Is funding better or worse than corporate sponsorship? The most successful (depending on your metric of course) projects have been backed by corporate dollars. Also, not every project can be a Go or Angular with a multi-billion dollar company behind it.
All of the CPAN mirrors are paid for by somebody. Nothing's free; money is in the equation at some point.
Of course, that's a different model than VC funding. However, you're intimating that NPM isn't "real" with your last statement. The project has run for several years now. This isn't some project that came out of the chute with funding (such as Meteor).
Similar model is GitHub: long-running project/organization, took VC after a few years. In the time since they took the VC, have they become corrupted? Are they not a real community?
The difference is in the goal. Donated/sponsored dollars don't expect to get dollars back. VC invested dollars expects invested_dollars * multiple in return.
It really depends on what rights izs has in the case there are differences of opinion between him and where the VCs want to go.
Let's be honest here, 92% of commits were made by izs, npm is izs and izs is npm. The two are inseparable. Without izs, any real development of npm would slow to a crawl, until someone else familiar with the codebase takes ownership.
I know izs personally and he is a stand up guy and a lot of the negative comments about him selling out in this thread are completely unjustified, especially without knowing more details about the rights he has relative to the contract he has with npm, inc. as its CEO.
If push comes to shove and izs disagrees with the direction the VCs push company after later rounds of funding where izs and the other founders lose control, does he still have the right to split off from the company and continue supporting npm the open source project independent of npm, inc., including taking it in a direction contrary to the goals of npm, inc.? If the answer is no, then there is risk that the community has plenty of time to mitigate if we really care about keeping npm as a public good. The risk is that we lose the most valuable person to this project because he can't work on it anymore.
That being said, the license information on the npm github repo shows that the most valuable assets are owned by izs and not this new company. He owns the trademarks "npm", "the npm registry" and the copyright on the npm codebase. npm, inc. does not own these things. I assume that he, the individual, licenses rights to the npm name to npm, inc. With all this in mind, does he have a non-compete clause that would prevent him from supporting npm if, for whatever reason, he splits off from npm, inc. If there are no legal restrictions on his rights to contribute/maintain, I'd say the risks are much lower than we thing.
At the end of the day, if people in the community really feel strongly about all this, the best thing they can does is start building equity around a different trademarks other than "npm" and the "the npm registry". Those are the two most important assets and given that the codebase is licensed as Artistic License v2, the name of any fork in the future would have to change its name even if the trademarks were unprotectable.
If all this bothers you, do the work to build a community fork of npm with a different name (and give ownership of the trademarks to the community), maintain feature parity and compatibility with npm and maintain registry mirrors for this community version. Add to this community fork a dual publish feature that simultaneously publishes modules to npm, inc. controlled registry servers and community maintained ones. This is the best insurance policy the community can have.
Either put your time where your mouth is and start working on a community fork that lives peacefully in parallel or quit whining and especially quit criticizing izs. izs has contributed an incredible amount of time to the needs of the community and has more than earned the goodwill and benefit of the doubt. If npm, inc. one day starts doing something truly anti-community, that is the time to cry foul, not now.
I think the major problem here is just poor branding.
npm can refer to any number of things. It can refer to the client, the server, the hosting provider, the public package registry, and now npm Inc. They all sound like the same thing but they're all actually different.
Contrast this to Github. Github is a service that provides hosting, a public registry, and tools for git. Nobody complains about Github controlling git, because they're obviously separate things. Most people don't know that npm the registry is different from npm the software and that you can even host your own server.
I think they'll mostly be a consulting company for enterprise solutions to companies with hundreds of node.js projects going on that need a complex package management solution that npm inc. can provide.
Did they just hand over the keys to the node community to someone else?