The problem with npm Inc is not that they're creating a bad product -- they're not. Sure, allowing unpublishing this easily was a stupid mistake and install scripts can do bad things and
prepublish is broken and the fact they're essentially storing graph data in CouchDB is extremely cringy, but npm-cli is a great open source project and the npm registry is sufficiently reliable.
The problem is that npm Inc has made it clear that they wish to act as a private company but also not give up their special status in the Node ecosystem. This is akin to the situation that caused the creation of the Node Foundation and the transfer of the Node project from Joyent (a private company) to the Foundation.
Isaac and other major representatives of npm Inc have a well-established political agenda (which is fine for a private organisation) and they want to use both npm and the Node project to further their political goals. This won't work for Node because the Node Foundation is sufficiently large and apolitical to prevent ideologies from derailing the project's open source nature but as npm is fully controlled by npm Inc there are no such guarantees for the npm project or registry.
The problem isn't npm Inc's political agenda (whether you personally find it agreeable or not), it's that Isaac has been talking about utilizing the npm registry for it. Specifically, a couple of months ago he made a series of tweets sincerely proposing the idea that the npm registry should issue IP bans to individuals who misbehave outside of the scope of npm or npm Inc itself (e.g. for saying something horrible on Twitter), even when the IP is actually that of their employer -- who if they didn't want their company to be banned should simply fire the miscreant. Those tweets were of course deleted after the exchange sparked a lot of outrage but to this day neither Isaac nor npm Inc has made any statement indicating that they won't pursue this idea further.
The view npm Inc holds of open source is that "everything is political" and therefore open source itself must take a political stance or else it supports wrongdoing by default. This runs contrary to the idea of Open Source itself and is on the opposite end of the spectrum as Free Software (which sees software itself as unownable and would consider any restriction -- even to persons you disagree with -- inherently immoral).
Even if we ignore the danger of politicization of the Node project via the npm project (which, to remind you, is distributed as part of the Node project by the Node Foundation) there is still the problem that npm Inc is not accountable to the Node project, especially not with regards to how the public registry is governed.
The kik fiasco showed that npm Inc is willing to take away overloaded package names from active maintainers and give them to trademark holders even when
- no trademark complaint has been made towards npm Inc
- no legal threat towards npm Inc exists
- the maintainer disputes the trademark's relevance and is willing to risk getting sued
- the trademark owner has no obligation to sue for trademark infringement
- the trademark owner has tried to bully the maintainer
- the project is actively being developed and published
- the maintainer has built a reputation within the community
- the trademark owner already uses an alternative package name
- npm name spaces are a thing now and could have been used to signify authenticity if this was really about misleading users to begin with
Despite all these reasons (and more), npm Inc decided at their own discretion (and without legal consultation because there was no threat) in this specific case that kik interactive was the "more apropriate" package owner after a very short e-mail exchange. By siding with a corporation (that is acting as a bad open source citizen) over the community they have made it clear where their loyalties lie.
In fact, throughout the entire fiasco they have lied about what happened: (npm Inc co-founder) Laurie claimed their lawyers had advised them to comply with a legal request; subsequently various complaints were shot down with jokes about the people complaining not being legal experts (when in fact kik made no legal claim whatsoever and no lawyers were involved at any point). Eventually Ashley admitted that npm hadn't actually been sued and the decision was made internally (by Isaac, as the e-mails published by kik would seem to indicate) before taking a hiatus from Twitter in the middle of the PR catastrophe.
Oh, and if npm Inc's behaviour wasn't problematic enough: keep in mind they're a funded startup and acting like one (i.e. they're most likely not currently sustainable).
The public registry is a major cost center. I can't find any official numbers but considering what Nodejitsu (before npm Inc came along) posted during their fundraiser (which set out to raise $200k) and that the public registry has only been growing since while the underlying infrastructure seems to be still largely the same scalability-wise, I sincerely doubt npm Inc is currently cashflow positive.
Then you also need to add the expenses from running the company itself, running and sponsoring various events etc, and that currently private packages and their enteprise solution are their only means of income (which they somewhat desperately try to advertise at any chance they get these days) their financial situation seems dubious at best unless they can keep getting multi-million dollar investments at this rate. As npm Inc is rather secretive about the company they are running (even Isaac's LinkedIn profile is literally a joke) I can't speculate anything positive.
At best, it's a conflict of interest. At worst, it's a disaster waiting to happen. Either way, npm (both the registry and the client) needs to be annexed or replaced.