to continue the positive feedback loop going. That joy was my driving factor... admitedly a newer "software developer". If anything the likes of Google and Microsoft were role models for myself, a newer developer coming into a new ecosystem, and while I had no immediate plans for the data I was collecting, I certainly saw the value of it if all of the big boys placed such importance on analytics. Analytics and the importance of knowing your users was demonstrated even more pointedly in THEIR API's that THEY BUILT.

Google Extension API Method

My thinking was likely something like: Google built it, it requires user acceptance, I'm going to use it. Little did I know that some few would express such outrage at this choice... and in fact it would result in uncovering such a skewed view as it relates to privacy and the accepted behavior by SOME but not others. I hate that it may seem that I'm against data collection by companies like Google, Microsoft, Amazon, Facebook, etc... because honestly I've always held the opinion that users are free to NOT USE any of those companies services, much the same way they can choose to not use NiM. However when I see such a disparity between the acceptance with regard to these larger companies and my own small project, I must counter with this line of reasoning.

Despite the outright false claims of some, there has ALWAYS been sufficient notice of the fact that using NiM requires sharing your email address with the developer. And further, the primary users of NiM (I would venture to say the ONLY users, are in fact developers themselves) are intelligent enough to understand this very well. It took thousands of happy developers to build the reputation of NiM and only a handful of begrudging individuals to attempt to tear it down.

More than once I've declined offers to purchase NiM, I don't share/sale/trade user data, and I quickly address user concerns. If anything the Extension API that NiM was built upon (and again that was BUILD BY GOOGLE) lends itself to being more vendor agnostic. A key topic in this whole discussion, and an important goal raised by other Node contributors (@auchenberg) of Node. The following PR attempts to do this I guess, yet when mention of Google's Chrome simply moves from the output of the node command line to the docs, I wonder if the goal was even achieved at all?! And certainly when the tool that provides the most vendor agnostic view is then removed under the guise of [insert todays reason], I doubt the best interest of the community is being regarded as most important.

GitHub PR #7182 - Update inspector ready message to be vendor agnostic

Demonizing Chrome Extensions (well... "The only Chrome Extension is NiM")

The ultimate mechanism to remove NiM from Nodejs.org, resulting from actions set in motion by the upset few, was demonizing Chrome Extensions, of which NiM was the only listed in Nodejs.org's documenation page. Along with the list of other important developer extensions (one guy missing my point entirely, as my comparison was simply that of also being an extension not data collection), the following information should be noted:

https://res.cloudinary.com/june07/image/upload/c_scale,q_auto:best,w_800/v1562478445/brakecode/CapturePR2259Approvers.png

Of the 11 Node Collaborators that Approved NiM's removal, at least 4 of them have published their own Chrome Extensions (or contributed), 3 different Collaborators seem to have their own GDPR violations on direct links from their GitHub accounts, and 1 Collaborator seems to have a direct conflict of interest. From what I can tell there are more Node Collaborators involved with deciding NiM's fate with either unignorable potential bias and/or their own faults in the same areas that they are arguing. Finally the Node organization itself has a Chrome Extension on their GitHub account although it was seemingly never published. Instead of demonizing NiM for being a Chrome Extension, I would refer individuals to articles such as this:
https://www.theverge.com/2019/5/30/18646093/google-chrome-extensions-user-data-new-privacy-limits

and further point out yet gain that Chrome Extentions are not unique in there ability to be exploited, as the following articles attest to:
https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident

Give Developers Choice

As I have shown, a goal of NiM is to facilitate the greatest level of vendor agnosticism. It's design as a Chromium Extension, is not a flaw, but rather a strength. Strength demonstrated in the flexability it provides in the developers ability to freely choose from arguably the WIDEST list of available debugging solutions for Node. Using NOT JUST GOOGLE's CHROME but any of the Chromium browsers including the ones with user privacy in mind (ie Brave, Vivalid, ...). NiM makes even more options available by simplifying hosting your own version of DevTools should you like. Further NiM encourages developers to try different tools by integrating with VSCode to provide interoperability with DevTools.

I'm certainly for "putting up a disclaimer" as a few have mentioned with regard to all tools on the Nodejs.org documentation page. Because disclaimers have long proved themselves useful when it comes to ANY TOOL... be it one made up of binary data to one made up of physical materials, they are one in the same in that regard.

However I feel that the decision to remove NiM from the Node documentation, not once, but for yet a second time, clearly was a wrong one. It seems to reflect a strong bias towards other projects, where corporate backing and other forces outside of simply what's good for the community, might be factors. Certainly a project which has shown such positive feedback from the Node community at large should be given the same consideration as other tools, for the sake of fairness to everyone.

Privacy | Terms