1DISPUTES(7) DISPUTES(7)
2
3
4
6 disputes - Handling Module Name Disputes
7
8 This document describes the steps that you should take to resolve mod‐
9 ule name disputes with other npm publishers. It also describes special
10 steps you should take about names you think infringe your trademarks.
11
12 This document is a clarification of the acceptable behavior outlined in
13 the npm Code of Conduct https://www.npmjs.com/policies/conduct, and
14 nothing in this document should be interpreted to contradict any aspect
15 of the npm Code of Conduct.
16
17 TL;DR
18 1. Get the author email with npm owner ls <pkgname>
19
20 2. Email the author, CC support@npmjs.com
21
22 3. After a few weeks, if there's no resolution, we'll sort it out.
23
24
25 Don't squat on package names. Publish code or move out of the way.
26
27 Description
28 There sometimes arise cases where a user publishes a module, and then
29 later, some other user wants to use that name. Here are some common
30 ways that happens (each of these is based on actual events.)
31
32 1. Alice writes a JavaScript module foo, which is not node-specific.
33 Alice doesn't use node at all. Yusuf wants to use foo in node, so he
34 wraps it in an npm module. Some time later, Alice starts using node,
35 and wants to take over management of her program.
36
37 2. Yusuf writes an npm module foo, and publishes it. Perhaps much
38 later, Alice finds a bug in foo, and fixes it. She sends a pull
39 request to Yusuf, but Yusuf doesn't have the time to deal with it,
40 because he has a new job and a new baby and is focused on his new
41 Erlang project, and kind of not involved with node any more. Alice
42 would like to publish a new foo, but can't, because the name is
43 taken.
44
45 3. Yusuf writes a 10-line flow-control library, and calls it foo, and
46 publishes it to the npm registry. Being a simple little thing, it
47 never really has to be updated. Alice works for Foo Inc, the makers
48 of the critically acclaimed and widely-marketed foo JavaScript tool‐
49 kit framework. They publish it to npm as foojs, but people are rou‐
50 tinely confused when npm install foo is some different thing.
51
52 4. Yusuf writes a parser for the widely-known foo file format, because
53 he needs it for work. Then, he gets a new job, and never updates the
54 prototype. Later on, Alice writes a much more complete foo parser,
55 but can't publish, because Yusuf's foo is in the way.
56
57 5. npm owner ls foo. This will tell Alice the email address of the
58 owner (Yusuf).
59
60 6. Alice emails Yusuf, explaining the situation as respectfully as pos‐
61 sible, and what she would like to do with the module name. She adds
62 the npm support staff support@npmjs.com to the CC list of the email.
63 Mention in the email that Yusuf can run npm owner add alice foo to
64 add Alice as an owner of the foo package.
65
66 7. After a reasonable amount of time, if Yusuf has not responded, or if
67 Yusuf and Alice can't come to any sort of resolution, email support
68 support@npmjs.com and we'll sort it out. ("Reasonable" is usually at
69 least 4 weeks.)
70
71
72 Reasoning
73 In almost every case so far, the parties involved have been able to
74 reach an amicable resolution without any major intervention. Most peo‐
75 ple really do want to be reasonable, and are probably not even aware
76 that they're in your way.
77
78 Module ecosystems are most vibrant and powerful when they are as
79 self-directed as possible. If an admin one day deletes something you
80 had worked on, then that is going to make most people quite upset,
81 regardless of the justification. When humans solve their problems by
82 talking to other humans with respect, everyone has the chance to end up
83 feeling good about the interaction.
84
85 Exceptions
86 Some things are not allowed, and will be removed without discussion if
87 they are brought to the attention of the npm registry admins, including
88 but not limited to:
89
90 1. Malware (that is, a package designed to exploit or harm the machine
91 on which it is installed).
92
93 2. Violations of copyright or licenses (for example, cloning an
94 MIT-licensed program, and then removing or changing the copyright
95 and license statement).
96
97 3. Illegal content.
98
99 4. "Squatting" on a package name that you plan to use, but aren't actu‐
100 ally using. Sorry, I don't care how great the name is, or how per‐
101 fect a fit it is for the thing that someday might happen. If someone
102 wants to use it today, and you're just taking up space with an empty
103 tarball, you're going to be evicted.
104
105 5. Putting empty packages in the registry. Packages must have SOME
106 functionality. It can be silly, but it can't be nothing. (See also:
107 squatting.)
108
109 6. Doing weird things with the registry, like using it as your own per‐
110 sonal application database or otherwise putting non-packagey things
111 into it.
112
113 7. Other things forbidden by the npm Code of Conduct
114 https://www.npmjs.com/policies/conduct such as hateful language,
115 pornographic content, or harassment.
116
117
118 If you see bad behavior like this, please report it to abuse@npmjs.com
119 right away. You are never expected to resolve abusive behavior on your
120 own. We are here to help.
121
122 Trademarks
123 If you think another npm publisher is infringing your trademark, such
124 as by using a confusingly similar package name, email abuse@npmjs.com
125 with a link to the package or user account on https://www.npmjs.com/
126 https://www.npmjs.com/. Attach a copy of your trademark registration
127 certificate.
128
129 If we see that the package's publisher is intentionally misleading oth‐
130 ers by misusing your registered mark without permission, we will trans‐
131 fer the package name to you. Otherwise, we will contact the package
132 publisher and ask them to clear up any confusion with changes to their
133 package's README file or metadata.
134
135 Changes
136 This is a living document and may be updated from time to time. Please
137 refer to the git history for this document
138 https://github.com/npm/cli/commits/latest/doc/misc/npm-disputes.md to
139 view the changes.
140
141 License
142 Copyright (C) npm, Inc., All rights reserved
143
144 This document may be reused under a Creative Commons Attribution-Share‐
145 Alike License.
146
147 See also
148 · npm help registry
149
150 · npm help owner
151
152
153
154
155 February 2021 DISPUTES(7)