So GitHub is a very large repository of code that authors have been willingly putting code into for over a decade. Microsoft bought it in 2018, and have been training Copilot AI code generation on the output of all those hundreds of thousands of programs that people submitted there.

People are (rightfully) upset because they never consented to having their work used in that way—and in some cases even licensed their code in such a way that it cannot be used in that way. But Microsoft does it anyway.

So now that GitHub has been moved from its own independent subsidiary of Microsoft, directly into Microsoft within the AI department, it is crystal clear that Microsoft is operating GitHub specifically to mine people's code from it.

Now many of those people have finally had enough and are moving their code out of GitHub to other source code repository options.

The npm repo works differently, however. There's no connection in npm between the source code repository (usually GitHub) and the package in their package manager, and many of those packages aren't even uploaded into npm by the authors of the code.

So, many of these code authors trying to escape Microsoft's plan to continue profit from their work by selling AI tools trained on it will still have Microsoft training AIs on their code because it will all be uploaded into npm as people find that it's not already there.